Esempio n. 1
0
def test_all_default_phrase_checks(bad_phrase_password_strings):
    """
    """
    cereconf.PASSWORD_CHECKS = {
        'phrase': (
            ('length', {'min_length': 12, 'max_length': None}),
            ('num_words', {'min_words': 4, 'min_word_length': 2}),
            ('avg_word_length', {'avg_length': 4})
        )}
    with pytest.raises(PhrasePasswordNotGoodEnough):
        check_password.cereconf = cereconf
        check_password(bad_phrase_password_strings)
Esempio n. 2
0
def test_all_default_rigid_checks(bad_rigid_password_strings):
    """
    """
    cereconf.PASSWORD_CHECKS = {
        'rigid': (
            ('length', {'min_length': 10}),
            ('ascii_characters_only', {}),
            ('space_or_null', {}),
            ('simple_character_groups', {'min_groups': 3}),
            ('repeated_pattern', {}),
            ('character_sequence', {'char_seq_length': 3}),
        )}
    with pytest.raises(RigidPasswordNotGoodEnough):
        check_password.cereconf = cereconf  # ugly hack
        check_password(bad_rigid_password_strings)
Esempio n. 3
0
 def post(self, name):
     """Check if a password is valid according to rules."""
     ac = find_account(name)
     args = password_parser.parse_args()
     password = args['password']
     assert isinstance(password, text_type)
     return check_password(password, account=ac, structured=True)
Esempio n. 4
0
 def post(self, name):
     """Check if a password is valid according to rules."""
     ac = find_account(name)
     data = request.get_json()
     password = data.get('password', None)
     assert isinstance(password, text_type)
     return check_password(password, account=ac, structured=True)
Esempio n. 5
0
def test_all_default_phrase_checks(bad_phrase_password_strings):
    """
    """
    cereconf.PASSWORD_CHECKS = {
        'phrase': (('length', {
            'min_length': 12,
            'max_length': None
        }), ('num_words', {
            'min_words': 4,
            'min_word_length': 2
        }), ('avg_word_length', {
            'avg_length': 4
        }))
    }
    with pytest.raises(PhrasePasswordNotGoodEnough):
        check_password.cereconf = cereconf
        check_password(bad_phrase_password_strings)
Esempio n. 6
0
 def set_password(self, uname, new_password, token, browser_token):
     if not self.check_token(uname, token, browser_token):
         return False
     account = self.get_account(uname)
     try:
         check_password(new_password, account)
     except PasswordNotGoodEnough as e:
         m = str(e).decode('utf-8')
         raise Errors.CerebrumRPCException('password_invalid', m)
     # All data is good. Set password
     account.set_password(new_password)
     try:
         account.write_db()
         account._db.commit()
         log.info("Password for %s altered." % uname)
     except self.db.DatabaseError, m:
         log.error("Error when setting password for %s: %s" % (uname, m))
         raise Errors.CerebrumRPCException('error_unknown')
Esempio n. 7
0
 def set_password(self, uname, new_password, token, browser_token):
     if not self.check_token(uname, token, browser_token):
         return False
     account = self.get_account(uname)
     try:
         check_password(new_password, account)
     except PasswordNotGoodEnough as e:
         m = str(e).decode('utf-8')
         raise Errors.CerebrumRPCException('password_invalid', m)
     # All data is good. Set password
     account.set_password(new_password)
     try:
         account.write_db()
         account._db.commit()
         log.info("Password for %s altered." % uname)
     except self.db.DatabaseError, m:
         log.error("Error when setting password for %s: %s" % (uname, m))
         raise Errors.CerebrumRPCException('error_unknown')
Esempio n. 8
0
 def post(self, name):
     """Change the password for this account."""
     ac = find_account(name)
     data = request.get_json()
     password = data.get('password', None)
     if password is None:
         password = ac.make_passwd(ac.account_name)
     assert isinstance(password, text_type)
     try:
         check_password(password, account=ac, structured=False)
     except PasswordNotGoodEnough as e:
         abort(400, 'Bad password: {}'.format(e))
     ac.set_password(password)
     # Remove "weak password" quarantine
     for q in (db.const.quarantine_autopassord,
               db.const.quarantine_svakt_passord):
         ac.delete_entity_quarantine(q)
     ac.write_db()
     return {'password': password}
Esempio n. 9
0
 def post(self, name):
     """Change the password for this account."""
     ac = find_account(name)
     data = self.new_password_parser.parse_args()
     password = data.get('password', None)
     if password is None:
         password = ac.make_passwd(ac.account_name)
     assert isinstance(password, text_type)
     try:
         check_password(password, account=ac, structured=False)
     except PasswordNotGoodEnough as e:
         abort(400, 'Bad password: {}'.format(e))
     ac.set_password(password)
     # Remove "weak password" quarantine
     for q in (db.const.quarantine_autopassord,
               db.const.quarantine_svakt_passord):
         ac.delete_entity_quarantine(q)
     ac.write_db()
     return {'password': password}
Esempio n. 10
0
 def post(self, id):
     """Change the password for this account."""
