def test_mysql_aes_encrypt(self):
"""Test mysql_aes_encrypt."""
self.assertEqual(hexlify(mysql_aes_encrypt("test", "key")),
"9e9ce44cd9df2b201f51947e03bccbe2")
self.assertEqual(hexlify(mysql_aes_encrypt(u"test", "key")),
"9e9ce44cd9df2b201f51947e03bccbe2")
self.assertEqual(hexlify(mysql_aes_encrypt("test", u"key")),
"9e9ce44cd9df2b201f51947e03bccbe2")
self.assertEqual(hexlify(mysql_aes_encrypt(u"test", u"key")),
"9e9ce44cd9df2b201f51947e03bccbe2")
self.assertRaises(AssertionError, mysql_aes_encrypt, object(), "key")
self.assertRaises(AssertionError, mysql_aes_encrypt, "val", object())
def test_mysql_aes_encrypt(self):
"""Test mysql_aes_encrypt."""
self.assertEqual(
hexlify(mysql_aes_encrypt("test", "key")),
"9e9ce44cd9df2b201f51947e03bccbe2"
)
self.assertEqual(
hexlify(mysql_aes_encrypt(u"test", "key")),
"9e9ce44cd9df2b201f51947e03bccbe2"
)
self.assertEqual(
hexlify(mysql_aes_encrypt("test", u"key")),
"9e9ce44cd9df2b201f51947e03bccbe2"
)
self.assertEqual(
hexlify(mysql_aes_encrypt(u"test", u"key")),
"9e9ce44cd9df2b201f51947e03bccbe2"
)
self.assertRaises(AssertionError, mysql_aes_encrypt, object(), "key")
self.assertRaises(AssertionError, mysql_aes_encrypt, "val", object())
def do_upgrade():
"""Upgrade recipe.
Adds two new columns (password_salt and password_scheme) and migrates
emails to password salt.
"""
op.add_column('user', db.Column('password_salt', db.String(length=255),
nullable=True))
op.add_column('user', db.Column('password_scheme', db.String(length=50),
nullable=False))
# Temporary column needed for data migration
op.add_column('user', db.Column('new_password', db.String(length=255)))
# Migrate emails to password_salt
m = db.MetaData(bind=db.engine)
m.reflect()
u = m.tables['user']
conn = db.engine.connect()
conn.execute(u.update().values(
password_salt=u.c.email,
password_scheme='invenio_aes_encrypted_email'
))
# Migrate password blob to password varchar.
for row in conn.execute(select([u])):
# NOTE: Empty string passwords were stored as empty strings
# instead of a hashed version, hence they must be treated differently.
legacy_pw = row[u.c.password] or mysql_aes_encrypt(row[u.c.email], "")
stmt = u.update().where(
u.c.id == row[u.c.id]
).values(
new_password=hashlib.sha256(legacy_pw).hexdigest()
)
conn.execute(stmt)
# Create index
op.create_index(
op.f('ix_user_password_scheme'),
'user',
['password_scheme'],
unique=False
)
# Drop old database column and rename new.
op.drop_column('user', 'password')
op.alter_column(
'user', 'new_password',
new_column_name='password',
existing_type=mysql.VARCHAR(255),
existing_nullable=True,
)
def do_upgrade():
"""Upgrade recipe.
Adds two new columns (password_salt and password_scheme) and migrates
emails to password salt.
"""
op.add_column(
'user', db.Column('password_salt',
db.String(length=255),
nullable=True))
op.add_column(
'user',
db.Column('password_scheme', db.String(length=50), nullable=False))
# Temporary column needed for data migration
op.add_column('user', db.Column('new_password', db.String(length=255)))
# Migrate emails to password_salt
m = db.MetaData(bind=db.engine)
m.reflect()
u = m.tables['user']
conn = db.engine.connect()
conn.execute(
u.update().values(password_salt=u.c.email,
password_scheme='invenio_aes_encrypted_email'))
# Migrate password blob to password varchar.
for row in conn.execute(select([u])):
# NOTE: Empty string passwords were stored as empty strings
# instead of a hashed version, hence they must be treated differently.
legacy_pw = row[u.c.password] or mysql_aes_encrypt(row[u.c.email], "")
stmt = u.update().where(u.c.id == row[u.c.id]).values(
new_password=hashlib.sha256(legacy_pw).hexdigest())
conn.execute(stmt)
# Create index
op.create_index(op.f('ix_user_password_scheme'),
'user', ['password_scheme'],
unique=False)
# Drop old database column and rename new.
op.drop_column('user', 'password')
op.alter_column(
'user',
'new_password',
new_column_name='password',
existing_type=mysql.VARCHAR(255),
existing_nullable=True,
)
def create(cls, kind, params, cookie_timeout=timedelta(days=1),
onetime=False):
"""Create cookie with given params."""
expiration = datetime.today() + cookie_timeout
data = (kind, params, expiration, onetime)
password = md5(str(random())).hexdigest()
cookie = cls(
expiration=expiration,
kind=kind,
onetime=int(onetime),
)
cookie._data = mysql_aes_encrypt(dumps(data), password)
db.session.add(cookie)
db.session.commit()
db.session.refresh(cookie)
return password[:16]+hex(cookie.id)[2:-1]+password[-16:]
