def test_pbkdf2_upgrade(self): hasher = get_hasher("default") self.assertEqual("pbkdf2_sha256", hasher.algorithm) self.assertNotEqual(hasher.iterations, 1) old_iterations = hasher.iterations try: # Generate a password with 1 iteration. hasher.iterations = 1 encoded = make_password("letmein") algo, iterations, salt, hash = encoded.split("$", 3) self.assertEqual(iterations, "1") state = {"upgraded": False} def setter(password): state["upgraded"] = True # Check that no upgrade is triggerd self.assertTrue(check_password("letmein", encoded, setter)) self.assertFalse(state["upgraded"]) # Revert to the old iteration count and ... hasher.iterations = old_iterations # ... check if the password would get updated to the new iteration count. self.assertTrue(check_password("letmein", encoded, setter)) self.assertTrue(state["upgraded"]) finally: hasher.iterations = old_iterations
def clean(self): try: # load user by username user = User.objects.get(username=self.cleaned_data.get('username')) # load requestor by username requestor = User.objects.get(username=self.cleaned_data.get('requestor')) # check OpenID was issued by this node if user.profile.localOpenid() is None: self._errors["username"] = self.error_class(["Non local user: password must be changed at the node " "that issued the OpenID."]) # normal user: check current password old_password = self.cleaned_data.get('old_password') if user.username == requestor.username: if not check_password(old_password, user.password): self._errors["old_password"] = self.error_class(["Wrong user old password."]) elif requestor.is_staff: if not check_password(old_password, requestor.password): self._errors["old_password"] = self.error_class(["Wrong administrator password."]) else: raise Exception("Unauthorized attempt to change the user password") # validate 'password', 'confirm_password' fields validate_password(self) except ObjectDoesNotExist: self._errors["username"] = self.error_class(["Username not found."]) return self.cleaned_data
def test_unsalted_md5(self): encoded = make_password('letmein', 'seasalt', 'unsalted_md5') self.assertEqual(encoded, '0d107d09f5bbe40cade3de5c71e9e9b7') self.assertTrue(is_password_usable(encoded)) self.assertTrue(check_password(u'letmein', encoded)) self.assertFalse(check_password('letmeinz', encoded)) self.assertEqual(identify_hasher(encoded).algorithm, "unsalted_md5")
def test_crypt(self): encoded = make_password('letmein', 'ab', 'crypt') self.assertEqual(encoded, 'crypt$$abN/qM.L/H8EQ') self.assertTrue(is_password_usable(encoded)) self.assertTrue(check_password(u'letmein', encoded)) self.assertFalse(check_password('letmeinz', encoded)) self.assertEqual(identify_hasher(encoded).algorithm, "crypt")
def test_crypt(self): encoded = make_password("lètmei", "ab", "crypt") self.assertEqual(encoded, "crypt$$ab1Hv2Lg7ltQo") self.assertTrue(is_password_usable(encoded)) self.assertTrue(check_password("lètmei", encoded)) self.assertFalse(check_password("lètmeiz", encoded)) self.assertEqual(identify_hasher(encoded).algorithm, "crypt")
def test_unsalted_md5(self): encoded = make_password('lètmein', 'seasalt', 'unsalted_md5') self.assertEqual(encoded, '88a434c88cca4e900f7874cd98123f43') self.assertTrue(is_password_usable(encoded)) self.assertTrue(check_password('lètmein', encoded)) self.assertFalse(check_password('lètmeinz', encoded)) self.assertEqual(identify_hasher(encoded).algorithm, "unsalted_md5")
def test_md5(self): encoded = make_password("lètmein", "seasalt", "md5") self.assertEqual(encoded, "md5$seasalt$3f86d0d3d465b7b458c231bf3555c0e3") self.assertTrue(is_password_usable(encoded)) self.assertTrue(check_password("lètmein", encoded)) self.assertFalse(check_password("lètmeinz", encoded)) self.assertEqual(identify_hasher(encoded).algorithm, "md5")
def test_sha1(self): encoded = make_password("lètmein", "seasalt", "sha1") self.assertEqual(encoded, "sha1$seasalt$cff36ea83f5706ce9aa7454e63e431fc726b2dc8") self.assertTrue(is_password_usable(encoded)) self.assertTrue(check_password("lètmein", encoded)) self.assertFalse(check_password("lètmeinz", encoded)) self.assertEqual(identify_hasher(encoded).algorithm, "sha1")
def test_pkbdf2(self): encoded = make_password("lètmein", "seasalt", "pbkdf2_sha256") self.assertEqual(encoded, "pbkdf2_sha256$10000$seasalt$CWWFdHOWwPnki7HvkcqN9iA2T3KLW1cf2uZ5kvArtVY=") self.assertTrue(is_password_usable(encoded)) self.assertTrue(check_password("lètmein", encoded)) self.assertFalse(check_password("lètmeinz", encoded)) self.assertEqual(identify_hasher(encoded).algorithm, "pbkdf2_sha256")
def test_pkbdf2(self): encoded = make_password('letmein', 'seasalt', 'fastpbkdf2_sha256') self.assertEqual(encoded, 'fastpbkdf2_sha256$30000$seasalt$tI4kYeTLVrgdxTAIgLktSixYYIhAP6NsMaxCyxZ8hIk=') self.assertTrue(is_password_usable(encoded)) self.assertTrue(check_password(u'letmein', encoded)) self.assertFalse(check_password('letmeinz', encoded))
def _test_argon2_upgrade(self, attr, summary_key, new_value): hasher = get_hasher('argon2') self.assertEqual('argon2', hasher.algorithm) self.assertNotEqual(getattr(hasher, attr), new_value) old_value = getattr(hasher, attr) try: # Generate hash with attr set to 1 setattr(hasher, attr, new_value) encoded = make_password('letmein', hasher='argon2') attr_value = hasher.safe_summary(encoded)[summary_key] self.assertEqual(attr_value, new_value) state = {'upgraded': False} def setter(password): state['upgraded'] = True # Check that no upgrade is triggered. self.assertTrue(check_password('letmein', encoded, setter, 'argon2')) self.assertFalse(state['upgraded']) # Revert to the old rounds count and ... setattr(hasher, attr, old_value) # ... check if the password would get updated to the new count. self.assertTrue(check_password('letmein', encoded, setter, 'argon2')) self.assertTrue(state['upgraded']) finally: setattr(hasher, attr, old_value)