     ac = find_account(id)
     data = request.json
     plaintext = data.get('password', None)
     if plaintext is None:
         plaintext = ac.make_passwd(ac.account_name)
     try:
         check_password(plaintext, account=ac, structured=False)
     except PasswordNotGoodEnough as err:
         abort(400, 'Bad password: {}'.format(err))
     if isinstance(plaintext, unicode):
         try:
             plaintext = plaintext.encode('ISO-8859-1')
         except UnicodeEncodeError:
             abort(400, 'Bad password: Contains illegal characters')
     ac.set_password(plaintext)
     ac.write_db()
     return {'password': plaintext}
Esempio n. 11
0
 def post(self, id):
     """Check if a password is valid according to rules."""
     ac = find_account(id)
     data = request.json
     plaintext = data.get('password', None)
     if plaintext is None:
         abort(400, 'No password specified')
     if isinstance(plaintext, unicode):
         try:
             plaintext = plaintext.encode('ISO-8859-1')
         except UnicodeEncodeError:
             abort(400, 'Bad password: Contains illegal characters')
     return check_password(plaintext, account=ac, structured=True)
Esempio n. 12
0
def test_all_default_rigid_checks(bad_rigid_password_strings):
    """
    """
    cereconf.PASSWORD_CHECKS = {
        'rigid': (
            ('length', {
                'min_length': 10
            }),
            ('ascii_characters_only', {}),
            ('space_or_null', {}),
            ('simple_character_groups', {
                'min_groups': 3
            }),
            ('repeated_pattern', {}),
            ('character_sequence', {
                'char_seq_length': 3
            }),
        )
    }
    with pytest.raises(RigidPasswordNotGoodEnough):
        check_password.cereconf = cereconf  # ugly hack
        check_password(bad_rigid_password_strings)
Esempio n. 13
0
 def misc_check_password(self, operator, password):
     ac = self.Account_class(self.db)
     try:
         check_password(password, ac, structured=False)
     except RigidPasswordNotGoodEnough as e:
         raise CerebrumError('Bad password: {err_msg}'.format(
             err_msg=str(e).decode('utf-8').encode('latin-1')))
     except PhrasePasswordNotGoodEnough as e:
         raise CerebrumError('Bad passphrase: {err_msg}'.format(
             err_msg=str(e).decode('utf-8').encode('latin-1')))
     except PasswordNotGoodEnough as e:
         raise CerebrumError('Bad password: {err_msg}'.format(err_msg=e))
     crypt = ac.encrypt_password(
         self.const.Authentication("crypt3-DES"), password)
     md5 = ac.encrypt_password(
         self.const.Authentication("MD5-crypt"), password)
     sha256 = ac.encrypt_password(
         self.const.auth_type_sha256_crypt, password)
     sha512 = ac.encrypt_password(
         self.const.auth_type_sha512_crypt, password)
     return ("OK.\n  crypt3-DES:   %s\n  MD5-crypt:    %s\n"
             "  SHA256-crypt: %s\n  SHA512-crypt: %s") % (
                 crypt, md5, sha256, sha512)
Esempio n. 14
0
 def misc_check_password(self, operator, password):
     ac = self.Account_class(self.db)
     try:
         check_password(password, ac, structured=False)
     except RigidPasswordNotGoodEnough as e:
         raise CerebrumError('Bad password: {err_msg}'.format(
             err_msg=str(e).decode('utf-8').encode('latin-1')))
     except PhrasePasswordNotGoodEnough as e:
         raise CerebrumError('Bad passphrase: {err_msg}'.format(
             err_msg=str(e).decode('utf-8').encode('latin-1')))
     except PasswordNotGoodEnough as e:
         raise CerebrumError('Bad password: {err_msg}'.format(err_msg=e))
     crypt = ac.encrypt_password(self.const.Authentication("crypt3-DES"),
                                 password)
     md5 = ac.encrypt_password(self.const.Authentication("MD5-crypt"),
                               password)
     sha256 = ac.encrypt_password(self.const.auth_type_sha256_crypt,
                                  password)
     sha512 = ac.encrypt_password(self.const.auth_type_sha512_crypt,
                                  password)
     return ("OK.\n  crypt3-DES:   %s\n  MD5-crypt:    %s\n"
             "  SHA256-crypt: %s\n  SHA512-crypt: %s") % (crypt, md5,
                                                          sha256, sha512)
Esempio n. 15
0
 def set_password(self, uname, new_password, token, browser_token):
     if not self.check_token(uname, token, browser_token):
         return False
     account = self.get_account(uname)
     try:
         check_password(new_password, account)
     except PasswordNotGoodEnough as e:
         m = text_type(e)
         raise Errors.CerebrumRPCException('password_invalid', m)
     # All data is good. Set password
     account.set_password(new_password)
     try:
         account.write_db()
         account._db.commit()
         logger.info("Password for %r altered", uname)
     except self.db.DatabaseError as m:
         logger.error("Error when setting password for %r: %s", uname, m)
         raise Errors.CerebrumRPCException('error_unknown')
     # Remove "weak password" quarantine
     for r in account.get_entity_quarantine():
         for qua in (self.co.quarantine_autopassord,
                     self.co.quarantine_svakt_passord):
             if int(r['quarantine_type']) == qua:
                 account.delete_entity_quarantine(qua)
                 account.write_db()
                 account._db.commit()
