def test_mysql_aes_encrypt(self):
     """Test mysql_aes_encrypt."""
     self.assertEqual(hexlify(mysql_aes_encrypt("test", "key")),
                      "9e9ce44cd9df2b201f51947e03bccbe2")
     self.assertEqual(hexlify(mysql_aes_encrypt(u"test", "key")),
                      "9e9ce44cd9df2b201f51947e03bccbe2")
     self.assertEqual(hexlify(mysql_aes_encrypt("test", u"key")),
                      "9e9ce44cd9df2b201f51947e03bccbe2")
     self.assertEqual(hexlify(mysql_aes_encrypt(u"test", u"key")),
                      "9e9ce44cd9df2b201f51947e03bccbe2")
     self.assertRaises(AssertionError, mysql_aes_encrypt, object(), "key")
     self.assertRaises(AssertionError, mysql_aes_encrypt, "val", object())
 def test_mysql_aes_encrypt(self):
     """Test mysql_aes_encrypt."""
     self.assertEqual(
         hexlify(mysql_aes_encrypt("test", "key")),
         "9e9ce44cd9df2b201f51947e03bccbe2"
     )
     self.assertEqual(
         hexlify(mysql_aes_encrypt(u"test", "key")),
         "9e9ce44cd9df2b201f51947e03bccbe2"
     )
     self.assertEqual(
         hexlify(mysql_aes_encrypt("test", u"key")),
         "9e9ce44cd9df2b201f51947e03bccbe2"
     )
     self.assertEqual(
         hexlify(mysql_aes_encrypt(u"test", u"key")),
         "9e9ce44cd9df2b201f51947e03bccbe2"
     )
     self.assertRaises(AssertionError, mysql_aes_encrypt, object(), "key")
     self.assertRaises(AssertionError, mysql_aes_encrypt, "val", object())
def do_upgrade():
    """Upgrade recipe.

    Adds two new columns (password_salt and password_scheme) and migrates
    emails to password salt.
    """
    op.add_column('user', db.Column('password_salt', db.String(length=255),
                                    nullable=True))
    op.add_column('user', db.Column('password_scheme', db.String(length=50),
                                    nullable=False))

    # Temporary column needed for data migration
    op.add_column('user', db.Column('new_password', db.String(length=255)))

    # Migrate emails to password_salt
    m = db.MetaData(bind=db.engine)
    m.reflect()
    u = m.tables['user']

    conn = db.engine.connect()
    conn.execute(u.update().values(
        password_salt=u.c.email,
        password_scheme='invenio_aes_encrypted_email'
    ))

    # Migrate password blob to password varchar.
    for row in conn.execute(select([u])):
        # NOTE: Empty string passwords were stored as empty strings
        # instead of a hashed version, hence they must be treated differently.
        legacy_pw = row[u.c.password] or mysql_aes_encrypt(row[u.c.email], "")

        stmt = u.update().where(
            u.c.id == row[u.c.id]
        ).values(
            new_password=hashlib.sha256(legacy_pw).hexdigest()
        )
        conn.execute(stmt)

    # Create index
    op.create_index(
        op.f('ix_user_password_scheme'),
        'user',
        ['password_scheme'],
        unique=False
    )

    # Drop old database column and rename new.
    op.drop_column('user', 'password')
    op.alter_column(
        'user', 'new_password',
        new_column_name='password',
        existing_type=mysql.VARCHAR(255),
        existing_nullable=True,
    )
Beispiel #4
0
def do_upgrade():
    """Upgrade recipe.

    Adds two new columns (password_salt and password_scheme) and migrates
    emails to password salt.
    """
    op.add_column(
        'user', db.Column('password_salt',
                          db.String(length=255),
                          nullable=True))
    op.add_column(
        'user',
        db.Column('password_scheme', db.String(length=50), nullable=False))

    # Temporary column needed for data migration
    op.add_column('user', db.Column('new_password', db.String(length=255)))

    # Migrate emails to password_salt
    m = db.MetaData(bind=db.engine)
    m.reflect()
    u = m.tables['user']

    conn = db.engine.connect()
    conn.execute(
        u.update().values(password_salt=u.c.email,
                          password_scheme='invenio_aes_encrypted_email'))

    # Migrate password blob to password varchar.
    for row in conn.execute(select([u])):
        # NOTE: Empty string passwords were stored as empty strings
        # instead of a hashed version, hence they must be treated differently.
        legacy_pw = row[u.c.password] or mysql_aes_encrypt(row[u.c.email], "")

        stmt = u.update().where(u.c.id == row[u.c.id]).values(
            new_password=hashlib.sha256(legacy_pw).hexdigest())
        conn.execute(stmt)

    # Create index
    op.create_index(op.f('ix_user_password_scheme'),
                    'user', ['password_scheme'],
                    unique=False)

    # Drop old database column and rename new.
    op.drop_column('user', 'password')
    op.alter_column(
        'user',
        'new_password',
        new_column_name='password',
        existing_type=mysql.VARCHAR(255),
        existing_nullable=True,
    )
Beispiel #5
0
 def create(cls, kind, params, cookie_timeout=timedelta(days=1),
            onetime=False):
     """Create cookie with given params."""
     expiration = datetime.today() + cookie_timeout
     data = (kind, params, expiration, onetime)
     password = md5(str(random())).hexdigest()
     cookie = cls(
         expiration=expiration,
         kind=kind,
         onetime=int(onetime),
     )
     cookie._data = mysql_aes_encrypt(dumps(data), password)
     db.session.add(cookie)
     db.session.commit()
     db.session.refresh(cookie)
     return password[:16]+hex(cookie.id)[2:-1]+password[-16:]