Beispiel #1
0
    def test_upgrade_from_pbkdf2_with_less_rounds(self):
        """set up a pbkdf key with less than the default rounds

    If the number of default_rounds is increased in a later version of
    passlib, ckan should upgrade the password hashes for people without
    involvement from users"""
        user = factories.User()
        password = u"testpassword"
        user_obj = model.User.by_name(user["name"])

        # setup hash with salt/rounds less than the default
        old_hash = pbkdf2_sha512.encrypt(password, salt_size=2, rounds=10)
        user_obj._password = old_hash
        user_obj.save()

        assert user_obj.validate_password(password.encode("utf-8"))
        # check that the hash has been updated
        assert old_hash != user_obj.password
        new_hash = pbkdf2_sha512.from_string(user_obj.password)

        assert pbkdf2_sha512.default_rounds > 10
        assert pbkdf2_sha512.default_rounds == new_hash.rounds

        assert pbkdf2_sha512.default_salt_size, 2
        assert pbkdf2_sha512.default_salt_size == len(new_hash.salt)
        assert pbkdf2_sha512.verify(password, user_obj.password)
Beispiel #2
0
    def test_upgrade_from_pbkdf2_with_less_rounds(self):
        '''set up a pbkdf key with less than the default rounds

        If the number of default_rounds is increased in a later version of
        passlib, ckan should upgrade the password hashes for people without
        involvement from users'''
        user = factories.User()
        password = u'testpassword'
        user_obj = model.User.by_name(user['name'])

        # setup hash with salt/rounds less than the default
        old_hash = pbkdf2_sha512.encrypt(password, salt_size=2, rounds=10)
        user_obj._password = old_hash
        user_obj.save()

        nt.assert_true(user_obj.validate_password(password.encode('utf-8')))
        # check that the hash has been updated
        nt.assert_not_equals(old_hash, user_obj.password)
        new_hash = pbkdf2_sha512.from_string(user_obj.password)

        nt.assert_true(pbkdf2_sha512.default_rounds > 10)
        nt.assert_equals(pbkdf2_sha512.default_rounds, new_hash.rounds)

        nt.assert_true(pbkdf2_sha512.default_salt_size, 2)
        nt.assert_equals(pbkdf2_sha512.default_salt_size, len(new_hash.salt))
        nt.assert_true(pbkdf2_sha512.verify(password, user_obj.password))
Beispiel #3
0
    def test_upgrade_from_pbkdf2_with_less_rounds(self):
        '''set up a pbkdf key with less than the default rounds

        If the number of default_rounds is increased in a later version of
        passlib, ckan should upgrade the password hashes for people without
        involvement from users'''
        user = factories.User()
        password = u'testpassword'
        user_obj = model.User.by_name(user['name'])

        # setup hash with salt/rounds less than the default
        old_hash = pbkdf2_sha512.encrypt(password, salt_size=2, rounds=10)
        user_obj._password = old_hash
        user_obj.save()

        nt.assert_true(user_obj.validate_password(password.encode('utf-8')))
        # check that the hash has been updated
        nt.assert_not_equals(old_hash, user_obj.password)
        new_hash = pbkdf2_sha512.from_string(user_obj.password)

        nt.assert_true(pbkdf2_sha512.default_rounds > 10)
        nt.assert_equals(pbkdf2_sha512.default_rounds, new_hash.rounds)

        nt.assert_true(pbkdf2_sha512.default_salt_size, 2)
        nt.assert_equals(pbkdf2_sha512.default_salt_size,
                         len(new_hash.salt))
        nt.assert_true(pbkdf2_sha512.verify(password, user_obj.password))
Beispiel #4
0
    def validate_password(self, password):
        '''
        Check the password against existing credentials.

        :param password: the password that was provided by the user to
            try and authenticate. This is the clear text version that we will
            need to match against the hashed one in the database.
        :type password: unicode object.
        :return: Whether the password is valid.
        :rtype: bool
        '''
        if not password or not self.password:
            return False

        if not pbkdf2_sha512.identify(self.password):
            return self._verify_and_upgrade_from_sha1(password)
        else:
            current_hash = pbkdf2_sha512.from_string(self.password)
            if (current_hash.rounds < pbkdf2_sha512.default_rounds or
                len(current_hash.salt) < pbkdf2_sha512.default_salt_size):

                return self._verify_and_upgrade_pbkdf2(password)
            else:
                return pbkdf2_sha512.verify(password, self.password)
Beispiel #5
0
    def validate_password(self, password):
        '''
        Check the password against existing credentials.

        :param password: the password that was provided by the user to
            try and authenticate. This is the clear text version that we will
            need to match against the hashed one in the database.
        :type password: unicode object.
        :return: Whether the password is valid.
        :rtype: bool
        '''
        if not password or not self.password:
            return False

        if not pbkdf2_sha512.identify(self.password):
            return self._verify_and_upgrade_from_sha1(password)
        else:
            current_hash = pbkdf2_sha512.from_string(self.password)
            if (current_hash.rounds < pbkdf2_sha512.default_rounds or
                    len(current_hash.salt) < pbkdf2_sha512.default_salt_size):

                return self._verify_and_upgrade_pbkdf2(password)
            else:
                return pbkdf2_sha512.verify(password, self.password)