def test_bcrypt_upgrade(self): hasher = get_hasher("bcrypt") self.assertEqual("bcrypt", hasher.algorithm) self.assertNotEqual(hasher.rounds, 4) old_rounds = hasher.rounds try: # Generate a password with 4 rounds. hasher.rounds = 4 encoded = make_password("letmein", hasher="bcrypt") rounds = hasher.safe_summary(encoded)["work factor"] self.assertEqual(rounds, "04") state = {"upgraded": False} def setter(password): state["upgraded"] = True # Check that no upgrade is triggered. self.assertTrue(check_password("letmein", encoded, setter, "bcrypt")) self.assertFalse(state["upgraded"]) # Revert to the old rounds count and ... hasher.rounds = old_rounds # ... check if the password would get updated to the new count. self.assertTrue(check_password("letmein", encoded, setter, "bcrypt")) self.assertTrue(state["upgraded"]) finally: hasher.rounds = old_rounds
def test_pbkdf2_upgrade_new_hasher(self): hasher = get_hasher("default") self.assertEqual("pbkdf2_sha256", hasher.algorithm) self.assertNotEqual(hasher.iterations, 1) state = {"upgraded": False} def setter(password): state["upgraded"] = True with self.settings(PASSWORD_HASHERS=["auth_tests.test_hashers.PBKDF2SingleIterationHasher"]): encoded = make_password("letmein") algo, iterations, salt, hash = encoded.split("$", 3) self.assertEqual(iterations, "1") # Check that no upgrade is triggered self.assertTrue(check_password("letmein", encoded, setter)) self.assertFalse(state["upgraded"]) # Revert to the old iteration count and check if the password would get # updated to the new iteration count. with self.settings( PASSWORD_HASHERS=[ "django.contrib.auth.hashers.PBKDF2PasswordHasher", "auth_tests.test_hashers.PBKDF2SingleIterationHasher", ] ): self.assertTrue(check_password("letmein", encoded, setter)) self.assertTrue(state["upgraded"])
def test_bcrypt(self): encoded = make_password('lètmein', hasher='bcrypt') self.assertTrue(is_password_usable(encoded)) self.assertTrue(encoded.startswith('bcrypt$')) self.assertTrue(check_password('lètmein', encoded)) self.assertFalse(check_password('lètmeinz', encoded)) self.assertEqual(identify_hasher(encoded).algorithm, "bcrypt")
def test_pbkdf2_upgrade(self): hasher = get_hasher('default') self.assertEqual('pbkdf2_sha256', hasher.algorithm) self.assertNotEqual(hasher.iterations, 1) old_iterations = hasher.iterations try: # Generate a password with 1 iteration. hasher.iterations = 1 encoded = make_password('letmein') algo, iterations, salt, hash = encoded.split('$', 3) self.assertEqual(iterations, '1') state = {'upgraded': False} def setter(password): state['upgraded'] = True # Check that no upgrade is triggered self.assertTrue(check_password('letmein', encoded, setter)) self.assertFalse(state['upgraded']) # Revert to the old iteration count and ... hasher.iterations = old_iterations # ... check if the password would get updated to the new iteration count. self.assertTrue(check_password('letmein', encoded, setter)) self.assertTrue(state['upgraded']) finally: hasher.iterations = old_iterations
def test_bcrypt_upgrade(self): hasher = get_hasher('bcrypt') self.assertEqual('bcrypt', hasher.algorithm) self.assertNotEqual(hasher.rounds, 4) old_rounds = hasher.rounds try: # Generate a password with 4 rounds. hasher.rounds = 4 encoded = make_password('letmein', hasher='bcrypt') rounds = hasher.safe_summary(encoded)['work factor'] self.assertEqual(rounds, '04') state = {'upgraded': False} def setter(password): state['upgraded'] = True # Check that no upgrade is triggered. self.assertTrue(check_password('letmein', encoded, setter, 'bcrypt')) self.assertFalse(state['upgraded']) # Revert to the old rounds count and ... hasher.rounds = old_rounds # ... check if the password would get updated to the new count. self.assertTrue(check_password('letmein', encoded, setter, 'bcrypt')) self.assertTrue(state['upgraded']) finally: hasher.rounds = old_rounds
def test_pbkdf2_upgrade_new_hasher(self): hasher = get_hasher('default') self.assertEqual('pbkdf2_sha256', hasher.algorithm) self.assertNotEqual(hasher.iterations, 1) state = {'upgraded': False} def setter(password): state['upgraded'] = True with self.settings(PASSWORD_HASHERS=[ 'auth_tests.test_hashers.PBKDF2SingleIterationHasher']): encoded = make_password('letmein') algo, iterations, salt, hash = encoded.split('$', 3) self.assertEqual(iterations, '1') # Check that no upgrade is triggered self.assertTrue(check_password('letmein', encoded, setter)) self.assertFalse(state['upgraded']) # Revert to the old iteration count and check if the password would get # updated to the new iteration count. with self.settings(PASSWORD_HASHERS=[ 'django.contrib.auth.hashers.PBKDF2PasswordHasher', 'auth_tests.test_hashers.PBKDF2SingleIterationHasher']): self.assertTrue(check_password('letmein', encoded, setter)) self.assertTrue(state['upgraded'])
def test_crypt(self): encoded = make_password('lètmei', 'ab', 'crypt') self.assertEqual(encoded, 'crypt$$ab1Hv2Lg7ltQo') self.assertTrue(is_password_usable(encoded)) self.assertTrue(check_password('lètmei', encoded)) self.assertFalse(check_password('lètmeiz', encoded)) self.assertEqual(identify_hasher(encoded).algorithm, "crypt")
def test_sha1(self): encoded = make_password('letmein', 'seasalt', 'sha1') self.assertEqual(encoded, 'sha1$seasalt$fec3530984afba6bade3347b7140d1a7da7da8c7') self.assertTrue(is_password_usable(encoded)) self.assertTrue(check_password(u'letmein', encoded)) self.assertFalse(check_password('letmeinz', encoded))
