def testGoodPassword(schema_id, password): enc = AuthEncoding.pw_encrypt(password, schema_id) assert enc != password assert AuthEncoding.pw_validate(enc, password) assert AuthEncoding.pw_validate(u(enc), password) assert AuthEncoding.is_encrypted(enc) assert not AuthEncoding.is_encrypted(password)
def testGoodPassword(schema_id, password): enc = AuthEncoding.pw_encrypt(password, schema_id) assert enc != password assert AuthEncoding.pw_validate(enc, password) assert AuthEncoding.pw_validate(u(enc), password) assert AuthEncoding.is_encrypted(enc) assert not AuthEncoding.is_encrypted(password)
def _pw_encrypt(self, password): """Returns the AuthEncoding encrypted password If 'password' is already encrypted, it is returned as is and not encrypted again. """ if AuthEncoding.is_encrypted(password): return password return AuthEncoding.pw_encrypt(password)
def authenticateCredentials(self, credentials): """ See IAuthenticationPlugin. o We expect the credentials to be those returned by ILoginPasswordExtractionPlugin. """ login = credentials.get('login') password = credentials.get('password') if login is None or password is None: return None # Do we have a link between login and userid? Do NOT fall # back to using the login as userid when there is no match, as # that gives a high chance of seeming to log in successfully, # but in reality failing. userid = self._login_to_userid.get(login) if userid is None: # Someone may be logging in with a userid instead of a # login name and the two are not the same. We could try # turning those around, but really we should just fail. # # userid = login # login = self._userid_to_login.get(userid) # if login is None: # return None return None reference = self._user_passwords.get(userid) if reference is None: return None if AuthEncoding.is_encrypted(reference): if AuthEncoding.pw_validate(reference, password): return userid, login # Support previous naive behavior if isinstance(password, six.text_type): password = password.encode('utf8') digested = sha(password).hexdigest() if reference == digested: return userid, login return None
def testIsEncryptedAcceptsTextAndBinary(): assert AuthEncoding.is_encrypted(b'{SHA}') assert AuthEncoding.is_encrypted(u'{SHA}') assert not AuthEncoding.is_encrypted(b'foo') assert not AuthEncoding.is_encrypted(u'foo')
def _isPasswordEncrypted(self, pw): return AuthEncoding.is_encrypted(pw)