Configurable default password scheme used for passwords

master
Daniel Trnka 7 years ago
parent 1c0717e3db
commit da7c39263c

@ -32,6 +32,10 @@ POSTMASTER=admin
# Docker-compose project name, this will prepended to containers names.
COMPOSE_PROJECT_NAME=mailu
# Default password scheme used for newly created accounts and changed passwords
# (value: SHA512-CRYPT, SHA256-CRYPT, MD5-CRYPT, CRYPT)
PASSWORD_SCHEME=SHA512-CRYPT
###################################
# Optional features
###################################

@ -30,7 +30,8 @@ default_config = {
'BABEL_DEFAULT_LOCALE': 'en',
'BABEL_DEFAULT_TIMEZONE': 'UTC',
'ENABLE_CERTBOT': False,
'CERTS_PATH': '/certs'
'CERTS_PATH': '/certs',
'PASSWORD_SCHEME': 'SHA512-CRYPT'
}
# Load configuration from the environment if available

@ -169,14 +169,14 @@ class User(Base, Email):
'CRYPT': "des_crypt"}
pw_context = context.CryptContext(
schemes = scheme_dict.values(),
default='sha512_crypt',
default=scheme_dict[app.config['PASSWORD_SCHEME']],
)
def check_password(self, password):
reference = re.match('({[^}]+})?(.*)', self.password).group(2)
return User.pw_context.verify(password, reference)
def set_password(self, password, hash_scheme='SHA512-CRYPT', raw=False):
def set_password(self, password, hash_scheme=app.config['PASSWORD_SCHEME'], raw=False):
"""Set password for user with specified encryption scheme
@password: plain text password to encrypt (if raw == True the hash itself)
"""

@ -1,4 +1,4 @@
from mailu import manager, db
from mailu import app, manager, db
from mailu.admin import models
@ -35,7 +35,7 @@ def admin(localpart, domain_name, password):
@manager.command
def user(localpart, domain_name, password, hash_scheme='SHA512-CRYPT'):
def user(localpart, domain_name, password, hash_scheme=app.config['PASSWORD_SCHEME']):
""" Create a user
"""
domain = models.Domain.query.get(domain_name)
@ -52,7 +52,7 @@ def user(localpart, domain_name, password, hash_scheme='SHA512-CRYPT'):
db.session.commit()
@manager.command
def user_import(localpart, domain_name, password_hash, hash_scheme='SHA512-CRYPT'):
def user_import(localpart, domain_name, password_hash, hash_scheme=app.config['PASSWORD_SCHEME']):
""" Import a user along with password hash. Available hashes:
'SHA512-CRYPT'
'SHA256-CRYPT'

Loading…
Cancel
Save