def test_95_context_algs(self): handler = self.handler from otp.ai.passlib.context import CryptContext c1 = CryptContext(['scram'], scram__algs='sha1,md5') h = c1.hash('dummy') self.assertEqual(handler.extract_digest_algs(h), ['md5', 'sha-1']) self.assertFalse(c1.needs_update(h)) c2 = c1.copy(scram__algs='sha1') self.assertFalse(c2.needs_update(h)) c2 = c1.copy(scram__algs='sha1,sha256') self.assertTrue(c2.needs_update(h))
def test_52_log2_vary_rounds(self): cc = CryptContext(schemes=['bcrypt'], bcrypt__min_rounds=15, bcrypt__max_rounds=25, bcrypt__default_rounds=20) self.assertRaises(ValueError, cc.copy, all__vary_rounds=-1) self.assertRaises(ValueError, cc.copy, all__vary_rounds='-1%') self.assertRaises(ValueError, cc.copy, all__vary_rounds='101%') c2 = cc.copy(all__vary_rounds=0) self.assertEqual(c2._get_record('bcrypt', None).vary_rounds, 0) self.assert_rounds_range(c2, 'bcrypt', 20, 20) c2 = cc.copy(all__vary_rounds='0%') self.assertEqual(c2._get_record('bcrypt', None).vary_rounds, 0) self.assert_rounds_range(c2, 'bcrypt', 20, 20) c2 = cc.copy(all__vary_rounds=1) self.assertEqual(c2._get_record('bcrypt', None).vary_rounds, 1) self.assert_rounds_range(c2, 'bcrypt', 19, 21) c2 = cc.copy(all__vary_rounds=100) self.assertEqual(c2._get_record('bcrypt', None).vary_rounds, 100) self.assert_rounds_range(c2, 'bcrypt', 15, 25) c2 = cc.copy(all__vary_rounds='1%') self.assertEqual(c2._get_record('bcrypt', None).vary_rounds, 0.01) self.assert_rounds_range(c2, 'bcrypt', 20, 20) c2 = cc.copy(all__vary_rounds='49%') self.assertEqual(c2._get_record('bcrypt', None).vary_rounds, 0.49) self.assert_rounds_range(c2, 'bcrypt', 20, 20) c2 = cc.copy(all__vary_rounds='50%') self.assertEqual(c2._get_record('bcrypt', None).vary_rounds, 0.5) self.assert_rounds_range(c2, 'bcrypt', 19, 20) c2 = cc.copy(all__vary_rounds='100%') self.assertEqual(c2._get_record('bcrypt', None).vary_rounds, 1.0) self.assert_rounds_range(c2, 'bcrypt', 15, 21) return
def test_04_copy(self): cc1 = CryptContext(**self.sample_1_dict) cc2 = cc1.copy(**self.sample_2_dict) self.assertEqual(cc1.to_dict(), self.sample_1_dict) self.assertEqual(cc2.to_dict(), self.sample_12_dict) cc2b = cc2.copy(**self.sample_2_dict) self.assertEqual(cc1.to_dict(), self.sample_1_dict) self.assertEqual(cc2b.to_dict(), self.sample_12_dict) cc3 = cc2.copy(**self.sample_3_dict) self.assertEqual(cc3.to_dict(), self.sample_123_dict) cc4 = cc1.copy() self.assertIsNot(cc4, cc1) self.assertEqual(cc1.to_dict(), self.sample_1_dict) self.assertEqual(cc4.to_dict(), self.sample_1_dict) cc4.update(**self.sample_2_dict) self.assertEqual(cc1.to_dict(), self.sample_1_dict) self.assertEqual(cc4.to_dict(), self.sample_12_dict)
def test_41_genconfig(self): cc = CryptContext(schemes=['md5_crypt', 'phpass'], phpass__ident='H', phpass__default_rounds=7, admin__phpass__ident='P') self.assertTrue(cc.genconfig().startswith('$1$')) self.assertTrue(cc.genconfig(scheme='phpass').startswith('$H$5')) self.assertTrue(cc.genconfig(scheme='phpass', category='admin').startswith('$P$5')) self.assertTrue(cc.genconfig(scheme='phpass', category='staff').startswith('$H$5')) self.assertEqual(cc.genconfig(scheme='phpass', salt='........', rounds=8, ident='P'), '$P$6........22zGEuacuPOqEpYPDeR0R/') if PY2: c2 = cc.copy(default='phpass') self.assertTrue(c2.genconfig(category=u('admin')).startswith('$P$5')) self.assertTrue(c2.genconfig(category=u('staff')).startswith('$H$5')) self.assertRaises(KeyError, CryptContext().genconfig) self.assertRaises(KeyError, CryptContext().genconfig, scheme='md5_crypt') self.assertRaises(KeyError, cc.genconfig, scheme='fake') self.assertRaises(TypeError, cc.genconfig, scheme=1, category='staff') self.assertRaises(TypeError, cc.genconfig, scheme=1) self.assertRaises(TypeError, cc.genconfig, category=1)
