def test_compat_password_hashing(self):
with sql.session_for_read() as session:
user_ref = self.identity_api._get_user(session,
self.user_foo['id'])
self.assertIsNotNone(user_ref.password_ref.password)
self.assertIsNotNone(user_ref.password_ref.password_hash)
self.assertEqual(user_ref.password,
user_ref.password_ref.password_hash)
self.assertNotEqual(user_ref.password,
user_ref.password_ref.password)
self.assertTrue(password_hashing.check_password(
self.user_foo['password'], user_ref.password))
self.assertTrue(password_hashing.check_password(
self.user_foo['password'], user_ref.password_ref.password))
def test_compat_password_hashing(self):
with sql.session_for_read() as session:
user_ref = self.identity_api._get_user(session,
self.user_foo['id'])
self.assertIsNotNone(user_ref.password_ref.password)
self.assertIsNotNone(user_ref.password_ref.password_hash)
self.assertEqual(user_ref.password,
user_ref.password_ref.password_hash)
self.assertNotEqual(user_ref.password, user_ref.password_ref.password)
self.assertTrue(
password_hashing.check_password(self.user_foo['password'],
user_ref.password))
self.assertTrue(
password_hashing.check_password(self.user_foo['password'],
user_ref.password_ref.password))
def _validate_password_history(self, password, user_ref):
unique_cnt = CONF.security_compliance.unique_last_password_count
# Validate the new password against the remaining passwords.
if unique_cnt > 0:
for password_ref in user_ref.local_user.passwords[-unique_cnt:]:
if password_hashing.check_password(
password, password_ref.password_hash):
raise exception.PasswordHistoryValidationError(
unique_count=unique_cnt)
def _validate_password_history(self, password, user_ref):
unique_cnt = CONF.security_compliance.unique_last_password_count
# Validate the new password against the remaining passwords.
if unique_cnt > 0:
for password_ref in user_ref.local_user.passwords[-unique_cnt:]:
if password_hashing.check_password(password,
password_ref.password_hash):
raise exception.PasswordHistoryValidationError(
unique_count=unique_cnt)
def _check_password(self, password, user_ref):
"""Check the specified password against the data store.
Note that we'll pass in the entire user_ref in case the subclass
needs things like user_ref.get('name')
For further justification, please see the follow up suggestion at
https://blueprints.launchpad.net/keystone/+spec/sql-identiy-pam
"""
return password_hashing.check_password(password, user_ref.password)
def _check_password(self, password, user_ref):
"""Check the specified password against the data store.
Note that we'll pass in the entire user_ref in case the subclass
needs things like user_ref.get('name')
For further justification, please see the follow up suggestion at
https://blueprints.launchpad.net/keystone/+spec/sql-identiy-pam
"""
return password_hashing.check_password(password, user_ref.password)
def _check_secret(self, secret, app_cred_ref):
secret_hash = app_cred_ref['secret_hash']
return password_hashing.check_password(secret, secret_hash)
def _check_secret(self, secret, app_cred_ref):
secret_hash = app_cred_ref['secret_hash']
return password_hashing.check_password(secret, secret_hash)
