def test_14_handler_is_deprecated(self):
"""test handler_is_deprecated() method"""
pa = CryptPolicy(**self.sample_config_1pd)
pb = CryptPolicy(**self.sample_config_5pd)
self.assertFalse(pa.handler_is_deprecated("des_crypt"))
self.assertFalse(pa.handler_is_deprecated(hash.bsdi_crypt))
self.assertFalse(pa.handler_is_deprecated("sha512_crypt"))
self.assertTrue(pb.handler_is_deprecated("des_crypt"))
self.assertFalse(pb.handler_is_deprecated(hash.bsdi_crypt))
self.assertFalse(pb.handler_is_deprecated("sha512_crypt"))
# check categories as well
self.assertTrue(pb.handler_is_deprecated("des_crypt", "user"))
self.assertFalse(pb.handler_is_deprecated("bsdi_crypt", "user"))
self.assertTrue(pb.handler_is_deprecated("des_crypt", "admin"))
self.assertTrue(pb.handler_is_deprecated("bsdi_crypt", "admin"))
# check deprecation is overridden per category
pc = CryptPolicy(
schemes=["md5_crypt", "des_crypt"],
deprecated=["md5_crypt"],
user__context__deprecated=["des_crypt"],
)
self.assertTrue(pc.handler_is_deprecated("md5_crypt"))
self.assertFalse(pc.handler_is_deprecated("des_crypt"))
self.assertFalse(pc.handler_is_deprecated("md5_crypt", "user"))
self.assertTrue(pc.handler_is_deprecated("des_crypt", "user"))
def test_10_has_schemes(self):
"""test has_schemes() method"""
p1 = CryptPolicy(**self.sample_config_1pd)
self.assertTrue(p1.has_schemes())
p3 = CryptPolicy(**self.sample_config_3pd)
self.assertTrue(not p3.has_schemes())
def test_11_iter_handlers(self):
"""test iter_handlers() method"""
p1 = CryptPolicy(**self.sample_config_1pd)
s = self.sample_config_1prd['schemes']
self.assertEqual(list(p1.iter_handlers()), s)
p3 = CryptPolicy(**self.sample_config_3pd)
self.assertEqual(list(p3.iter_handlers()), [])
def test_20_iter_config(self):
"""test iter_config() method"""
p5 = CryptPolicy(**self.sample_config_5pd)
self.assertEqual(dict(p5.iter_config()), self.sample_config_5pd)
self.assertEqual(dict(p5.iter_config(resolve=True)),
self.sample_config_5prd)
self.assertEqual(dict(p5.iter_config(ini=True)),
self.sample_config_5pid)
def test_00_constructor(self):
"""test CryptPolicy() constructor"""
policy = CryptPolicy(**self.sample_config_1pd)
self.assertEqual(policy.to_dict(), self.sample_config_1pd)
policy = CryptPolicy(self.sample_config_1pd)
self.assertEqual(policy.to_dict(), self.sample_config_1pd)
self.assertRaises(TypeError, CryptPolicy, {}, {})
self.assertRaises(TypeError, CryptPolicy, {}, dummy=1)
# check key with too many separators is rejected
self.assertRaises(
TypeError,
CryptPolicy,
schemes=["des_crypt", "md5_crypt", "bsdi_crypt", "sha512_crypt"],
bad__key__bsdi_crypt__max_rounds=30000,
)
# check nameless handler rejected
class nameless(uh.StaticHandler):
name = None
self.assertRaises(ValueError, CryptPolicy, schemes=[nameless])
# check scheme must be name or crypt handler
self.assertRaises(TypeError, CryptPolicy, schemes=[uh.StaticHandler])
# check name conflicts are rejected
class dummy_1(uh.StaticHandler):
name = 'dummy_1'
self.assertRaises(KeyError, CryptPolicy, schemes=[dummy_1, dummy_1])
# with unknown deprecated value
self.assertRaises(KeyError,
CryptPolicy,
schemes=['des_crypt'],
deprecated=['md5_crypt'])
# with unknown default value
self.assertRaises(KeyError,
CryptPolicy,
schemes=['des_crypt'],
default='md5_crypt')
def test_22_to_string(self):
"""test to_string() method"""
pa = CryptPolicy(**self.sample_config_5pd)
s = pa.to_string() # NOTE: can't compare string directly, ordering etc may not match
