def test_43_hash_legacy(self, use_16_legacy=False):
cc = CryptContext(**self.sample_4_dict)
with self.assertWarningList(['passing settings to.*is deprecated']):
self.assertEqual(cc.hash('password', scheme='phpass', salt='........'), '$H$5........De04R5Egz0aq8Tf.1eVhY/')
with self.assertWarningList(['passing settings to.*is deprecated']):
self.assertEqual(cc.hash('password', scheme='phpass', salt='........', ident='P'), '$P$5........De04R5Egz0aq8Tf.1eVhY/')
with self.assertWarningList(['passing settings to.*is deprecated']):
self.assertEqual(cc.hash('password', rounds=1999, salt='nacl'), '$5$rounds=1999$nacl$nmfwJIxqj0csloAAvSER0B8LU0ERCAbhmMug4Twl609')
with self.assertWarningList(['passing settings to.*is deprecated']):
self.assertEqual(cc.hash('password', rounds=2001, salt='nacl'), '$5$rounds=2001$nacl$8PdeoPL4aXQnJ0woHhqgIw/efyfCKC2WHneOpnvF.31')
self.assertRaises(KeyError, cc.hash, 'secret', scheme='fake')
self.assertRaises(TypeError, cc.hash, 'secret', scheme=1)
def test_47_verify_and_update(self):
cc = CryptContext(**self.sample_4_dict)
h1 = cc.handler('des_crypt').hash('password')
h2 = cc.handler('sha256_crypt').hash('password')
ok, new_hash = cc.verify_and_update('wrongpass', h1)
self.assertFalse(ok)
self.assertIs(new_hash, None)
ok, new_hash = cc.verify_and_update('wrongpass', h2)
self.assertFalse(ok)
self.assertIs(new_hash, None)
ok, new_hash = cc.verify_and_update('password', h1)
self.assertTrue(ok)
self.assertTrue(cc.identify(new_hash), 'sha256_crypt')
ok, new_hash = cc.verify_and_update('password', h2)
self.assertTrue(ok)
self.assertIs(new_hash, None)
cc = CryptContext(['des_crypt'])
hash = refhash = cc.hash('stub')
for secret, kwds in self.nonstring_vectors:
self.assertRaises(TypeError, cc.verify_and_update, secret, hash, **kwds)
self.assertEqual(cc.verify_and_update(secret, None), (False, None))
cc = CryptContext(['des_crypt'])
for hash, kwds in self.nonstring_vectors:
if hash is None:
continue
self.assertRaises(TypeError, cc.verify_and_update, 'secret', hash, **kwds)
self.assertRaises(KeyError, CryptContext().verify_and_update, 'secret', 'hash')
self.assertRaises(KeyError, cc.verify_and_update, 'secret', refhash, scheme='fake')
self.assertRaises(TypeError, cc.verify_and_update, 'secret', refhash, scheme=1)
self.assertRaises(TypeError, cc.verify_and_update, 'secret', refhash, category=1)
return
def test_45_verify(self):
handlers = [
'md5_crypt', 'des_crypt', 'bsdi_crypt']
cc = CryptContext(handlers, bsdi_crypt__default_rounds=5)
h = hash.md5_crypt.hash('test')
self.assertTrue(cc.verify('test', h))
self.assertTrue(not cc.verify('notest', h))
self.assertTrue(cc.verify('test', h, scheme='md5_crypt'))
self.assertTrue(not cc.verify('notest', h, scheme='md5_crypt'))
self.assertRaises(ValueError, cc.verify, 'test', h, scheme='bsdi_crypt')
self.assertRaises(ValueError, cc.verify, 'stub', '$6$232323123$1287319827')
cc = CryptContext(['des_crypt'])
h = refhash = cc.hash('stub')
for secret, kwds in self.nonstring_vectors:
self.assertRaises(TypeError, cc.verify, secret, h, **kwds)
self.assertFalse(cc.verify(secret, None))
cc = CryptContext(['des_crypt'])
for h, kwds in self.nonstring_vectors:
if h is None:
continue
self.assertRaises(TypeError, cc.verify, 'secret', h, **kwds)
self.assertRaises(KeyError, CryptContext().verify, 'secret', 'hash')
self.assertRaises(KeyError, cc.verify, 'secret', refhash, scheme='fake')
self.assertRaises(TypeError, cc.verify, 'secret', refhash, scheme=1)
self.assertRaises(TypeError, cc.verify, 'secret', refhash, category=1)