def test_md5(self): encoded = make_password('letmein', 'seasalt', 'md5') self.assertEqual(encoded, 'md5$seasalt$f5531bef9f3687d0ccf0f617f0e25573') self.assertTrue(is_password_usable(encoded)) self.assertTrue(check_password(u'letmein', encoded)) self.assertFalse(check_password('letmeinz', encoded))
def check_password(self, raw_password, mobile=False): """ Returns a boolean of whether the raw_password was correct. Handles hashing formats behind the scenes. """ def setter(raw_password): self.set_password(raw_password) self.save() # Is standard password allright? if check_password(raw_password, self.password, setter): return True # Check mobile password? if mobile: raw_password = raw_password[:1].lower() + raw_password[1:] else: password_reversed = u'' for c in raw_password: r = c.upper() if r == c: r = c.lower() password_reversed += r raw_password = password_reversed return check_password(raw_password, self.password, setter)
def test_bcrypt(self): encoded = make_password("lètmein", hasher="bcrypt") self.assertTrue(is_password_usable(encoded)) self.assertTrue(encoded.startswith("bcrypt$")) self.assertTrue(check_password("lètmein", encoded)) self.assertFalse(check_password("lètmeinz", encoded)) self.assertEqual(identify_hasher(encoded).algorithm, "bcrypt")
def test_pkbdf2(self): encoded = make_password('letmein', 'seasalt', 'pbkdf2_sha256') self.assertEqual(encoded, 'pbkdf2_sha256$10000$seasalt$FQCNpiZpTb0zub+HBsH6TOwyRxJ19FwvjbweatNmK/Y=') self.assertTrue(is_password_usable(encoded)) self.assertTrue(check_password(u'letmein', encoded)) self.assertFalse(check_password('letmeinz', encoded))
def test_md5(self): encoded = make_password("letmein", "seasalt", "md5") self.assertEqual(encoded, "md5$seasalt$f5531bef9f3687d0ccf0f617f0e25573") self.assertTrue(is_password_usable(encoded)) self.assertTrue(check_password(u"letmein", encoded)) self.assertFalse(check_password("letmeinz", encoded)) # Long password self.assertRaises(ValueError, make_password, "1" * (MAXIMUM_PASSWORD_LENGTH + 1), "seasalt", "md5")
def test_pkbdf2(self): encoded = make_password("letmein", "seasalt", "pbkdf2_sha256") self.assertEqual(encoded, "pbkdf2_sha256$10000$seasalt$FQCNpiZpTb0zub+HBsH6TOwyRxJ19FwvjbweatNmK/Y=") self.assertTrue(is_password_usable(encoded)) self.assertTrue(check_password(u"letmein", encoded)) self.assertFalse(check_password("letmeinz", encoded)) # Long password self.assertRaises(ValueError, make_password, "1" * (MAXIMUM_PASSWORD_LENGTH + 1), "seasalt", "pbkdf2_sha256")
def test_unusable(self): encoded = make_password(None) self.assertFalse(is_password_usable(encoded)) self.assertFalse(check_password(None, encoded)) self.assertFalse(check_password(UNUSABLE_PASSWORD, encoded)) self.assertFalse(check_password('', encoded)) self.assertFalse(check_password(u'letmein', encoded)) self.assertFalse(check_password('letmeinz', encoded))
def test_sha1(self): encoded = make_password("letmein", "seasalt", "sha1") self.assertEqual(encoded, "sha1$seasalt$fec3530984afba6bade3347b7140d1a7da7da8c7") self.assertTrue(is_password_usable(encoded)) self.assertTrue(check_password(u"letmein", encoded)) self.assertFalse(check_password("letmeinz", encoded)) # Long password self.assertRaises(ValueError, make_password, "1" * (MAXIMUM_PASSWORD_LENGTH + 1), "seasalt", "sha1")
def test_bcrypt(self): encoded = make_password("letmein", hasher="bcrypt") self.assertTrue(is_password_usable(encoded)) self.assertTrue(encoded.startswith("bcrypt$")) self.assertTrue(check_password(u"letmein", encoded)) self.assertFalse(check_password("letmeinz", encoded)) # Long password self.assertRaises(ValueError, make_password, "1" * (MAXIMUM_PASSWORD_LENGTH + 1), hasher="bcrypt")
def test_simple(self): encoded = make_password("letmein") self.assertTrue(encoded.startswith("pbkdf2_sha256$")) self.assertTrue(is_password_usable(encoded)) self.assertTrue(check_password(u"letmein", encoded)) self.assertFalse(check_password("letmeinz", encoded)) # Long password self.assertRaises(ValueError, make_password, "1" * (MAXIMUM_PASSWORD_LENGTH + 1))
def test_crypt(self): encoded = make_password("letmein", "ab", "crypt") self.assertEqual(encoded, "crypt$$abN/qM.L/H8EQ") self.assertTrue(is_password_usable(encoded)) self.assertTrue(check_password(u"letmein", encoded)) self.assertFalse(check_password("letmeinz", encoded)) # Long password self.assertRaises(ValueError, make_password, "1" * (MAXIMUM_PASSWORD_LENGTH + 1), "seasalt", "crypt")
def create(self, request, *args, **kwargs): transaction_type = self.request.data.get('type') if transaction_type == 'Depot': serializer = DepositSerializer(data=request.data) if serializer.is_valid(): amount = self.request.data.get('amount') merchantPoint = self.request.data.get('merchantpoint') number = self.request.data.get('customernumber').replace( " ", "") expectie = datetime.strptime( self.request.data.get('expectedvalidationdate'), "%Y-%m-%d %H:%M:%S") beneficiaryNumber = self.request.data.get( 'beneficiarynumber').replace(" ", "") try: merchantPoint = MerchantPoint.objects.get(id=merchantPoint) except MerchantPoint.DoesNotExist: return Response( {"error": "Ce point marchand n'existe pas"}, status=status.HTTP_404_NOT_FOUND) # Calculating expiration date of the otp (expected validation date + 1 hour) expirie = expectie + timedelta(hours=1) try: beneficiary = Customer.objects.get( phonenumber=beneficiaryNumber) except Customer.DoesNotExist: return Response( { "error": "Le numéro du bénéficiaire entré est introuvable" }, status=status.HTTP_404_NOT_FOUND) # Saving OTP while True: # Generating OTP code = self.generateOtp() try: otpie = Otp.objects.get(code=code) if otpie.wasverified == True or ( otpie.wasverified == False and otpie.expirationdate < timezone.now()): otpie.expirationdate = expirie otpie.wasverified = False otpie.save() break elif otpie.wasverified == False and otpie.expirationdate >= timezone.now( ): continue