def is_valid_password(self, password): """ Метод проверки корректности введенного пароля """ new_hash = self._hash_password(password) # Сравниваем хэши введённого пароля и того, которых хранится в таблице return compare_digest(new_hash, self._password)
def is_valid_password(self, password): """Ensure that the provided password is valid. We are using this instead of a ``sqlalchemy.types.TypeDecorator`` (which would let us write ``User.password == password`` and have the incoming ``password`` be automatically hashed in a SQLAlchemy query) because ``compare_digest`` properly compares **all*** the characters of the hash even when they do not match in order to avoid timing oracle side-channel attacks.""" new_hash = self._hash_password(password) return compare_digest(new_hash, self._password)
def get_token(context, resource, username, password, client_id): """ Get a JWT as evidence of authentication. Using the provided ADAL authentication context, attempt to get a JWT from the cache (if enabled). If the cache misses or the cached refresh token cannot be exchanged, interrogate AAD for a new JWT. Returns: Either a valid token bundle or None, and a flag indicating that the cache is stale and should be updated. Side-effects: the token bundle that is returned is a reference to the token inside the context's cache member. As such, this function modifies `context`. """ try: # Get a token from the cache (avoids a round-trip to AAD if the cached token hasn't expired) try: token = context.acquire_token(resource, username, client_id) except adal.adal_error.AdalError as err: # see issue #3 token = None if token is not None: password_hmac = hash_password(token, password) if compare_digest(bytes(password_hmac), bytes(token['passwordHash'])): return token, False logger.info("authenticated user %s from cache", username) logger.debug("could not get a token from cache; acquiring from AAD") token = context.acquire_token_with_username_password( resource, username, password, client_id) except adal.adal_error.AdalError as err: logger.info("User %s failed to authenticate: %s", username, err) error_code = str(err.error_response.get("error_codes")[0]) return None, False, error_code token['passwordHash'] = hash_password(token, password) logger.info("authenticated user %s from AAD request", username) return token, True
def is_valid_password(self, password): new_hash = self._hash_password(password) return compare_digest(new_hash, self._password)
def is_password_valid(password): password_record = models.Password.query.first() stored_digest = binascii.unhexlify(password_record.digest_key) digest_key = digest(password, password_record.salt) return compare_digest(digest_key, stored_digest)
def check_password(self, value): """Ensures that the provided password is valid.""" new_hash = self._hash_password(value) return compare_digest(new_hash, self._password)
def test_compare_digest(self): self.assertTrue(compare_digest("", "")) self.assertTrue(compare_digest("a", "a")) self.assertTrue(compare_digest("\x00", "\x00")) self.assertFalse(compare_digest("a", "b")) self.assertFalse(compare_digest("", "a")) self.assertFalse(compare_digest("a", "")) self.assertTrue(compare_digest(b"", b"")) self.assertTrue(compare_digest(b"a", b"a")) self.assertTrue(compare_digest(b"\x00", b"\x00")) self.assertFalse(compare_digest(b"a", b"b")) self.assertFalse(compare_digest(b"", b"a")) self.assertFalse(compare_digest(b"a", b"")) self.assertTrue(compare_digest(b"a", bytearray(b"a"))) self.assertFalse(compare_digest(b"a", bytearray(b"b"))) self.assertRaises(TypeError, compare_digest, "a", b"a") self.assertRaises(TypeError, compare_digest, "ä", "ä")
def check_password(self, password): new_hash = self._hash_password(password) return compare_digest(b64decode(new_hash), b64decode(self._password))