def is_valid_password(self, password):
"""
Метод проверки корректности введенного пароля
"""
new_hash = self._hash_password(password)
# Сравниваем хэши введённого пароля и того, которых хранится в таблице
return compare_digest(new_hash, self._password)
def is_valid_password(self, password):
"""Ensure that the provided password is valid.
We are using this instead of a ``sqlalchemy.types.TypeDecorator``
(which would let us write ``User.password == password`` and have the incoming
``password`` be automatically hashed in a SQLAlchemy query)
because ``compare_digest`` properly compares **all***
the characters of the hash even when they do not match in order to
avoid timing oracle side-channel attacks."""
new_hash = self._hash_password(password)
return compare_digest(new_hash, self._password)
def is_valid_password(self, password):
"""Ensure that the provided password is valid.
We are using this instead of a ``sqlalchemy.types.TypeDecorator``
(which would let us write ``User.password == password`` and have the incoming
``password`` be automatically hashed in a SQLAlchemy query)
because ``compare_digest`` properly compares **all***
the characters of the hash even when they do not match in order to
avoid timing oracle side-channel attacks."""
new_hash = self._hash_password(password)
return compare_digest(new_hash, self._password)
def get_token(context, resource, username, password, client_id):
"""
Get a JWT as evidence of authentication.
Using the provided ADAL authentication context, attempt to get a JWT from the cache (if
enabled). If the cache misses or the cached refresh token cannot be exchanged, interrogate
AAD for a new JWT.
Returns: Either a valid token bundle or None, and a flag indicating that the cache is stale
and should be updated.
Side-effects: the token bundle that is returned is a reference to the token inside the
context's cache member. As such, this function modifies `context`.
"""
try:
# Get a token from the cache (avoids a round-trip to AAD if the cached token hasn't expired)
try:
token = context.acquire_token(resource, username, client_id)
except adal.adal_error.AdalError as err: # see issue #3
token = None
if token is not None:
password_hmac = hash_password(token, password)
if compare_digest(bytes(password_hmac),
bytes(token['passwordHash'])):
return token, False
logger.info("authenticated user %s from cache", username)
logger.debug("could not get a token from cache; acquiring from AAD")
token = context.acquire_token_with_username_password(
resource, username, password, client_id)
except adal.adal_error.AdalError as err:
logger.info("User %s failed to authenticate: %s", username, err)
error_code = str(err.error_response.get("error_codes")[0])
return None, False, error_code
token['passwordHash'] = hash_password(token, password)
logger.info("authenticated user %s from AAD request", username)
return token, True
def is_valid_password(self, password):
new_hash = self._hash_password(password)
return compare_digest(new_hash, self._password)
def is_password_valid(password):
password_record = models.Password.query.first()
stored_digest = binascii.unhexlify(password_record.digest_key)
digest_key = digest(password, password_record.salt)
return compare_digest(digest_key, stored_digest)
def is_valid_password(self, password): new_hash = self._hash_password(password) return compare_digest(new_hash, self._password)
def check_password(self, value):
"""Ensures that the provided password is valid."""
new_hash = self._hash_password(value)
return compare_digest(new_hash, self._password)
def test_compare_digest(self):
self.assertTrue(compare_digest("", ""))
self.assertTrue(compare_digest("a", "a"))
self.assertTrue(compare_digest("\x00", "\x00"))
self.assertFalse(compare_digest("a", "b"))
self.assertFalse(compare_digest("", "a"))
self.assertFalse(compare_digest("a", ""))
self.assertTrue(compare_digest(b"", b""))
self.assertTrue(compare_digest(b"a", b"a"))
self.assertTrue(compare_digest(b"\x00", b"\x00"))
self.assertFalse(compare_digest(b"a", b"b"))
self.assertFalse(compare_digest(b"", b"a"))
self.assertFalse(compare_digest(b"a", b""))
self.assertTrue(compare_digest(b"a", bytearray(b"a")))
self.assertFalse(compare_digest(b"a", bytearray(b"b")))
self.assertRaises(TypeError, compare_digest, "a", b"a")
self.assertRaises(TypeError, compare_digest, "ä", "ä")
def check_password(self, value):
"""Ensures that the provided password is valid."""
new_hash = self._hash_password(value)
return compare_digest(new_hash, self._password)
def check_password(self, password):
new_hash = self._hash_password(password)
return compare_digest(b64decode(new_hash), b64decode(self._password))
