def generate_link(request, user): xom = request.registry['xom'] serializer = itsdangerous.URLSafeTimedSerializer(xom.config.secret) result = {'hash_type': 'sha256', 'salt': newsalt(), 'username': user.name} result['token'] = generate_token(result, get_pwhash(user)) value = serializer.dumps(result) return request.route_url('passwd_reset', token=value)
def test_hash_migration(): secret = "hello" salt = newsalt() hash = getpwhash(secret, salt) (valid, newhash) = verify_and_update_password_hash(secret, hash, salt=salt) assert valid assert newhash != hash assert newhash.startswith('$argon2')
def generate_link(request, user): xom = request.registry['xom'] serializer = itsdangerous.URLSafeTimedSerializer(xom.config.secret) result = { 'hash_type': 'sha256', 'salt': newsalt(), 'username': user.name} result['token'] = generate_token(result, get_pwhash(user)) value = serializer.dumps(result) return request.route_url('passwd_reset', token=value)
def test_server_passwd_with_old_salt_hash(self, model, monkeypatch): from devpi_server.auth import newsalt, getpwhash secret = "hello" new_secret = "123" salt = newsalt() hash = getpwhash(secret, salt) user = model.get_user("root") with user.key.update() as userconfig: userconfig['pwsalt'] = salt userconfig['pwhash'] = hash userconfig = user.get(credentials=True) assert userconfig['pwsalt'] is not None assert userconfig['pwhash'] is not None monkeypatch.setattr(py.std.getpass, "getpass", lambda x: new_secret) run_passwd(model, "root") assert model.get_user("root").validate(new_secret)
def test_migrate_hash(self, caplog, model): from devpi_server.auth import newsalt, getpwhash user = model.create_user("user", "password", email="*****@*****.**") userconfig = user.get(credentials=True) assert 'pwsalt' not in userconfig assert 'pwhash' in userconfig salt = newsalt() hash = getpwhash("password", salt) user.modify(pwsalt=salt, pwhash=hash) userconfig = user.get(credentials=True) assert userconfig['pwsalt'] == salt assert userconfig['pwhash'] == hash # now validate and check for migration recs = caplog.getrecords(".*modified user .*") assert len(recs) == 1 assert "pwsalt=*******" in recs[0].getMessage() assert user.validate("password") recs = caplog.getrecords(".*modified user .*") assert len(recs) == 2 assert "pwsalt=None" in recs[1].getMessage() userconfig = user.get(credentials=True) assert 'pwsalt' not in userconfig assert userconfig['pwhash'].startswith("$argon2")
def test_newsalt(): assert newsalt() != newsalt()