Commit 15b448e9 authored by David Douard's avatar David Douard
Browse files

Update authentication "protocol"

Pas the authentication login unencrypted and add a "secret" key in the
authinfo dict, which value is the login encrypted with the secret-key.
parent a918d6cdfaa9
......@@ -32,7 +32,9 @@ class XRemoteUserAuthentifier(native.BaseAuthentifier):
try:
_secret = session.vreg.config._secret
cyphr = build_cypher(_secret)
clearlogin = cyphr.decrypt(base64.decodestring(login)).strip()
clearlogin = cyphr.decrypt(base64.decodestring(kwargs.get('secret'))).strip()
if clearlogin != login:
raise AuthenticationError('wrong user secret')
rset = session.execute(self.auth_rql, {'login': clearlogin})
return rset[0][0]
except Exception, exc:
......
......@@ -32,8 +32,8 @@ class XRemoteUserRetriever(authentication.WebAuthInfoRetreiver):
_secret = self._cw.config._secret
cyphr = build_cypher(_secret)
# need a multiple of 16 in length
login = cyphr.encrypt('%128s' % login)
return base64.encodestring(login), {}
secret = cyphr.encrypt('%128s' % login)
return login, {'secret': base64.encodestring(secret)}
except Exception, exc:
self.debug('web authenticator failed (%s)', exc)
raise authentication.NoAuthInfo()
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment