def testBlankPassword(schema_id): pw = u'' enc = AuthEncoding.pw_encrypt(pw, schema_id) assert enc != pw assert AuthEncoding.pw_validate(enc, pw) assert not AuthEncoding.pw_validate(enc, enc) assert not AuthEncoding.pw_validate(enc, u'xxx')
def testBlankPassword(schema_id): pw = u'' enc = AuthEncoding.pw_encrypt(pw, schema_id) assert enc != pw assert AuthEncoding.pw_validate(enc, pw) assert not AuthEncoding.pw_validate(enc, enc) assert not AuthEncoding.pw_validate(enc, u'xxx')
def testGoodPassword(schema_id, password): enc = AuthEncoding.pw_encrypt(password, schema_id) assert enc != password assert AuthEncoding.pw_validate(enc, password) assert AuthEncoding.pw_validate(u(enc), password) assert AuthEncoding.is_encrypted(enc) assert not AuthEncoding.is_encrypted(password)
def testGoodPassword(schema_id, password): enc = AuthEncoding.pw_encrypt(password, schema_id) assert enc != password assert AuthEncoding.pw_validate(enc, password) assert AuthEncoding.pw_validate(u(enc), password) assert AuthEncoding.is_encrypted(enc) assert not AuthEncoding.is_encrypted(password)
def _pw_encrypt(self, password): """Returns the AuthEncoding encrypted password If 'password' is already encrypted, it is returned as is and not encrypted again. """ if AuthEncoding.is_encrypted(password): return password return AuthEncoding.pw_encrypt(password)
def authenticate(self, password, request): passwrd = self._getPassword() result = AuthEncoding.pw_validate(passwrd, password) domains = self.getDomains() if domains: return result and domainSpecMatch(domains, request) return result
def authenticateCredentials(self, credentials): """ See IAuthenticationPlugin. o We expect the credentials to be those returned by ILoginPasswordExtractionPlugin. """ login = credentials.get('login') password = credentials.get('password') if login is None or password is None: return None # Do we have a link between login and userid? Do NOT fall # back to using the login as userid when there is no match, as # that gives a high chance of seeming to log in successfully, # but in reality failing. userid = self._login_to_userid.get(login) if userid is None: # Someone may be logging in with a userid instead of a # login name and the two are not the same. We could try # turning those around, but really we should just fail. # # userid = login # login = self._userid_to_login.get(userid) # if login is None: # return None return None reference = self._user_passwords.get(userid) if reference is None: return None if AuthEncoding.is_encrypted(reference): if AuthEncoding.pw_validate(reference, password): return userid, login # Support previous naive behavior if isinstance(password, six.text_type): password = password.encode('utf8') digested = sha(password).hexdigest() if reference == digested: return userid, login return None
def testBadPassword(schema_id, password): enc = AuthEncoding.pw_encrypt(password, schema_id) assert enc != password assert not AuthEncoding.pw_validate(enc, u'xxx') assert not AuthEncoding.pw_validate(enc, b'xxx') assert not AuthEncoding.pw_validate(u(enc), u'xxx') assert not AuthEncoding.pw_validate(enc, enc) if schema_id != u'CRYPT': # crypt truncates passwords and would fail this test. assert not AuthEncoding.pw_validate(enc, password[:-1]) assert not AuthEncoding.pw_validate(enc, password[1:]) assert AuthEncoding.pw_validate(enc, password)
def testBadPassword(schema_id, password): enc = AuthEncoding.pw_encrypt(password, schema_id) assert enc != password assert not AuthEncoding.pw_validate(enc, u'xxx') assert not AuthEncoding.pw_validate(enc, b'xxx') assert not AuthEncoding.pw_validate(u(enc), u'xxx') assert not AuthEncoding.pw_validate(enc, enc) if schema_id != u'CRYPT': # crypt truncates passwords and would fail this test. assert not AuthEncoding.pw_validate(enc, password[:-1]) assert not AuthEncoding.pw_validate(enc, password[1:]) assert AuthEncoding.pw_validate(enc, password)
def testLongPassword(schema_id): pw = u'Pw' * 2000 enc = AuthEncoding.pw_encrypt(pw, schema_id) assert AuthEncoding.pw_validate(enc, pw) assert not AuthEncoding.pw_validate(enc, enc) assert not AuthEncoding.pw_validate(enc, u'xxx') if u'CRYPT' not in schema_id: # crypt and bcrypt truncates passwords and would fail these tests. assert not AuthEncoding.pw_validate(enc, pw[:-2]) assert not AuthEncoding.pw_validate(enc, pw[2:])