except Otp.DoesNotExist: otpie = Otp(code=code, expirationdate=expirie) print(otpie.expirationdate) otpie.save() break # Sending Otp message = sendOtp(otpie.code, number, expirie.strftime("%d-%b-%Y %H:%M:%S")) if message != "queued": otpie.delete() return Response( { "error": "Une erreur est survenue. Veuillez réessayer" }, status=status.HTTP_500_INTERNAL_SERVER_ERROR) else: # Saving transaction serializer.save(type='Depot', beneficiarynumber=beneficiary, merchantpoint=merchantPoint, amount=amount, expectedvalidationdate=expectie, otp=otpie, customernumber=number, wasvalidatedbycustomer=True) return Response( { "message": "Transaction initiée avec succès. Le code de confirmation sera envoyé" " par SMS au " + number }, status=status.HTTP_201_CREATED) else: return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) elif transaction_type == 'Retrait': serializer = WithdrawalSerializer(data=request.data) if serializer.is_valid(): amount = self.request.data.get('amount') merchantPoint = self.request.data.get('merchantpoint') number = self.request.data.get('customernumber').replace( " ", "") expectie = datetime.strptime( self.request.data.get('expectedvalidationdate'), "%Y-%m-%d %H:%M:%S") try: merchantPoint = MerchantPoint.objects.get(id=merchantPoint) except MerchantPoint.DoesNotExist: return Response( {"error": "Ce point marchand n'existe pas"}, status=status.HTTP_404_NOT_FOUND) # Calculating expiration date of the otp (expected validation date + 1 hour) expirie = expectie + timedelta(hours=1) secret = self.request.data.get('secret').replace(" ", "") try: customer = Customer.objects.get(phonenumber=number) except Customer.DoesNotExist: return Response( {"error": "Le numéro de client entré est introuvable"}, status=status.HTTP_404_NOT_FOUND) if check_password(secret, customer.secret): if customer.balance > float(amount): # Saving OTP while True: # Generating OTP code = self.generateOtp() try: otpie = Otp.objects.get(code=code) if otpie.wasverified == True: otpie.expirationdate = expirie otpie.wasverified = False otpie.save() break elif otpie.wasverified == False: continue except Otp.DoesNotExist: otpie = Otp(code=code, expirationdate=expirie) otpie.save() break # Sending Otp message = sendOtp( otpie.code, number, expirie.strftime("%d-%b-%Y %H:%M:%S")) if message != "queued": otpie.delete() return Response( { "error": "Une erreur est survenue. Veuillez réessayer" }, status=status.HTTP_500_INTERNAL_SERVER_ERROR) else: # Saving transaction serializer.save( type='Retrait', merchantpoint=merchantPoint, amount=amount, customernumber=customer.phonenumber, expectedvalidationdate=expectie, otp=otpie) return Response( { "message": "Transaction initiée avec succès. Le code de confirmation sera envoyé par SMS au " + number }, status=status.HTTP_201_CREATED) else: return Response( { "error": "Solde insuffisant. Cette transaction ne peut être initiée" }, status=status.HTTP_406_NOT_ACCEPTABLE) else: return Response( {"error": "Le code secret entré est erroné"}, status=status.HTTP_404_NOT_FOUND) else: return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) elif transaction_type == 'Paiement': serializer = PaymentSerializer(data=request.data) if (serializer.is_valid()): amount = self.request.data.get('amount') merchantPoint = self.request.data.get('merchantpoint') number = self.request.data.get('customernumber').replace( " ", "") try: merchantPoint = MerchantPoint.objects.get(id=merchantPoint) except MerchantPoint.DoesNotExist: return Response( {"error": "Ce point marchand n'existe pas"}, status=status.HTTP_404_NOT_FOUND) expirie = timezone.now() + timedelta(minutes=3) secret = self.request.data.get('secret').replace(" ", "") try: customer = Customer.objects.get(phonenumber=number) except Customer.DoesNotExist: return Response( {"error": "Le numéro de client entré est introuvable"}, status=status.HTTP_404_NOT_FOUND) if check_password(secret, customer.secret): if customer.balance > float(amount): # Saving OTP while True: # Generating OTP code = self.generateOtp() try: otpie = Otp.objects.get(code=code) if otpie.wasverified == True: otpie.expirationdate = expirie otpie.wasverified = False otpie.save() break elif otpie.wasverified == False: continue except Otp.DoesNotExist: otpie = Otp(code=code, expirationdate=expirie) otpie.save() break # Sending Otp message = sendOtp( otpie.code, number, expirie.strftime("%d-%b-%Y %H:%M:%S")) if message != "queued": otpie.delete() return Response( { "error": "Une erreur est survenue. Veuillez réessayer" }, status=status.HTTP_500_INTERNAL_SERVER_ERROR) else: # Saving transaction serializer.save( type='Paiement', merchantpoint=merchantPoint, amount=amount, customernumber=customer.phonenumber, expectedvalidationdate=expirie, otp=otpie, wasvalidatedbycustomer=True) return Response( { "message": "Transaction initiée avec succès. Le code de confirmation sera envoyé par SMS au " + number, "montant": amount, "code": otpie.code }, status=status.HTTP_201_CREATED) else: return Response( { "error": "Solde insuffisant. Cette transaction ne peut être initiée" }, status=status.HTTP_406_NOT_ACCEPTABLE) else: return Response( {"error": "Le code secret entré est erroné"}, status=status.HTTP_404_NOT_FOUND) else: return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) else: return Response({"error": "Type de transaction inconnu"}, status=status.HTTP_404_NOT_FOUND)
def check_password(self, raw_password): return check_password(raw_password, self.password)
def verify(self, password): return check_password(password, self.hash_password)
