Ejemplo n.º 1
0
    def _process_role_body(
        cls,
        cmd: sd.Command,
        schema: s_schema.Schema,
        astnode: qlast.DDLOperation,
        context: sd.CommandContext,
    ) -> None:
        password = cmd.get_attribute_value('password')
        if password is not None:
            if cmd.get_attribute_value('password_hash') is not None:
                raise errors.EdgeQLSyntaxError(
                    'cannot specify both `password` and `password_hash` in'
                    ' the same statement',
                    context=astnode.context,
                )
            salted_password = scram.build_verifier(password)
            cmd.set_attribute_value('password', salted_password)

        password_hash = cmd.get_attribute_value('password_hash')
        if password_hash is not None:
            try:
                scram.parse_verifier(password_hash)
            except ValueError as e:
                raise errors.InvalidValueError(
                    e.args[0],
                    context=astnode.context)
            cmd.set_attribute_value('password', password_hash)
Ejemplo n.º 2
0
    def test_scram_sha_256_verifier(self):
        salt = 'W22ZaJ0SNY7soEsUEjb6gQ=='
        password = '******'

        v = scram.build_verifier(
            password,
            salt=base64.b64decode(salt),
            iterations=4096,
        )

        stored_key = 'WG5d8oPm3OtcPnkdi4Uo7BkeZkBFzpcXkuLmtbsT4qY='
        server_key = 'wfPLwcE6nTWhTAmQ7tl2KeoiWGPlZqQxSrmfPwDl2dU='

        self.assertEqual(
            v, f'SCRAM-SHA-256$4096:{salt}${stored_key}:{server_key}')

        parsed = scram.parse_verifier(v)

        self.assertEqual(parsed.mechanism, 'SCRAM-SHA-256')
        self.assertEqual(parsed.iterations, 4096)
        self.assertEqual(parsed.salt, base64.b64decode(salt))
        self.assertEqual(parsed.stored_key, base64.b64decode(stored_key))
        self.assertEqual(parsed.server_key, base64.b64decode(server_key))

        self.assertTrue(scram.verify_password(password, v))
Ejemplo n.º 3
0
 def _process_role_body(
     cls,
     cmd: sd.Command,
     schema: s_schema.Schema,
     astnode: qlast.DDLOperation,
     context: sd.CommandContext,
 ) -> None:
     password = cmd.get_attribute_value('password')
     if password is not None:
         salted_password = scram.build_verifier(password)
         cmd.set_attribute_value('password', salted_password)
Ejemplo n.º 4
0
 def _process_role_body(cls, cmd, schema, astnode, context):
     password = cmd.get_attribute_value('password')
     if password is not None:
         salted_password = scram.build_verifier(password)
         cmd.set_attribute_value('password', salted_password)