|
|
|
@ -304,6 +304,7 @@ class User(Base, Email):
|
|
|
|
""" A user is an email address that has a password to access a mailbox.
|
|
|
|
""" A user is an email address that has a password to access a mailbox.
|
|
|
|
"""
|
|
|
|
"""
|
|
|
|
__tablename__ = "user"
|
|
|
|
__tablename__ = "user"
|
|
|
|
|
|
|
|
_ctx = None
|
|
|
|
|
|
|
|
|
|
|
|
domain = db.relationship(Domain,
|
|
|
|
domain = db.relationship(Domain,
|
|
|
|
backref=db.backref('users', cascade='all, delete-orphan'))
|
|
|
|
backref=db.backref('users', cascade='all, delete-orphan'))
|
|
|
|
@ -361,7 +362,10 @@ class User(Base, Email):
|
|
|
|
self.reply_enddate > now
|
|
|
|
self.reply_enddate > now
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
def get_password_context(self):
|
|
|
|
def get_password_context():
|
|
|
|
|
|
|
|
if User._ctx:
|
|
|
|
|
|
|
|
return User._ctx
|
|
|
|
|
|
|
|
|
|
|
|
schemes = registry.list_crypt_handlers()
|
|
|
|
schemes = registry.list_crypt_handlers()
|
|
|
|
# scrypt throws a warning if the native wheels aren't found
|
|
|
|
# scrypt throws a warning if the native wheels aren't found
|
|
|
|
schemes.remove('scrypt')
|
|
|
|
schemes.remove('scrypt')
|
|
|
|
@ -369,15 +373,15 @@ class User(Base, Email):
|
|
|
|
for scheme in schemes:
|
|
|
|
for scheme in schemes:
|
|
|
|
if scheme.endswith('plaintext'):
|
|
|
|
if scheme.endswith('plaintext'):
|
|
|
|
schemes.remove(scheme)
|
|
|
|
schemes.remove(scheme)
|
|
|
|
return context.CryptContext(
|
|
|
|
User._ctx = context.CryptContext(
|
|
|
|
schemes=schemes,
|
|
|
|
schemes=schemes,
|
|
|
|
default='bcrypt_sha256',
|
|
|
|
default='bcrypt_sha256',
|
|
|
|
bcrypt_sha256__rounds=app.config['CREDENTIAL_ROUNDS'],
|
|
|
|
bcrypt_sha256__rounds=app.config['CREDENTIAL_ROUNDS'],
|
|
|
|
deprecated='auto'
|
|
|
|
deprecated='auto'
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
return User._ctx
|
|
|
|
|
|
|
|
|
|
|
|
def check_password(self, password):
|
|
|
|
def check_password(self, password):
|
|
|
|
context = self.get_password_context()
|
|
|
|
|
|
|
|
reference = self.password
|
|
|
|
reference = self.password
|
|
|
|
# strip {scheme} if that's something mailu has added
|
|
|
|
# strip {scheme} if that's something mailu has added
|
|
|
|
# passlib will identify *crypt based hashes just fine
|
|
|
|
# passlib will identify *crypt based hashes just fine
|
|
|
|
@ -387,7 +391,7 @@ class User(Base, Email):
|
|
|
|
if scheme in ['PBKDF2', 'BLF-CRYPT', 'SHA512-CRYPT', 'SHA256-CRYPT', 'MD5-CRYPT', 'CRYPT']:
|
|
|
|
if scheme in ['PBKDF2', 'BLF-CRYPT', 'SHA512-CRYPT', 'SHA256-CRYPT', 'MD5-CRYPT', 'CRYPT']:
|
|
|
|
reference = reference[len(scheme)+2:]
|
|
|
|
reference = reference[len(scheme)+2:]
|
|
|
|
|
|
|
|
|
|
|
|
result, new_hash = context.verify_and_update(password, reference)
|
|
|
|
result, new_hash = User.get_password_context().verify_and_update(password, reference)
|
|
|
|
if new_hash:
|
|
|
|
if new_hash:
|
|
|
|
self.password = new_hash
|
|
|
|
self.password = new_hash
|
|
|
|
db.session.add(self)
|
|
|
|
db.session.add(self)
|
|
|
|
@ -401,7 +405,7 @@ class User(Base, Email):
|
|
|
|
if raw:
|
|
|
|
if raw:
|
|
|
|
self.password = password
|
|
|
|
self.password = password
|
|
|
|
else:
|
|
|
|
else:
|
|
|
|
self.password = self.get_password_context().hash(password)
|
|
|
|
self.password = User.get_password_context().hash(password)
|
|
|
|
|
|
|
|
|
|
|
|
def get_managed_domains(self):
|
|
|
|
def get_managed_domains(self):
|
|
|
|
if self.global_admin:
|
|
|
|
if self.global_admin:
|
|
|
|
|
Florent Daigniere
3 years ago