from django.test import TestCase # Create your tests here. #coding=utf-8 __author__ = 'shifeixiang' from django.contrib.auth.hashers import make_password, check_password from django.contrib.auth.hashers import make_password, check_password password = '******' sha_pwd = make_password(password, None, 'pbkdf2_sha256') print sha_pwd result = check_password(password, sha_pwd) print result
def matches(self, key): return check_password(key, self.key)
def test(self): # instantiate client client = Client() # retrieve password hash without being logged in username = '******' response = client.get('/api/user/{}/password/'.format(username), follow=True) result = JSONParser().parse(BytesIO(response.content)) self.assertEqual(response.status_code, 403) self.assertEqual( result, {'detail': 'Authentication credentials were not provided.'}) # login as admin username = settings.MQTT['USERNAME'] client.login(username=settings.MQTT['USERNAME'], password=settings.MQTT['PASSWORD']) # retrieve password hash response = client.get('/api/user/{}/password/'.format(username), follow=True) self.assertEqual(response.status_code, 200) encoded = JSONParser().parse(BytesIO(response.content)) # retrieve temporary password password = TemporaryPassword.objects.get( user__username=username).password self.assertEqual(check_password(password, encoded), True) # logout response = self.client.get('/auth/logout/', follow=True) self.assertEqual(response.status_code, 200) self.client.logout() # mqtt login with correct temporary password response = self.client.post('/auth/mqtt/login/', { 'username': '******', 'password': encoded }, follow=True) self.assertEqual(response.status_code, 200) # mqtt login with incorrect username response = self.client.post('/auth/mqtt/login/', { 'username': '******', 'password': encoded }, follow=True) self.assertEqual(response.status_code, 403) # mqtt login with incorrect encoded password response = self.client.post('/auth/mqtt/login/', { 'username': '******', 'password': encoded + 'r' }, follow=True) self.assertEqual(response.status_code, 403) # login as testuser1 username = '******' client.login(username=username, password='******') # retrieve password hash response = client.get('/api/user/{}/password/'.format(username), follow=True) self.assertEqual(response.status_code, 200) encoded = JSONParser().parse(BytesIO(response.content)) # retrieve temporary password password = TemporaryPassword.objects.get( user__username=username).password self.assertEqual(check_password(password, encoded), True) # logout response = self.client.get('/auth/logout/', follow=True) self.assertEqual(response.status_code, 200) self.client.logout() # mqtt login with correct temporary password response = self.client.post('/auth/mqtt/login/', { 'username': username, 'password': encoded }, follow=True) self.assertEqual(response.status_code, 200) # mqtt login with incorrect username response = self.client.post('/auth/mqtt/login/', { 'username': username + 'o', 'password': encoded }, follow=True) self.assertEqual(response.status_code, 403) # mqtt login with incorrect encoded password response = self.client.post('/auth/mqtt/login/', { 'username': username, 'password': encoded + 'r' }, follow=True) self.assertEqual(response.status_code, 403) # login as testuser2 username = '******' client.login(username=username, password='******') # retrieve password hash response = client.get('/api/user/{}/password/'.format(username), follow=True) self.assertEqual(response.status_code, 200) encoded = JSONParser().parse(BytesIO(response.content)) # retrieve temporary password password = TemporaryPassword.objects.get( user__username=username).password self.assertEqual(check_password(password, encoded), True) # logout response = self.client.get('/auth/logout/', follow=True) self.assertEqual(response.status_code, 200) self.client.logout() # mqtt login with correct temporary password response = self.client.post('/auth/mqtt/login/', { 'username': username, 'password': encoded }, follow=True) self.assertEqual(response.status_code, 200) # mqtt login with incorrect username response = self.client.post('/auth/mqtt/login/', { 'username': username + 'o', 'password': encoded }, follow=True) self.assertEqual(response.status_code, 403) # mqtt login with incorrect encoded password response = self.client.post('/auth/mqtt/login/', { 'username': username, 'password': encoded + 'r' }, follow=True) self.assertEqual(response.status_code, 403)
def check_password(self, raw_password): def setter(raw_password): self.set_password(raw_password) self.save(update_fields=['password']) return check_password(raw_password, self.password, setter)
from django.test import TestCase # Create your tests here. import os os.environ.setdefault("DJANGO_SETTINGS_MODULE", "django_shop.settings") import django django.setup() from django.contrib.auth.hashers import make_password, check_password r = make_password("1234", None, "pbkdf2_sha256") print(r) print(check_password("1234", r))
def Settings(request): user = request.user user_id = user.id user_object = User.objects.get(id=user_id) print(user_object.password) user_profile = u_models.UserProfile.objects.get(user=user) if request.method == 'POST': data = request.POST if 'change_username' in data.keys(): new_username = data['username'] try: new_user = u_models.UserProfile.objects.get( username=new_username) if new_user is not None: return render( request, 'settings.html', {"username_error": "Username already exists."}) except: user_object.username = new_username user_object.save() return redirect('settings') if 'change_pp' in data.keys(): new_image = request.FILES.get('image', False) user_profile.picture = new_image user_profile.save() return redirect('settings') if 'change_password' in data.keys(): new_password = data['newpwd'] new_password1 = data['newpwd1'] if new_password == new_password1: old_password = data['oldpwd'] if check_password(old_password, user_object.password): new_password_hashed = make_password(new_password) user_object.password = new_password_hashed user_object.save() return redirect('login') else: return render(request, 'settings.html', { 'password_error': 'Current password entered is wrong.' }) else: return render(request, 'settings.html', {'password_error': 'Passwords dont match.'