def test_compat_password_hashing(self): with sql.session_for_read() as session: user_ref = self.identity_api._get_user(session, self.user_foo['id']) self.assertIsNotNone(user_ref.password_ref.password) self.assertIsNotNone(user_ref.password_ref.password_hash) self.assertEqual(user_ref.password, user_ref.password_ref.password_hash) self.assertNotEqual(user_ref.password, user_ref.password_ref.password) self.assertTrue(password_hashing.check_password( self.user_foo['password'], user_ref.password)) self.assertTrue(password_hashing.check_password( self.user_foo['password'], user_ref.password_ref.password))
def test_compat_password_hashing(self): with sql.session_for_read() as session: user_ref = self.identity_api._get_user(session, self.user_foo['id']) self.assertIsNotNone(user_ref.password_ref.password) self.assertIsNotNone(user_ref.password_ref.password_hash) self.assertEqual(user_ref.password, user_ref.password_ref.password_hash) self.assertNotEqual(user_ref.password, user_ref.password_ref.password) self.assertTrue( password_hashing.check_password(self.user_foo['password'], user_ref.password)) self.assertTrue( password_hashing.check_password(self.user_foo['password'], user_ref.password_ref.password))
def _validate_password_history(self, password, user_ref): unique_cnt = CONF.security_compliance.unique_last_password_count # Validate the new password against the remaining passwords. if unique_cnt > 0: for password_ref in user_ref.local_user.passwords[-unique_cnt:]: if password_hashing.check_password( password, password_ref.password_hash): raise exception.PasswordHistoryValidationError( unique_count=unique_cnt)
def _validate_password_history(self, password, user_ref): unique_cnt = CONF.security_compliance.unique_last_password_count # Validate the new password against the remaining passwords. if unique_cnt > 0: for password_ref in user_ref.local_user.passwords[-unique_cnt:]: if password_hashing.check_password(password, password_ref.password_hash): raise exception.PasswordHistoryValidationError( unique_count=unique_cnt)
def _check_password(self, password, user_ref): """Check the specified password against the data store. Note that we'll pass in the entire user_ref in case the subclass needs things like user_ref.get('name') For further justification, please see the follow up suggestion at https://blueprints.launchpad.net/keystone/+spec/sql-identiy-pam """ return password_hashing.check_password(password, user_ref.password)
def _check_password(self, password, user_ref): """Check the specified password against the data store. Note that we'll pass in the entire user_ref in case the subclass needs things like user_ref.get('name') For further justification, please see the follow up suggestion at https://blueprints.launchpad.net/keystone/+spec/sql-identiy-pam """ return password_hashing.check_password(password, user_ref.password)
def _check_secret(self, secret, app_cred_ref): secret_hash = app_cred_ref['secret_hash'] return password_hashing.check_password(secret, secret_hash)
def _check_secret(self, secret, app_cred_ref): secret_hash = app_cred_ref['secret_hash'] return password_hashing.check_password(secret, secret_hash)