self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2025-11-29 22:37:58 +02:00
Code Issues Releases Activity

Revert "In fact it could be global"

Browse Source 
This reverts commit f52984e4c3.
This commit is contained in:
Florent Daigniere
2021-06-04 09:51:58 +02:00
parent feff121a9b
commit 875308d405
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
core/admin/mailu/models.py
View File

@@ -17,7 +17,7 @@ import dns
db = flask_sqlalchemy.SQLAlchemy() db = flask_sqlalchemy.SQLAlchemy()
_credential_cache = {}
class IdnaDomain(db.TypeDecorator): class IdnaDomain(db.TypeDecorator):
""" Stores a Unicode string in it's IDNA representation (ASCII only) """ Stores a Unicode string in it's IDNA representation (ASCII only)
@@ -383,7 +383,7 @@ class User(Base, Email):
return User._ctx return User._ctx
def check_password(self, password): def check_password(self, password):
cache_result = _credential_cache.get(self.get_id()) cache_result = self._credential_cache.get(self.get_id())
current_salt = self.password.split('$')[3] if len(self.password.split('$')) == 5 else None current_salt = self.password.split('$')[3] if len(self.password.split('$')) == 5 else None
if cache_result and current_salt: if cache_result and current_salt:
cache_salt, cache_hash = cache_result cache_salt, cache_hash = cache_result
@@ -392,7 +392,7 @@ class User(Base, Email):
else: else:
# the cache is local per gunicorn; the password has changed # the cache is local per gunicorn; the password has changed
# so the local cache can be invalidated # so the local cache can be invalidated
del _credential_cache[self.get_id()] del self._credential_cache[self.get_id()]
reference = self.password reference = self.password
# strip {scheme} if that's something mailu has added # strip {scheme} if that's something mailu has added
@@ -418,7 +418,7 @@ we have little control over GC and string interning anyways.
An attacker that can dump the process' memory is likely to find credentials An attacker that can dump the process' memory is likely to find credentials
in clear-text regardless of the presence of the cache. in clear-text regardless of the presence of the cache.
""" """
_credential_cache[self.get_id()] = (self.password.split('$')[3], hash.pbkdf2_sha256.using(rounds=1).hash(password)) self._credential_cache[self.get_id()] = (self.password.split('$')[3], hash.pbkdf2_sha256.using(rounds=1).hash(password))
return result return result
def set_password(self, password, hash_scheme=None, raw=False): def set_password(self, password, hash_scheme=None, raw=False):