}) if "deactivate_account" in data.keys(): old_passworddeactiv = data['deactivate_password'] if check_password(old_passworddeactiv, user_object.password): user_profile.is_active = False user_profile.save() return redirect('logout') else: return render( request, 'settings.html', {'password_error': 'Current password entered is wrong.'}) if "delete_account" in data.keys(): old_passworddelete = data['delete_password'] if check_password(old_passworddelete, user_object.password): user_object.delete() return redirect('login') else: user = request.user user_profile = u_models.UserProfile.objects.get(user=user) user_profile_picture = user_profile.picture user_profile_picture_url = user_profile_picture.url user_pp_clean = user_profile_picture_url[7:] return render( request, 'settings.html', { 'User': user, 'UserProfile': user_profile, 'UserProfilePictureurl': user_pp_clean })
def pwd_check(self): if check_password(self.passWord, self.userObj.password): return True else: return False
def clean(self): cleaned_data = super(ConfirmPasswordForm, self).clean() confirm_password = cleaned_data.get('confirm_password') if not check_password(confirm_password, self.instance.password): self.add_error('confirm_password', 'Password does not match.')
def test_collective_password_not_saved_as_plain_text(db): collective = mommy.make("purchases.Collective") collective.password = "******" collective.save() assert collective.password != "foobar" assert check_password("foobar", collective.password)
def get_object(self): obj = super().get_object() password = self.request.query_params.get('password') if not check_password(password, obj.password): raise Http404 return obj
def check_token(self, token, salt): return salt in self.token and check_password(token, self.token)
#!/usr/bin/env python from django.contrib.auth.models import User from django.contrib.auth.hashers import check_password users = User.objects.all() for user in users: guess = user.username[::-1] if check_password(guess, user.password): print "%s (%s, %s)" % (user.get_name(), user.username, user.email)
def customerValidation(request): codie = request.data.get('code') secret = request.data.get('secret').replace(" ", "") try: otpie = Otp.objects.get(code=codie) if otpie.wasverified == True: return Response({"message": "Ce code a déjà été vérifié"}, status=status.HTTP_406_NOT_ACCEPTABLE) elif otpie.expirationdate < timezone.now(): return Response({"error": "Ce code a expiré"}, status=status.HTTP_406_NOT_ACCEPTABLE) else: try: transaction = Transaction.objects.get(otp=otpie, type="Retrait") if transaction.wasvalidatedbymerchant == False: return Response( { "error": "La transaction n'a pas encore été validée par le marchand." }, status=status.HTTP_406_NOT_ACCEPTABLE) try: customer = Customer.objects.get( phonenumber=transaction.customernumber) if check_password(secret, customer.secret): try: merchantpoint = MerchantPoint.objects.get( id=transaction.merchantpoint_id) amount = transaction.amount oldStoreBalance = merchantpoint.balance oldCustomerBalance = customer.balance if oldCustomerBalance < amount: return Response( { "error": "Transaction échouée. Solde du client insuffisant" }, status=status.HTTP_406_NOT_ACCEPTABLE) elif oldStoreBalance < amount: return Response( { "error": "Transaction échouée. Solde du point marchand insuffisant" }, status=status.HTTP_406_NOT_ACCEPTABLE) else: customer.balance = oldCustomerBalance - amount merchantpoint.balance = oldStoreBalance - amount customer.save() merchantpoint.save() transaction.wasvalidatedbycustomer = True transaction.validationdate = timezone.now() transaction.save() otpie.wasverified = True otpie.save() sendTransactionSMS( customer.phonenumber, "retrait", transaction.date.strftime( "%d-%b-%Y %H:%M:%S"), transaction.expectedvalidationdate. strftime("%d-%b-%Y %H:%M:%S"), transaction.validationdate.strftime( "%d-%b-%Y %H:%M:%S"), str(customer.balance)) return Response( { "message": "La transaction a bien été validée." }, status=status.HTTP_200_OK) except MerchantPoint.DoesNotExist: return Response( {"error": "Le point marchand n'existe pas"}, status=status.HTTP_404_NOT_FOUND) else: return Response( {"error": "Le code secret est incorrect"}, status=status.HTTP_404_NOT_FOUND) except Customer.DoesNotExist: return Response({"error": "Ce client n'existe pas"}, status=status.HTTP_404_NOT_FOUND) except Transaction.DoesNotExist: return Response({"error": "Cette transaction n'existe pas"}, status=status.HTTP_404_NOT_FOUND) except Otp.DoesNotExist: return Response({"error": "Le code fourni n'existe pas"}, status=status.HTTP_404_NOT_FOUND)