return
def test_40_basic(self):
handlers = [
hash.md5_crypt, hash.des_crypt, hash.bsdi_crypt]
cc = CryptContext(handlers, bsdi_crypt__default_rounds=5)
for crypt in handlers:
h = cc.hash('test', scheme=crypt.name)
self.assertEqual(cc.identify(h), crypt.name)
self.assertEqual(cc.identify(h, resolve=True, unconfigured=True), crypt)
self.assertHandlerDerivedFrom(cc.identify(h, resolve=True), crypt)
self.assertTrue(cc.verify('test', h))
self.assertFalse(cc.verify('notest', h))
h = cc.hash('test')
self.assertEqual(cc.identify(h), 'md5_crypt')
h = cc.genhash('secret', cc.genconfig())
self.assertEqual(cc.identify(h), 'md5_crypt')
h = cc.genhash('secret', cc.genconfig(), scheme='md5_crypt')
self.assertEqual(cc.identify(h), 'md5_crypt')
self.assertRaises(ValueError, cc.genhash, 'secret', cc.genconfig(), scheme='des_crypt')
def test_95_context_algs(self):
handler = self.handler
from otp.ai.passlib.context import CryptContext
c1 = CryptContext(['scram'], scram__algs='sha1,md5')
h = c1.hash('dummy')
self.assertEqual(handler.extract_digest_algs(h), ['md5', 'sha-1'])
self.assertFalse(c1.needs_update(h))
c2 = c1.copy(scram__algs='sha1')
self.assertFalse(c2.needs_update(h))
c2 = c1.copy(scram__algs='sha1,sha256')
self.assertTrue(c2.needs_update(h))
def test_43_hash(self):
cc = CryptContext(**self.sample_4_dict)
hash = cc.hash('password')
self.assertTrue(hash.startswith('$5$rounds=3000$'))
self.assertTrue(cc.verify('password', hash))
self.assertFalse(cc.verify('passwordx', hash))
self.assertRaises(ValueError, cc.copy, sha256_crypt__default_rounds=4000)
cc = CryptContext(['des_crypt'])
for secret, kwds in self.nonstring_vectors:
self.assertRaises(TypeError, cc.hash, secret, **kwds)
self.assertRaises(KeyError, CryptContext().hash, 'secret')
self.assertRaises(TypeError, cc.hash, 'secret', category=1)
def test_48_context_kwds(self):
from otp.ai.passlib.hash import des_crypt, md5_crypt, postgres_md5
des_hash = des_crypt.hash('stub')
pg_root_hash = postgres_md5.hash('stub', user='******')
pg_admin_hash = postgres_md5.hash('stub', user='******')
cc1 = CryptContext([des_crypt, md5_crypt])
self.assertEqual(cc1.context_kwds, set())
self.assertTrue(des_crypt.identify(cc1.hash('stub')), 'des_crypt')
self.assertTrue(cc1.verify('stub', des_hash))
self.assertEqual(cc1.verify_and_update('stub', des_hash), (True, None))
with self.assertWarningList(['passing settings to.*is deprecated']):
self.assertRaises(TypeError, cc1.hash, 'stub', user='******')
self.assertRaises(TypeError, cc1.verify, 'stub', des_hash, user='******')
self.assertRaises(TypeError, cc1.verify_and_update, 'stub', des_hash, user='******')
cc2 = CryptContext([des_crypt, postgres_md5])
self.assertEqual(cc2.context_kwds, set(['user']))
self.assertTrue(des_crypt.identify(cc2.hash('stub')), 'des_crypt')
self.assertTrue(cc2.verify('stub', des_hash))
self.assertEqual(cc2.verify_and_update('stub', des_hash), (True, None))
self.assertTrue(des_crypt.identify(cc2.hash('stub', user='******')), 'des_crypt')
self.assertTrue(cc2.verify('stub', des_hash, user='******'))
self.assertEqual(cc2.verify_and_update('stub', des_hash, user='******'), (True, None))
with self.assertWarningList(['passing settings to.*is deprecated']):
self.assertRaises(TypeError, cc2.hash, 'stub', badkwd='root')
self.assertRaises(TypeError, cc2.verify, 'stub', des_hash, badkwd='root')
self.assertRaises(TypeError, cc2.verify_and_update, 'stub', des_hash, badkwd='root')
cc3 = CryptContext([postgres_md5, des_crypt], deprecated='auto')
