30 lines
970 B
Python
30 lines
970 B
Python
import binascii
|
|
import hashlib
|
|
import os
|
|
|
|
import flaschengeist.modules as modules
|
|
|
|
|
|
def _hash_password(password):
|
|
salt = hashlib.sha256(os.urandom(60)).hexdigest().encode('ascii')
|
|
pass_hash = hashlib.pbkdf2_hmac('sha3-512', password.encode('utf-8'), salt, 100000)
|
|
pass_hash = binascii.hexlify(pass_hash)
|
|
return (salt + pass_hash).decode('ascii')
|
|
|
|
|
|
def _verify_password(stored_password, provided_password):
|
|
salt = stored_password[:64]
|
|
stored_password = stored_password[64:]
|
|
pass_hash = hashlib.pbkdf2_hmac('sha3-512', provided_password.encode('utf-8'), salt.encode('ascii'), 100000)
|
|
pass_hash = binascii.hexlify(pass_hash).decode('ascii')
|
|
return pass_hash == stored_password
|
|
|
|
|
|
class AuthPlain(modules.Auth):
|
|
def login(self, user, password):
|
|
if not user:
|
|
return False
|
|
if 'password' in user.attributes:
|
|
return _verify_password(user.attributes['password'].value, password)
|
|
return False
|