def test_views(self): # Check Register payload = { 'username': self.user.username, 'password': self.user.password, 'first_name': self.user.first_name, 'last_name': self.user.last_name } response = self.client.post(reverse('area:api_register'), payload, format='json') self.assertEqual(response.status_code, 200) self.assertEqual(response.data['last_name'], self.user.last_name) self.assertEqual(response.data['first_name'], self.user.first_name) self.assertEqual(response.data['username'], self.user.username) self.token = response.data['token'] self.assertEqual(Token.objects.get(key=self.token).user.username, self.user.username) # Check Login payload = { 'username': self.user.username, 'password': '******', } response = self.client.post( reverse('area:api_login'), format='json') self.assertEqual(response.status_code, 400) payload = { 'username': self.user.username, 'password': self.user.password, } response = self.client.post(reverse('area:api_login'), payload, format='json') self.assertEqual(response.status_code, 200) # Check Person retreiving # set AUTH self.client.credentials(HTTP_AUTHORIZATION='Token ' + self.token) response = self.client.get(reverse('area:api_person'), payload, format='json') # Check Person updating updated_user = RandomUserFactory.build() # check if the new info does not exist with self.assertRaises(get_user_model().DoesNotExist): get_user_model().objects.get(username=updated_user.username) payload = { 'user': { 'password': updated_user.password, 'first_name': updated_user.first_name, 'last_name': updated_user.last_name }, 'birthday': updated_user.person.birthday } response = self.client.put(reverse('area:api_person'), payload, format='json') self.assertEqual(response.status_code, 200) user = Token.objects.get(key=self.token).user self.assertEqual(updated_user.first_name, user.first_name) self.assertEqual(updated_user.last_name, user.last_name) self.assertTrue(check_password(updated_user.password, user.password)) # Check if the password is blank payload['user']['password'] = '' response = self.client.put(reverse('area:api_person'), payload, format='json') # the password may not be blank self.assertEqual(response.status_code, 400) self.assertTrue(check_password(updated_user.password, user.password)) # Check empty password del payload['user']['password'] response = self.client.put(reverse('area:api_person'), payload, format='json') self.assertEqual(response.status_code, 200) #import ipdb;ipdb.set_trace() user = Token.objects.get(key=self.token).user self.assertTrue(check_password(updated_user.password, user.password))
from django.test import TestCase # Create your tests here. from django.contrib.auth.hashers import make_password, check_password p1 = "ceshi1" p2 = make_password(p1) print(p2) leg = check_password(p1, p2) print(leg)
def test_user(self): self.assertEqual(self.user.email, "*****@*****.**") self.assertEqual(self.user.get_short_name(), "First") self.assertEqual(self.user.get_full_name(), "First Last") self.assertEqual(self.user.last_name, "Last") self.assertTrue(check_password("testclub123", self.user.password))
def clean(self): cleaned_data = super(AccountChangeForm, self).clean() current_password = cleaned_data.get('current_password') if not check_password(current_password, self.instance.password): self.add_error('current_password', 'Password does not match.')
def updatenodalpassword(request, userid): user = User.objects.get(pk=userid) # print(user.role) if request.method == 'POST': user = User.objects.get(pk=userid) # print(user.role) if user.role == User.nodal_officer: nodal = User.objects.get(pk=userid) cur_password = request.POST.get('currentPassword') password = request.POST.get('password') # print(check_password(cur_password,nodal.password)) if check_password(cur_password, nodal.password): nodal.set_password(password) nodal.save() return render(request, 'Dashboard/nodal_officer/Profile.html', { 'user': userid, 'nodal': nodal }) else: messages.info(request, 'Your Current Password Is Wrong') return render(request, 'Dashboard/nodal_officer/changePassword.html', {'user': userid}) elif user.role == User.head: print("head") head = User.objects.get(pk=userid) cur_password = request.POST.get('currentPassword') password = request.POST.get('password') # print(check_password(cur_password,head.password)) if check_password(cur_password, head.password): head.set_password(password) head.save() return render(request, 'HeadDashboard/Profile.html', { 'user': userid, 'head': head }) else: messages.info(request, 'Your Current Password Is Wrong') return render(request, 'HeadDashboard/changePassword.html', {'user': userid}) elif user.role == User.superadmin: sadmin = User.objects.get(pk=userid) cur_password = request.POST.get('currentPassword') password = request.POST.get('password') # print(check_password(cur_password,head.password)) if check_password(cur_password, sadmin.password): sadmin.set_password(password) sadmin.save() return render(request, 'SuperAdmin/Profile.html', { 'user': userid, 'sadmin': sadmin }) else: messages.info(request, 'Your Current Password Is Wrong') return render(request, 'SuperAdmin/changePassword.html', {'user': userid}) else: if user.role == User.nodal_officer: return render(request, 'Dashboard/nodal_officer/changePassword.html', {'user': userid}) elif user.role == User.head: return render(request, 'HeadDashboard/changePassword.html', {'user': userid}) elif user.role == User.superadmin: return render(request, 'SuperAdmin/changePassword.html', {'user': userid})
def test_create_user_hashes_password(self): user = self.create_regular_user() self.assertTrue( check_password(self.user.get("password"), user.password))
def check_password(self, password): return check_password(password, self.password)
