make sure passwords work after migration

Change-Id: I0086a362d772bf158e3fdc12fb42c1c7c50d50dd
2012-02-13 20:34:46 -08:00
parent b4096290d1
commit ed793ad536
2 changed files with 22 additions and 4 deletions
--- a/keystone/common/utils.py
+++ b/keystone/common/utils.py
@@ -143,7 +143,10 @@ class Ec2Signer(object):

 def hash_password(password):
    """Hash a password. Hard."""
-    h = passlib.hash.sha512_crypt.encrypt(password.encode('utf-8'),
+    password_utf8 = password.encode('utf-8')
+    if passlib.hash.sha512_crypt.identify(password_utf8):
+        return password_utf8
+    h = passlib.hash.sha512_crypt.encrypt(password_utf8,
                                          rounds=CONF.crypt_strength)
    return h

--- a/tests/test_import_legacy.py
+++ b/tests/test_import_legacy.py
@@ -44,21 +44,36 @@ class ImportLegacy(test.TestCase):
    migration = legacy.LegacyMigration('sqlite:///%s' % db_path)
    migration.migrate_all()

-    user_ref = self.identity_api.get_user('1')
+    admin_id = '1'
+    user_ref = self.identity_api.get_user(admin_id)
    self.assertEquals(user_ref['name'], 'admin')

+    # check password hashing
+    user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate(
+        user_id=admin_id, password='secrete')
+
  def test_import_diablo(self):
    db_path = self.setup_old_database('legacy_diablo.sqlite')
    migration = legacy.LegacyMigration('sqlite:///%s' % db_path)
    migration.migrate_all()

-    user_ref = self.identity_api.get_user('1')
+    admin_id = '1'
+    user_ref = self.identity_api.get_user(admin_id)
    self.assertEquals(user_ref['name'], 'admin')

+    # check password hashing
+    user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate(
+        user_id=admin_id, password='secrete')
+
  def test_import_essex(self):
    db_path = self.setup_old_database('legacy_essex.sqlite')
    migration = legacy.LegacyMigration('sqlite:///%s' % db_path)
    migration.migrate_all()

-    user_ref = self.identity_api.get_user('c93b19ea3fa94484824213db8ac0afce')
+    admin_id = 'c93b19ea3fa94484824213db8ac0afce'
+    user_ref = self.identity_api.get_user(admin_id)
    self.assertEquals(user_ref['name'], 'admin')
+
+    # check password hashing
+    user_ref, tenant_ref, metadata_ref = self.identity_api.authenticate(
+        user_id=admin_id, password='secrete')