def test_50_rounds_limits(self): cc = CryptContext(schemes=['sha256_crypt'], sha256_crypt__min_rounds=2000, sha256_crypt__max_rounds=3000, sha256_crypt__default_rounds=2500) STUB = '...........................................' custom_handler = cc._get_record('sha256_crypt', None) self.assertEqual(custom_handler.min_desired_rounds, 2000) self.assertEqual(custom_handler.max_desired_rounds, 3000) self.assertEqual(custom_handler.default_rounds, 2500) with self.assertWarningList([PasslibHashWarning] * 2): c2 = cc.copy(sha256_crypt__min_rounds=500, sha256_crypt__max_rounds=None, sha256_crypt__default_rounds=500) self.assertEqual(c2.genconfig(salt='nacl'), '$5$rounds=1000$nacl$' + STUB) with self.assertWarningList([]): self.assertEqual(cc.genconfig(rounds=1999, salt='nacl'), '$5$rounds=1999$nacl$' + STUB) self.assertEqual(cc.genconfig(rounds=2000, salt='nacl'), '$5$rounds=2000$nacl$' + STUB) self.assertEqual(cc.genconfig(rounds=2001, salt='nacl'), '$5$rounds=2001$nacl$' + STUB) with self.assertWarningList([PasslibHashWarning] * 2): c2 = cc.copy(sha256_crypt__max_rounds=int(1000000000.0) + 500, sha256_crypt__min_rounds=None, sha256_crypt__default_rounds=int(1000000000.0) + 500) self.assertEqual(c2.genconfig(salt='nacl'), '$5$rounds=999999999$nacl$' + STUB) with self.assertWarningList([]): self.assertEqual(cc.genconfig(rounds=3001, salt='nacl'), '$5$rounds=3001$nacl$' + STUB) self.assertEqual(cc.genconfig(rounds=3000, salt='nacl'), '$5$rounds=3000$nacl$' + STUB) self.assertEqual(cc.genconfig(rounds=2999, salt='nacl'), '$5$rounds=2999$nacl$' + STUB) self.assertEqual(cc.genconfig(salt='nacl'), '$5$rounds=2500$nacl$' + STUB) df = hash.sha256_crypt.default_rounds c2 = cc.copy(sha256_crypt__default_rounds=None, sha256_crypt__max_rounds=df << 1) self.assertEqual(c2.genconfig(salt='nacl'), '$5$rounds=%d$nacl$%s' % (df, STUB)) c2 = cc.copy(sha256_crypt__default_rounds=None, sha256_crypt__max_rounds=3000) self.assertEqual(c2.genconfig(salt='nacl'), '$5$rounds=3000$nacl$' + STUB) self.assertRaises(ValueError, cc.copy, sha256_crypt__default_rounds=1999) cc.copy(sha256_crypt__default_rounds=2000) cc.copy(sha256_crypt__default_rounds=3000) self.assertRaises(ValueError, cc.copy, sha256_crypt__default_rounds=3001) c2 = CryptContext(schemes=['sha256_crypt']) self.assertRaises(ValueError, c2.copy, sha256_crypt__min_rounds=2000, sha256_crypt__max_rounds=1999) self.assertRaises(ValueError, CryptContext, sha256_crypt__min_rounds='x') self.assertRaises(ValueError, CryptContext, sha256_crypt__max_rounds='x') self.assertRaises(ValueError, CryptContext, all__vary_rounds='x') self.assertRaises(ValueError, CryptContext, sha256_crypt__default_rounds='x') bad = datetime.datetime.now() self.assertRaises(TypeError, CryptContext, 'sha256_crypt', sha256_crypt__min_rounds=bad) self.assertRaises(TypeError, CryptContext, 'sha256_crypt', sha256_crypt__max_rounds=bad) self.assertRaises(TypeError, CryptContext, 'sha256_crypt', all__vary_rounds=bad) self.assertRaises(TypeError, CryptContext, 'sha256_crypt', sha256_crypt__default_rounds=bad) return
def test_51_linear_vary_rounds(self): cc = CryptContext(schemes=['sha256_crypt'], sha256_crypt__min_rounds=1995, sha256_crypt__max_rounds=2005, sha256_crypt__default_rounds=2000) self.assertRaises(ValueError, cc.copy, all__vary_rounds=-1) self.assertRaises(ValueError, cc.copy, all__vary_rounds='-1%') self.assertRaises(ValueError, cc.copy, all__vary_rounds='101%') c2 = cc.copy(all__vary_rounds=0) self.assertEqual(c2._get_record('sha256_crypt', None).vary_rounds, 0) self.assert_rounds_range(c2, 'sha256_crypt', 2000, 2000) c2 = cc.copy(all__vary_rounds='0%') self.assertEqual(c2._get_record('sha256_crypt', None).vary_rounds, 0) self.assert_rounds_range(c2, 'sha256_crypt', 2000, 2000) c2 = cc.copy(all__vary_rounds=1) self.assertEqual(c2._get_record('sha256_crypt', None).vary_rounds, 1) self.assert_rounds_range(c2, 'sha256_crypt', 1999, 2001) c2 = cc.copy(all__vary_rounds=100) self.assertEqual(c2._get_record('sha256_crypt', None).vary_rounds, 100) self.assert_rounds_range(c2, 'sha256_crypt', 1995, 2005) c2 = cc.copy(all__vary_rounds='0.1%') self.assertEqual(c2._get_record('sha256_crypt', None).vary_rounds, 0.001) self.assert_rounds_range(c2, 'sha256_crypt', 1998, 2002) c2 = cc.copy(all__vary_rounds='100%') self.assertEqual(c2._get_record('sha256_crypt', None).vary_rounds, 1.0) self.assert_rounds_range(c2, 'sha256_crypt', 1995, 2005) return