def test_gen_salt(self): salt1 = pwhash.gen_salt() self.assertEqual(len(salt1), 40) salt2 = pwhash.gen_salt() self.assertNotEqual(salt1, salt2) salt3 = pwhash.gen_salt(16) self.assertEqual(len(salt3), 32)
def test_hash_check_vj4(self): password1 = 'password1' salt1 = pwhash.gen_salt() hash1 = pwhash.hash_vj4(password1, salt1) self.assertTrue(pwhash.check(password1, salt1, hash1)) salt2 = pwhash.gen_salt() self.assertFalse(pwhash.check(password1, salt2, hash1)) password2 = 'password2' self.assertFalse(pwhash.check(password2, salt1, hash1))
async def add(uid: int, uname: str, password: str, mail: str, regip: str = ''): """Add a user.""" validator.check_uname(uname) # TODO(iceboy): Filter uname by keywords. validator.check_password(password) validator.check_mail(mail) uname_lower = uname.strip().lower() mail_lower = mail.strip().lower() for user in builtin.USERS: if user['_id'] == uid or user['uname_lower'] == uname_lower or user['mail_lower'] == mail_lower: raise error.UserAlreadyExistError(uname) salt = pwhash.gen_salt() coll = db.Collection('user') try: await coll.insert({'_id': uid, 'uname': uname, 'uname_lower': uname_lower, 'mail': mail, 'mail_lower': mail_lower, 'salt': salt, 'hash': pwhash.hash_vj4(password, salt), 'regat': datetime.datetime.utcnow(), 'regip': regip, 'roles': {}, 'priv': builtin.PRIV_USER_PROFILE, 'loginat': datetime.datetime.utcnow(), 'loginip': regip, 'gravatar': mail}) except errors.DuplicateKeyError: raise error.UserAlreadyExistError(uid, uname, mail) from None
async def change_password(uid: int, current_password: str, password: str): """Change password. Returns doc or None.""" doc = await get_by_uid(uid) if (not doc) or (not pwhash.check(current_password, doc['salt'], doc['hash'])): return None validator.check_password(password) salt = pwhash.gen_salt() coll = db.Collection('user') doc = await coll.find_and_modify(query={'_id': doc['_id'], 'salt': doc['salt'], 'hash': doc['hash']}, update={'$set': {'salt': salt, 'hash': pwhash.hash_vj4(password, salt)}}, new=True) return doc
async def change_password(uid: int, current_password: str, password: str): """Change password. Returns doc or None.""" doc = await check_password_by_uid(uid, current_password) if not doc: return None validator.check_password(password) salt = pwhash.gen_salt() coll = db.coll('user') doc = await coll.find_one_and_update(filter={'_id': doc['_id'], 'salt': doc['salt'], 'hash': doc['hash']}, update={'$set': {'salt': salt, 'hash': pwhash.hash_vj4(password, salt)}}, return_document=ReturnDocument.AFTER) return doc
async def add(uid: int, uname: str, _class: str, year: int, name: str, password: str, mail: str, group: str = '', regip: str = ''): """Add a user.""" validator.check_uname(uname) # TODO(iceboy): Filter uname by keywords. validator.check_password(password) validator.check_mail(mail) uname_lower = uname.strip().lower() mail_lower = mail.strip().lower() for user in builtin.USERS: if user['_id'] == uid or user['uname_lower'] == uname_lower or user[ 'mail_lower'] == mail_lower: raise error.UserAlreadyExistError(uname) salt = pwhash.gen_salt() coll = db.coll('user') try: await coll.insert_one({ '_id': uid, 'uname': uname, 'uname_lower': uname_lower, '_class': _class, 'year': year, 'name': name, 'mail': mail, 'mail_lower': mail_lower, 'group': group, 'salt': salt, 'hash': pwhash.hash_vj4(password, salt), 'regat': datetime.datetime.utcnow(), 'regip': regip, 'priv': builtin.DEFAULT_PRIV, 'loginat': datetime.datetime.utcnow(), 'loginip': regip, 'gravatar': mail }) except errors.DuplicateKeyError: raise error.UserAlreadyExistError(uid, uname, mail) from None
async def set_password(uid: int, password: str): """Set password. Returns doc or None.""" validator.check_password(password) salt = pwhash.gen_salt() coll = db.coll('user') doc = await coll.find_one_and_update(filter={'_id': uid}, update={ '$set': { 'salt': salt, 'hash': pwhash.hash_vj4( password, salt) } }, return_document=ReturnDocument.AFTER) return doc
async def change_password(uid: int, current_password: str, password: str): """Change password. Returns doc or None.""" doc = await get_by_uid(uid) if (not doc) or (not pwhash.check(current_password, doc['salt'], doc['hash'])): return None validator.check_password(password) salt = pwhash.gen_salt() coll = db.Collection('user') doc = await coll.find_and_modify(query={ '_id': doc['_id'], 'salt': doc['salt'], 'hash': doc['hash'] }, update={ '$set': { 'salt': salt, 'hash': pwhash.hash_vj4(password, salt) } }, new=True) return doc