core: prevent LDAP password being set for internal hash upgrades

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2022-01-03 13:23:42 +01:00
parent 3cd5e68bc1
commit d18a691f63

View file

@ -7,6 +7,7 @@ from uuid import uuid4
from deepmerge import always_merger from deepmerge import always_merger
from django.conf import settings from django.conf import settings
from django.contrib.auth.hashers import check_password
from django.contrib.auth.models import AbstractUser from django.contrib.auth.models import AbstractUser
from django.contrib.auth.models import UserManager as DjangoUserManager from django.contrib.auth.models import UserManager as DjangoUserManager
from django.db import models from django.db import models
@ -160,6 +161,22 @@ class User(GuardianUserMixin, AbstractUser):
self.password_change_date = now() self.password_change_date = now()
return super().set_password(password) return super().set_password(password)
def check_password(self, raw_password: str) -> bool:
"""
Return a boolean of whether the raw_password was correct. Handles
hashing formats behind the scenes.
Slightly changed version which doesn't send a signal for such internal hash upgrades
"""
def setter(raw_password):
self.set_password(raw_password, signal=False)
# Password hash upgrades shouldn't be considered password changes.
self._password = None
self.save(update_fields=["password"])
return check_password(raw_password, self.password, setter)
@property @property
def uid(self) -> str: def uid(self) -> str:
"""Generate a globall unique UID, based on the user ID and the hashed secret key""" """Generate a globall unique UID, based on the user ID and the hashed secret key"""