pb = CryptPolicy.from_string(s)
self.assertEqual(pb.to_dict(), self.sample_config_5pd)
s = pa.to_string(encoding="latin-1")
self.assertIsInstance(s, bytes)
def test_15_min_verify_time(self):
"""test get_min_verify_time() method"""
# silence deprecation warnings for min verify time
warnings.filterwarnings("ignore", category=DeprecationWarning)
pa = CryptPolicy()
self.assertEqual(pa.get_min_verify_time(), 0)
self.assertEqual(pa.get_min_verify_time('admin'), 0)
pb = pa.replace(min_verify_time=.1)
self.assertEqual(pb.get_min_verify_time(), 0)
self.assertEqual(pb.get_min_verify_time('admin'), 0)
def test_12_get_handler(self):
"""test get_handler() method"""
p1 = CryptPolicy(**self.sample_config_1pd)
# check by name
self.assertIs(p1.get_handler("bsdi_crypt"), hash.bsdi_crypt)
# check by missing name
self.assertIs(p1.get_handler("sha256_crypt"), None)
self.assertRaises(KeyError, p1.get_handler, "sha256_crypt", required=True)
# check default
self.assertIs(p1.get_handler(), hash.md5_crypt)
def test_13_get_options(self):
"""test get_options() method"""
p12 = CryptPolicy(**self.sample_config_12pd)
self.assertEqual(
p12.get_options("bsdi_crypt"),
dict(
# NOTE: not maintaining backwards compat for rendering to "10%"
vary_rounds=0.1,
min_rounds=29000,
max_rounds=35000,
default_rounds=31000,
))
self.assertEqual(
p12.get_options("sha512_crypt"),
dict(
# NOTE: not maintaining backwards compat for rendering to "10%"
vary_rounds=0.1,
min_rounds=45000,
max_rounds=50000,
))
p4 = CryptPolicy.from_string(self.sample_config_4s)
self.assertEqual(
p4.get_options("sha512_crypt"),
dict(
# NOTE: not maintaining backwards compat for rendering to "10%"
vary_rounds=0.1,
max_rounds=20000,
))
self.assertEqual(
p4.get_options("sha512_crypt", "user"),
dict(
# NOTE: not maintaining backwards compat for rendering to "10%"
vary_rounds=0.1,
max_rounds=20000,
))
self.assertEqual(
p4.get_options("sha512_crypt", "admin"),
dict(
# NOTE: not maintaining backwards compat for rendering to "5%"
vary_rounds=0.05,
max_rounds=40000,
))
def test_05_replace(self):
"""test CryptPolicy.replace() constructor"""
p1 = CryptPolicy(**self.sample_config_1pd)
# check overlaying sample 2
p2 = p1.replace(**self.sample_config_2pd)
self.assertEqual(p2.to_dict(), self.sample_config_12pd)
# check repeating overlay makes no change
p2b = p2.replace(**self.sample_config_2pd)
self.assertEqual(p2b.to_dict(), self.sample_config_12pd)
# check overlaying sample 3
p3 = p2.replace(self.sample_config_3pd)
self.assertEqual(p3.to_dict(), self.sample_config_123pd)
def test_02_no_handlers(self):
"""test no handlers"""
# check constructor...
cc = CryptContext()
self.assertRaises(KeyError, cc.identify, 'hash', required=True)
self.assertRaises(KeyError, cc.hash, 'secret')
self.assertRaises(KeyError, cc.verify, 'secret', 'hash')
# check updating policy after the fact...
cc = CryptContext(['md5_crypt'])
p = CryptPolicy(schemes=[])
cc.policy = p
self.assertRaises(KeyError, cc.identify, 'hash', required=True)
self.assertRaises(KeyError, cc.hash, 'secret')
self.assertRaises(KeyError, cc.verify, 'secret', 'hash')
def create_policy(flag=False):
self.assertTrue(flag)
return CryptPolicy(schemes=iter(["dummy_2", "des_crypt"]),
deprecated=["des_crypt"])
def test_21_to_dict(self):
"""test to_dict() method"""
p5 = CryptPolicy(**self.sample_config_5pd)
self.assertEqual(p5.to_dict(), self.sample_config_5pd)
self.assertEqual(p5.to_dict(resolve=True), self.sample_config_5prd)