self.assertEqual(cc3.context_kwds, set(['user']))
self.assertRaises(TypeError, cc3.hash, 'stub')
self.assertRaises(TypeError, cc3.verify, 'stub', pg_root_hash)
self.assertRaises(TypeError, cc3.verify_and_update, 'stub', pg_root_hash)
self.assertEqual(cc3.hash('stub', user='******'), pg_root_hash)
self.assertTrue(cc3.verify('stub', pg_root_hash, user='******'))
self.assertEqual(cc3.verify_and_update('stub', pg_root_hash, user='******'), (True, None))
self.assertEqual(cc3.verify_and_update('stub', pg_root_hash, user='******'), (False, None))
self.assertEqual(cc3.verify_and_update('stub', des_hash, user='******'), (
True, pg_root_hash))
return
def test_42_genhash(self):
cc = CryptContext(['des_crypt'])
hash = cc.hash('stub')
for secret, kwds in self.nonstring_vectors:
self.assertRaises(TypeError, cc.genhash, secret, hash, **kwds)
cc = CryptContext(['des_crypt'])
for config, kwds in self.nonstring_vectors:
if hash is None:
continue
self.assertRaises(TypeError, cc.genhash, 'secret', config, **kwds)
cc = CryptContext(['mysql323'])
self.assertRaises(TypeError, cc.genhash, 'stub', None)
self.assertRaises(KeyError, CryptContext().genhash, 'secret', 'hash')
self.assertRaises(KeyError, cc.genhash, 'secret', hash, scheme='fake')
self.assertRaises(TypeError, cc.genhash, 'secret', hash, scheme=1)
self.assertRaises(TypeError, cc.genconfig, 'secret', hash, category=1)
return
def test_disabled_hashes(self):
from otp.ai.passlib.hash import md5_crypt, unix_disabled
ctx = CryptContext(['des_crypt'])
ctx2 = CryptContext(['des_crypt', 'unix_disabled'])
h_ref = ctx.hash('foo')
h_other = md5_crypt.hash('foo')
self.assertRaisesRegex(RuntimeError, 'no disabled hasher present', ctx.disable)
self.assertRaisesRegex(RuntimeError, 'no disabled hasher present', ctx.disable, h_ref)
self.assertRaisesRegex(RuntimeError, 'no disabled hasher present', ctx.disable, h_other)
h_dis = ctx2.disable()
self.assertEqual(h_dis, unix_disabled.default_marker)
h_dis_ref = ctx2.disable(h_ref)
self.assertEqual(h_dis_ref, unix_disabled.default_marker + h_ref)
h_dis_other = ctx2.disable(h_other)
self.assertEqual(h_dis_other, unix_disabled.default_marker + h_other)
self.assertEqual(ctx2.disable(h_dis_ref), h_dis_ref)
self.assertTrue(ctx.is_enabled(h_ref))
HASH_NOT_IDENTIFIED = 'hash could not be identified'
self.assertRaisesRegex(ValueError, HASH_NOT_IDENTIFIED, ctx.is_enabled, h_other)
self.assertRaisesRegex(ValueError, HASH_NOT_IDENTIFIED, ctx.is_enabled, h_dis)
self.assertRaisesRegex(ValueError, HASH_NOT_IDENTIFIED, ctx.is_enabled, h_dis_ref)
self.assertTrue(ctx2.is_enabled(h_ref))
self.assertRaisesRegex(ValueError, HASH_NOT_IDENTIFIED, ctx.is_enabled, h_other)
self.assertFalse(ctx2.is_enabled(h_dis))
self.assertFalse(ctx2.is_enabled(h_dis_ref))
self.assertRaisesRegex(ValueError, HASH_NOT_IDENTIFIED, ctx.enable, '')
self.assertRaises(TypeError, ctx.enable, None)
self.assertEqual(ctx.enable(h_ref), h_ref)
self.assertRaisesRegex(ValueError, HASH_NOT_IDENTIFIED, ctx.enable, h_other)
self.assertRaisesRegex(ValueError, HASH_NOT_IDENTIFIED, ctx.enable, h_dis)
self.assertRaisesRegex(ValueError, HASH_NOT_IDENTIFIED, ctx.enable, h_dis_ref)
self.assertRaisesRegex(ValueError, HASH_NOT_IDENTIFIED, ctx.enable, '')
self.assertRaises(TypeError, ctx2.enable, None)
self.assertEqual(ctx2.enable(h_ref), h_ref)
self.assertRaisesRegex(ValueError, HASH_NOT_IDENTIFIED, ctx2.enable, h_other)
self.assertRaisesRegex(ValueError, 'cannot restore original hash', ctx2.enable, h_dis)
self.assertEqual(ctx2.enable(h_dis_ref), h_ref)
return