def login(request): logged_on = is_logged_on(request) # If the authenticator cookie wasn't set... if logged_on: # Handle user not logged in while trying to create a listing return HttpResponseRedirect(reverse('home')) form = LoginForm if request.method == "GET": return render(request, "app/login.html", { "form": form, "website_url": WEBSITE_URL, }) elif request.method == "POST": f = LoginForm(request.POST) # Check if the form instance is invalid if not f.is_valid(): # Form was bad -- send them back to login page and show them an error return render(request, 'app/login.html', { "form": form, "logged_on": logged_on, "errorMessage": "Form input invalid", "website_url": WEBSITE_URL, }) # Sanitize username and password fields username = f.cleaned_data['username'] password = f.cleaned_data['password'] user_results = User.objects.filter(username=username) if len(user_results) != 1: return render(request, 'app/login.html', { "form": form, "logged_on": logged_on, "errorMessage": "Username or Password Incorrect", "website_url": WEBSITE_URL, }) user = user_results[0] # check password if not check_password(password, user.password): return render(request, 'app/login.html', { "form": form, "logged_on": logged_on, "errorMessage": "Password Incorrect", "website_url": WEBSITE_URL, }) """ If we made it here, we can log them in. """ # Set their login cookie and redirect to back to wherever they came from authenticator = gen_alphanumeric(30) auth = Authenticator( token=authenticator, user_id=user.pk ) auth.save() message = "okie dokie" response = HttpResponseRedirect(reverse('home')) response.set_cookie("auth", authenticator) response.set_cookie("responseMessage", message) return response
def test_unspecified_password(self): """ Makes sure specifying no plain password with a valid encoded password returns `False`. """ self.assertFalse(check_password(None, make_password('lètmein')))
def clean(self): for keycard in Keycard.objects.all(): if check_password(self.secret, keycard.secret): raise ValidationError("Secret already added") return super().clean()
def test_create_account(self): """ Ensure we can create a new account object. """ url = reverse('authentication_register') email = ''.join( random.choice(string.ascii_lowercase) for _ in range(10)) + '@example.com' username = ''.join( random.choice(string.ascii_lowercase) for _ in range(10)) + '@' + settings.ALLOWED_DOMAINS[0] authkey = binascii.hexlify(os.urandom( settings.AUTH_KEY_LENGTH_BYTES)).decode() public_key = binascii.hexlify( os.urandom(settings.USER_PUBLIC_KEY_LENGTH_BYTES)).decode() private_key = binascii.hexlify( os.urandom(settings.USER_PRIVATE_KEY_LENGTH_BYTES)).decode() private_key_nonce = binascii.hexlify( os.urandom(settings.NONCE_LENGTH_BYTES)).decode() secret_key = binascii.hexlify( os.urandom(settings.USER_SECRET_KEY_LENGTH_BYTES)).decode() secret_key_nonce = binascii.hexlify( os.urandom(settings.NONCE_LENGTH_BYTES)).decode() user_sauce = 'd25e29d812386431ec8f75ce4dce44464b57a9b742e7caeea78c9d984297c8f1' data = { 'username': username, 'email': email, 'authkey': authkey, 'public_key': public_key, 'private_key': private_key, 'private_key_nonce': private_key_nonce, 'secret_key': secret_key, 'secret_key_nonce': secret_key_nonce, 'user_sauce': user_sauce, } response = self.client.post(url, data) self.assertEqual(response.status_code, status.HTTP_201_CREATED) self.assertEqual(models.User.objects.count(), 1) user = models.User.objects.get() email_bcrypt = bcrypt.hashpw( email.encode(), settings.EMAIL_SECRET_SALT.encode()).decode().replace( settings.EMAIL_SECRET_SALT, '', 1) self.assertEqual(decrypt_with_db_secret(user.email), email) self.assertEqual(user.email_bcrypt, email_bcrypt) self.assertTrue(check_password(authkey, user.authkey)) self.assertEqual(user.public_key, public_key) self.assertEqual(user.private_key, private_key) self.assertEqual(user.private_key_nonce, private_key_nonce) self.assertEqual(user.secret_key, secret_key) self.assertEqual(user.secret_key_nonce, secret_key_nonce) self.assertEqual(user.user_sauce, user_sauce) self.assertTrue(user.is_active) self.assertFalse(user.is_email_active)
def movies(request): #VALIDATE METHOD response_data = {} response_data['movies'] = {} if request.method == 'POST': #CHECK JSON STRUCTURE #DECLARE RESPONSE if checkJson().isJson(request.body) == True: datitosj = json.loads(request.body) #Leer json errorsito = "" #CHECK JSON CONTENT try: usersql = ApiUsers.objects.get(user=datitosj['user']) except Exception as e: response_data['result'] = 'error' response_data['message'] = 'User incorrect' return JsonResponse(response_data, status=401) #Error Json psw = datitosj['password'] #COntraseña que se envia Hachiko = usersql.password #CHECK IF PASSWORD IS CORRECT if (check_password(psw, Hachiko) == False): errorsito = "User or password incorrect" if (errorsito != ""): response_data['result'] = 'error' response_data['message'] = errorsito return JsonResponse(response_data, status=402) if ApiKey().check(request): if request.headers["user-api-key"] == usersql.api_key: j = 0 for i in Movie.objects.all(): response_data['movies'][j] = {} response_data['movies'][j]['id'] = i.movieid response_data['movies'][j]['title'] = i.movietitle response_data['movies'][j][ 'releaseDate'] = i.releasedate response_data['movies'][j]['imageUrl'] = i.imageurl response_data['movies'][j][ 'description'] = i.description j = j + 1 response_data['result'] = 'success' return JsonResponse(response_data, status=200) else: response_data['result'] = 'ERROR' response_data['message'] = 'Api Key Invalido' return JsonResponse(response_data, status=401) else: response_data['result'] = 'EXITO' response_data['message'] = 'Valido' response_data['ApiKey'] = usersql.api_key return JsonResponse(response_data, status=200) else: response_data['result'] = 'error' response_data['message'] = 'Esta mal el JSON' return JsonResponse(response_data, status=100) else: response_data['result'] = 'error' response_data['message'] = 'NO es post' return JsonResponse(response_data, status=402)
def validate(self, password, user=None): if user.previous_password: if check_password(password, user.previous_password): raise ValidationError("A nova senha não pode ser igual a antiga.") return None
def test_simple(self): encoded = make_password('letmein') self.assertTrue(encoded.startswith('pbkdf2_sha256$')) self.assertTrue(is_password_usable(encoded)) self.assertTrue(check_password(u'letmein', encoded)) self.assertFalse(check_password('letmeinz', encoded))