7 files changed, 44 insertions, 14 deletions

diff --git a/src/mailman/app/membership.py b/src/mailman/app/membership.py
index fcbedc2f5..56df18269 100644
--- a/src/mailman/app/membership.py
+++ b/src/mailman/app/membership.py
@@ -30,6 +30,7 @@ from email.utils import formataddr
 from zope.component import getUtility
 
 from mailman.app.notifications import send_goodbye_message
+from mailman.config import config
 from mailman.core.i18n import _
 from mailman.email.message import OwnerNotification
 from mailman.interfaces.address import IEmailValidator
@@ -39,6 +40,7 @@ from mailman.interfaces.member import (
     NotAMemberError)
 from mailman.interfaces.usermanager import IUserManager
 from mailman.utilities.i18n import make
+from mailman.utilities.passwords import lookup_scheme, make_secret
 
 
 
@@ -94,9 +96,11 @@ def add_member(mlist, email, realname, password, delivery_mode, language):
             user = user_manager.create_user()
             user.real_name = (realname if realname else address.real_name)
             user.link(address)
-        # Since created the user, then the member, and set preferences on the
-        # appropriate object.
-        user.password = password
+        # Encrypt the password using the currently selected scheme.  The
+        # scheme is recorded in the hashed password string.
+        user.password = make_secret(
+            password,
+            lookup_scheme(config.passwords.password_scheme))
         user.preferences.preferred_language = language
         member = address.subscribe(mlist, MemberRole.member)
         member.preferences.delivery_mode = delivery_mode
diff --git a/src/mailman/app/tests/test_membership.py b/src/mailman/app/tests/test_membership.py
index b0e1bae5d..2b69c7f39 100644
--- a/src/mailman/app/tests/test_membership.py
+++ b/src/mailman/app/tests/test_membership.py
@@ -31,6 +31,7 @@ from zope.component import getUtility
 
 from mailman.app.lifecycle import create_list
 from mailman.app.membership import add_member
+from mailman.config import config
 from mailman.core.constants import system_preferences
 from mailman.interfaces.bans import IBanManager
 from mailman.interfaces.member import DeliveryMode, MembershipIsBannedError
@@ -125,7 +126,34 @@ class AddMemberTest(unittest.TestCase):
 
 
 
+class AddMemberPasswordTest(unittest.TestCase):
+    layer = ConfigLayer
+
+    def setUp(self):
+        self._mlist = create_list('test@example.com')
+        # The default ssha scheme introduces a random salt, which is
+        # inappropriate for unit tests.
+        config.push('password scheme', """
+        [passwords]
+        password_scheme: sha
+        """)
+
+    def tearDown(self):
+        config.pop('password scheme')
+        reset_the_world()
+
+    def test_add_member_password(self):
+        # Test that the password stored with the new user is encrypted.
+        member = add_member(self._mlist, 'anne@example.com',
+                            'Anne Person', 'abc', DeliveryMode.regular,
+                            system_preferences.preferred_language)
+        self.assertEqual(
+            member.user.password, '{SHA}qZk-NkcGgWq6PiVxeFDCbJzQ2J0=')
+
+
+
 def test_suite():
     suite = unittest.TestSuite()
     suite.addTest(unittest.makeSuite(AddMemberTest))
+    suite.addTest(unittest.makeSuite(AddMemberPasswordTest))
     return suite
diff --git a/src/mailman/config/config.py b/src/mailman/config/config.py
index 636b9ef9e..9c210b6a2 100644
--- a/src/mailman/config/config.py
+++ b/src/mailman/config/config.py
@@ -183,10 +183,8 @@ class Configuration:
                 if category.template_dir == ':source:'
                 else category.template_dir),
             # Files.
-            creator_pw_file         = category.creator_pw_file,
             lock_file               = category.lock_file,
             pid_file                = category.pid_file,
-            site_pw_file            = category.site_pw_file,
             )
         # Now, perform substitutions recursively until there are no more
         # variables with $-vars in them, or until substitutions are not
diff --git a/src/mailman/config/mailman.cfg b/src/mailman/config/mailman.cfg
index f6811d7c9..d7bc0fded 100644
--- a/src/mailman/config/mailman.cfg
+++ b/src/mailman/config/mailman.cfg
@@ -38,8 +38,6 @@ lock_dir: /var/lock/mailman
 etc_dir: /etc
 ext_dir: /etc/mailman.d
 pid_file: /var/run/mailman/master-qrunner.pid
-creator_pw_file: $data_dir/creator.pw
-site_pw_file: $data_dir/adm.pw
 
 [language.en]
 
diff --git a/src/mailman/config/schema.cfg b/src/mailman/config/schema.cfg
index 8175ac4a6..7384294f7 100644
--- a/src/mailman/config/schema.cfg
+++ b/src/mailman/config/schema.cfg
@@ -115,10 +115,6 @@ template_dir: :source:
 #
 # This is where PID file for the master queue runner is stored.
 pid_file: $var_dir/master-qrunner.pid
-# The site administrators password [obsolete].
-site_pw_file: $var_dir/adm.pw
-# The site list creator's password [obsolete].
-creator_pw_file: $var_dir/creator.pw
 # Lock file.
 lock_file: $lock_dir/master-qrunner.lck
 
@@ -136,6 +132,11 @@ recipient:
 
 
 [passwords]
+# The default scheme to use to encrypt new passwords.  Existing passwords
+# include the scheme that was used to encrypt them, so it's okay to change
+# this after users have been added.
+password_scheme: ssha
+
 # When Mailman generates them, this is the default length of passwords.
 password_length: 8
 
diff --git a/src/mailman/database/mailman.sql b/src/mailman/database/mailman.sql
index 7d67dea05..7c09fb79f 100644
--- a/src/mailman/database/mailman.sql
+++ b/src/mailman/database/mailman.sql
@@ -251,7 +251,7 @@ CREATE TABLE preferences (
 CREATE TABLE user (
         id INTEGER NOT NULL,
         real_name TEXT,
-        password TEXT,
+        password BINARY,
         _user_id TEXT,
         _created_on TIMESTAMP,
         preferences_id INTEGER,
diff --git a/src/mailman/model/user.py b/src/mailman/model/user.py
index 05ce356ca..16d5b1a2f 100644
--- a/src/mailman/model/user.py
+++ b/src/mailman/model/user.py
@@ -24,7 +24,8 @@ __all__ = [
     'User',
     ]
 
-from storm.locals import DateTime, Int, Reference, ReferenceSet, Unicode
+from storm.locals import (
+    DateTime, Int, RawStr, Reference, ReferenceSet, Unicode)
 from zope.interface import implements
 
 from mailman.config import config
@@ -47,7 +48,7 @@ class User(Model):
 
     id = Int(primary=True)
     real_name = Unicode()
-    password = Unicode()
+    password = RawStr()
     _user_id = Unicode()
     _created_on = DateTime()