Beispiel #1
0
    def _validate_password(self, data, password):
        """
        Check user password.

        This is a private method and should not be used by clients.

        :param data: dict with user data (from storage)
        :param password: password to verify [unicode]
        :rtype: 2 tuple (bool, bool)
        :returns: password is valid, enc_password changed
        """
        pw_hash = data[ENC_PASSWORD]

        # If we have no password set, we don't accept login with username.
        # Require non-empty password.
        if not pw_hash or not password:
            return False, False

        # check the password against the password hash
        if not valid_password(password, pw_hash):
            return False, False

        new_pw_hash = upgrade_password(password, pw_hash)
        if not new_pw_hash:
            return True, False

        data[ENC_PASSWORD] = new_pw_hash
        return True, True
Beispiel #2
0
 def testupgradepassword(self):
     """ return new password hash with better hash """
     result = crypto.upgrade_password(u'MoinMoin', "junk_hash")
     assert result.startswith('{SSHA256}')