From ed793ad5365e33e2fda54c3900c1ad9b2c93dc37 Mon Sep 17 00:00:00 2001
From: termie <github@anarkystic.com>
Date: Mon, 13 Feb 2012 20:34:46 -0800
Subject: [PATCH] make sure passwords work after migration

Change-Id: I0086a362d772bf158e3fdc12fb42c1c7c50d50dd
---
 keystone/common/utils.py    |  5 ++++-
 tests/test_import_legacy.py | 21 ++++++++++++++++++---
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/keystone/common/utils.py b/keystone/common/utils.py
index 9c52b93f4f..b5269bed2f 100644
--- a/keystone/common/utils.py
+++ b/keystone/common/utils.py
@@ -143,7 +143,10 @@ class Ec2Signer(object):
 
 def hash_password(password):
     """Hash a password. Hard."""
-    h = passlib.hash.sha512_crypt.encrypt(password.encode('utf-8'),
+    password_utf8 = password.encode('utf-8')
+    if passlib.hash.sha512_crypt.identify(password_utf8):
+        return password_utf8
+    h = passlib.hash.sha512_crypt.encrypt(password_utf8,
                                           rounds=CONF.crypt_strength)
     return h
 
diff --git a/tests/test_import_legacy.py b/tests/test_import_legacy.py
index 0551798541..2db34cb881 100644
--- a/tests/test_import_legacy.py
+++ b/tests/test_import_legacy.py
@@ -44,21 +44,36 @@ class ImportLegacy(test.TestCase):
     migration = legacy.LegacyMigration('sqlite:///%s' % db_path)
     migration.migrate_all()
 
-    user_ref = self.identity_api.get_user('1')
+    admin_id = '1'
+    user_ref = self.identity_api.get_user(admin_id)
     self.assertEquals(user_ref['name'], 'admin')
 
+    # check password hashing
+    user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate(
+        user_id=admin_id, password='secrete')
+
   def test_import_diablo(self):
     db_path = self.setup_old_database('legacy_diablo.sqlite')
     migration = legacy.LegacyMigration('sqlite:///%s' % db_path)
     migration.migrate_all()
 
-    user_ref = self.identity_api.get_user('1')
+    admin_id = '1'
+    user_ref = self.identity_api.get_user(admin_id)
     self.assertEquals(user_ref['name'], 'admin')
 
+    # check password hashing
+    user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate(
+        user_id=admin_id, password='secrete')
+
   def test_import_essex(self):
     db_path = self.setup_old_database('legacy_essex.sqlite')
     migration = legacy.LegacyMigration('sqlite:///%s' % db_path)
     migration.migrate_all()
 
-    user_ref = self.identity_api.get_user('c93b19ea3fa94484824213db8ac0afce')
+    admin_id = 'c93b19ea3fa94484824213db8ac0afce'
+    user_ref = self.identity_api.get_user(admin_id)
     self.assertEquals(user_ref['name'], 'admin')
+
+    # check password hashing
+    user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate(
+        user_id=admin_id, password='secrete')