     # TODO: move these checks up and raise exceptions? Wouldn't happen,
     # since generate_token() checks this already, but might get other
     # authentication methods later.
     if account.is_deleted():
         logger.warning("user %r is deleted", uname)
     elif account.is_expired():
         logger.warning("user %r is expired", uname)
     elif QuarantineHandler.check_entity_quarantines(
             self.db, account.entity_id).is_locked():
         logger.info("user %r has an active quarantine", uname)
     return True
Esempio n. 16
0
 def set_password(self, uname, new_password, token, browser_token):
     if not self.check_token(uname, token, browser_token):
         return False
     account = self.get_account(uname)
     try:
         check_password(new_password, account)
     except PasswordNotGoodEnough as e:
         m = text_type(e)
         raise Errors.CerebrumRPCException('password_invalid', m)
     # All data is good. Set password
     account.set_password(new_password)
     try:
         account.write_db()
         account._db.commit()
         logger.info("Password for %r altered", uname)
     except self.db.DatabaseError as m:
         logger.error("Error when setting password for %r: %s", uname, m)
         raise Errors.CerebrumRPCException('error_unknown')
     # Remove "weak password" quarantine
     for r in account.get_entity_quarantine():
         for qua in (self.co.quarantine_autopassord,
                     self.co.quarantine_svakt_passord):
             if int(r['quarantine_type']) == qua:
                 account.delete_entity_quarantine(qua)
                 account.write_db()
                 account._db.commit()
     # TODO: move these checks up and raise exceptions? Wouldn't happen,
     # since generate_token() checks this already, but might get other
     # authentication methods later.
     if account.is_deleted():
         logger.warning("user %r is deleted", uname)
     elif account.is_expired():
         logger.warning("user %r is expired", uname)
     elif QuarantineHandler.check_entity_quarantines(
             self.db, account.entity_id).is_locked():
         logger.info("user %r has an active quarantine", uname)
     return True
Esempio n. 17
0
    def validate_password(self, password, account_name, structured):
        """
        Validate any password

        :param password: the password to be validated
        :type password: string
        :param account_name: the account name to be used or ''
        :type account_name: string
        :param structured: whether to ask for a strctured (json) output
        :type structured: bool
        """
        account = None
        if account_name:
            try:
                account = Factory.get('Account')(self.db)
                account.find_by_name(account_name)
            except Errors.NotFoundError:
                raise Errors.CerebrumRPCException('unknown_error')
        try:
            result = check_password(password, account, structured)
            # exceptions are obsolete and used only for backward
            # compatibility here (f.i. old brukerinfo clients)
        except PhrasePasswordNotGoodEnough as e:
            # assume that structured is False
            m = text_type(e)
            # separate exception for phrases on the client??
            # no point of having separate except block otherwise
            raise Errors.CerebrumRPCException('password_invalid', m)
        except PasswordNotGoodEnough as e:
            # assume that structured is False
            m = text_type(e)
            raise Errors.CerebrumRPCException('password_invalid', m)
        else:
            if structured:
                # success or error data sent to the caller
                return json.dumps(result, indent=4)
            else:
                # no PasswordNotGoodEnough exception thrown
                return 'OK'
Esempio n. 18
0
    def validate_password(self, password, account_name, structured):
        """
        Validate any password

        :param password: the password to be validated
        :type password: str
        :param account_name: the account name to be used or ''
        :type account_name: str
        :param structured: whether to ask for a strctured (json) output
        :type structured: bool
        """
        account = None
        if account_name:
            try:
                account = Factory.get('Account')(self.db)
                account.find_by_name(account_name)
            except Errors.NotFoundError:
                raise Errors.CerebrumRPCException('unknown_error')
        try:
            result = check_password(password, account, structured)
            # exceptions are obsolete and used only for backward
            # compatibility here (f.i. old brukerinfo clients)
        except PhrasePasswordNotGoodEnough as e:
            # assume that structured is False
            m = str(e).decode('utf-8')
            # separate exception for phrases on the client??
            # no point of having separate except block otherwise
            raise Errors.CerebrumRPCException('password_invalid', m)
        except PasswordNotGoodEnough as e:
            # assume that structured is False
            m = str(e).decode('utf-8')
            raise Errors.CerebrumRPCException('password_invalid', m)
        else:
            if structured:
                # success or error data sent to the caller
                return json.dumps(result, indent=4)
            else:
                # no PasswordNotGoodEnough exception thrown
                return 'OK'
Esempio n. 19
0
def test_all_default_phrase_checks(cereconf_phrase,
                                   bad_phrase_password_strings):
    """
    """
    with pytest.raises(checker.PhrasePasswordNotGoodEnough):
        checker.check_password(bad_phrase_password_strings)
Esempio n. 20
0
def test_all_default_rigid_checks(cereconf_rigid, bad_rigid_password_strings):
    """
    """
    with pytest.raises(checker.RigidPasswordNotGoodEnough):
        checker.check_password(bad_rigid_password_strings)