def test_upgrade_from_sha_with_wrong_password_fails_to_upgrade(self):
user = factories.User()
password = u"testpassword"
user_obj = model.User.by_name(user["name"])
old_hash = _set_password(password)
user_obj._password = old_hash
user_obj.save()
assert not user_obj.validate_password("wrongpass")
assert old_hash == user_obj.password
assert not pbkdf2_sha512.identify(user_obj.password)
def test_upgrade_from_sha_with_wrong_password_fails_to_upgrade(self):
user = factories.User()
password = u'testpassword'
user_obj = model.User.by_name(user['name'])
old_hash = self._set_password(password)
user_obj._password = old_hash
user_obj.save()
nt.assert_false(user_obj.validate_password('wrongpass'))
nt.assert_equals(old_hash, user_obj.password)
nt.assert_false(pbkdf2_sha512.identify(user_obj.password))
def test_upgrade_from_sha_with_wrong_password_fails_to_upgrade(self):
user = factories.User()
password = u'testpassword'
user_obj = model.User.by_name(user['name'])
old_hash = self._set_password(password)
user_obj._password = old_hash
user_obj.save()
nt.assert_false(user_obj.validate_password('wrongpass'))
nt.assert_equals(old_hash, user_obj.password)
nt.assert_false(pbkdf2_sha512.identify(user_obj.password))
def test_upgrade_from_sha(self):
user = factories.User()
user_obj = model.User.by_name(user['name'])
# setup our user with an old password hash
old_hash = self._set_password('testpass')
user_obj._password = old_hash
user_obj.save()
user_obj.validate_password('testpass')
nt.assert_not_equals(old_hash, user_obj.password)
nt.assert_true(pbkdf2_sha512.identify(user_obj.password))
nt.assert_true(pbkdf2_sha512.verify('testpass', user_obj.password))
def test_upgrade_from_sha(self):
user = factories.User()
user_obj = model.User.by_name(user["name"])
# setup our user with an old password hash
old_hash = _set_password("testpass")
user_obj._password = old_hash
user_obj.save()
user_obj.validate_password("testpass")
assert old_hash != user_obj.password
assert pbkdf2_sha512.identify(user_obj.password)
assert pbkdf2_sha512.verify("testpass", user_obj.password)
def test_upgrade_from_sha(self):
user = factories.User()
user_obj = model.User.by_name(user['name'])
# setup our user with an old password hash
old_hash = self._set_password('testpass')
user_obj._password = old_hash
user_obj.save()
user_obj.validate_password('testpass')
nt.assert_not_equals(old_hash, user_obj.password)
nt.assert_true(pbkdf2_sha512.identify(user_obj.password))
nt.assert_true(pbkdf2_sha512.verify('testpass', user_obj.password))
def test_upgrade_from_sha_with_unicode_password(self):
user = factories.User()
password = u"testpassword\xc2\xa0"
user_obj = model.User.by_name(user["name"])
# setup our user with an old password hash
old_hash = _set_password(password)
user_obj._password = old_hash
user_obj.save()
assert user_obj.validate_password(password)
assert old_hash != user_obj.password
assert pbkdf2_sha512.identify(user_obj.password)
assert pbkdf2_sha512.verify(password, user_obj.password)
# check that we now allow unicode characters
assert not pbkdf2_sha512.verify("testpassword", user_obj.password)
def test_upgrade_from_sha_with_unicode_password(self):
user = factories.User()
password = u'testpassword\xc2\xa0'
user_obj = model.User.by_name(user['name'])
# setup our user with an old password hash
old_hash = self._set_password(password)
user_obj._password = old_hash
user_obj.save()
nt.assert_true(user_obj.validate_password(password))
nt.assert_not_equals(old_hash, user_obj.password)
nt.assert_true(pbkdf2_sha512.identify(user_obj.password))
nt.assert_true(pbkdf2_sha512.verify(password, user_obj.password))
# check that we now allow unicode characters
nt.assert_false(pbkdf2_sha512.verify('testpassword',
user_obj.password))
def test_upgrade_from_sha_with_unicode_password(self):
user = factories.User()
password = u'testpassword\xc2\xa0'
user_obj = model.User.by_name(user['name'])
# setup our user with an old password hash
old_hash = self._set_password(password)
user_obj._password = old_hash
user_obj.save()
nt.assert_true(user_obj.validate_password(password))
nt.assert_not_equals(old_hash, user_obj.password)
nt.assert_true(pbkdf2_sha512.identify(user_obj.password))
nt.assert_true(pbkdf2_sha512.verify(password, user_obj.password))
# check that we now allow unicode characters
nt.assert_false(pbkdf2_sha512.verify('testpassword',
user_obj.password))
def validate_password(self, password):
'''
Check the password against existing credentials.
:param password: the password that was provided by the user to
try and authenticate. This is the clear text version that we will
need to match against the hashed one in the database.
:type password: unicode object.
:return: Whether the password is valid.
:rtype: bool
'''
if not password or not self.password:
return False
if not pbkdf2_sha512.identify(self.password):
return self._verify_and_upgrade_from_sha1(password)
else:
current_hash = pbkdf2_sha512.from_string(self.password)
if (current_hash.rounds < pbkdf2_sha512.default_rounds or
len(current_hash.salt) < pbkdf2_sha512.default_salt_size):
return self._verify_and_upgrade_pbkdf2(password)
else:
return pbkdf2_sha512.verify(password, self.password)
def validate_password(self, password):
'''
Check the password against existing credentials.
:param password: the password that was provided by the user to
try and authenticate. This is the clear text version that we will
need to match against the hashed one in the database.
:type password: unicode object.
:return: Whether the password is valid.
:rtype: bool
'''
if not password or not self.password:
return False
if not pbkdf2_sha512.identify(self.password):
return self._verify_and_upgrade_from_sha1(password)
else:
current_hash = pbkdf2_sha512.from_string(self.password)
if (current_hash.rounds < pbkdf2_sha512.default_rounds or
len(current_hash.salt) < pbkdf2_sha512.default_salt_size):
return self._verify_and_upgrade_pbkdf2(password)
else:
return pbkdf2_sha512.verify(password, self.password)