def testLongPassword(schema_id): pw = u'Pw' * 2000 enc = AuthEncoding.pw_encrypt(pw, schema_id) assert AuthEncoding.pw_validate(enc, pw) assert not AuthEncoding.pw_validate(enc, enc) assert not AuthEncoding.pw_validate(enc, u'xxx') if u'CRYPT' not in schema_id: # crypt and bcrypt truncates passwords and would fail these tests. assert not AuthEncoding.pw_validate(enc, pw[:-2]) assert not AuthEncoding.pw_validate(enc, pw[2:])
# FOR A PARTICULAR PURPOSE # ############################################################################## """Test of AuthEncoding """ from AuthEncoding import AuthEncoding from ..compat import b, u import pytest def testListSchemes(): assert len(AuthEncoding.listSchemes()) > 0 # At least one must exist! @pytest.mark.parametrize('schema_id', AuthEncoding.listSchemes()) @pytest.mark.parametrize('password', [u'good_pw', u'gööd_pw', b(u'gööd_pw')]) def testGoodPassword(schema_id, password): enc = AuthEncoding.pw_encrypt(password, schema_id) assert enc != password assert AuthEncoding.pw_validate(enc, password) assert AuthEncoding.pw_validate(u(enc), password) assert AuthEncoding.is_encrypted(enc) assert not AuthEncoding.is_encrypted(password) @pytest.mark.parametrize('schema_id', AuthEncoding.listSchemes()) @pytest.mark.parametrize( 'password', [u'OK_pa55w0rd \n', u'OK_pä55w0rd \n', b(u'OK_pä55w0rd \n')]) def testBadPassword(schema_id, password):
def testShortPassword(schema_id): pw = u'1' enc = AuthEncoding.pw_encrypt(pw, schema_id) assert AuthEncoding.pw_validate(enc, pw) assert not AuthEncoding.pw_validate(enc, enc) assert not AuthEncoding.pw_validate(enc, u'xxx')
def testListSchemes(): assert len(AuthEncoding.listSchemes()) > 0 # At least one must exist!
def testEncryptWithNotSupportedScheme(): with pytest.raises(ValueError) as err: AuthEncoding.pw_encrypt(u'asdf', 'MD1') assert 'Not supported: MD1' == str(err.value)
def testUnencryptedPassword(): # Sanity check pw = u'my-password' assert AuthEncoding.pw_validate(pw, pw) assert not AuthEncoding.pw_validate(pw, pw + u'asdf')
# FOR A PARTICULAR PURPOSE # ############################################################################## """Test of AuthEncoding """ from AuthEncoding import AuthEncoding from ..compat import b, u import pytest def testListSchemes(): assert len(AuthEncoding.listSchemes()) > 0 # At least one must exist! @pytest.mark.parametrize('schema_id', AuthEncoding.listSchemes()) @pytest.mark.parametrize('password', [u'good_pw', u'gööd_pw', b(u'gööd_pw')]) def testGoodPassword(schema_id, password): enc = AuthEncoding.pw_encrypt(password, schema_id) assert enc != password assert AuthEncoding.pw_validate(enc, password) assert AuthEncoding.pw_validate(u(enc), password) assert AuthEncoding.is_encrypted(enc) assert not AuthEncoding.is_encrypted(password) @pytest.mark.parametrize('schema_id', AuthEncoding.listSchemes()) @pytest.mark.parametrize( 'password', [u'OK_pa55w0rd \n', u'OK_pä55w0rd \n', b(u'OK_pä55w0rd \n')]) def testBadPassword(schema_id, password): enc = AuthEncoding.pw_encrypt(password, schema_id)
def testEncryptAcceptsTextAndBinaryEncodingNames(): assert (AuthEncoding.pw_encrypt(u'asdf', b'SHA') == AuthEncoding.pw_encrypt( u'asdf', u'SHA'))
def _encryptPassword(self, pw): return AuthEncoding.pw_encrypt(pw, 'SSHA')
def testEncryptWithNotSupportedScheme(): with pytest.raises(ValueError) as err: AuthEncoding.pw_encrypt(u'asdf', 'MD1') assert 'Not supported: MD1' == str(err.value)
def testIsEncryptedAcceptsTextAndBinary(): assert AuthEncoding.is_encrypted(b'{SHA}') assert AuthEncoding.is_encrypted(u'{SHA}') assert not AuthEncoding.is_encrypted(b'foo') assert not AuthEncoding.is_encrypted(u'foo')
def testListSchemes(): assert len(AuthEncoding.listSchemes()) > 0 # At least one must exist!
def testUnencryptedPassword(): # Sanity check pw = u'my-password' assert AuthEncoding.pw_validate(pw, pw) assert not AuthEncoding.pw_validate(pw, pw + u'asdf')
def testShortPassword(schema_id): pw = u'1' enc = AuthEncoding.pw_encrypt(pw, schema_id) assert AuthEncoding.pw_validate(enc, pw) assert not AuthEncoding.pw_validate(enc, enc) assert not AuthEncoding.pw_validate(enc, u'xxx')
def testEncryptAcceptsTextAndBinaryEncodingNames(): assert (AuthEncoding.pw_encrypt(u'asdf', b'SHA') == AuthEncoding.pw_encrypt(u'asdf', u'SHA'))
def _isPasswordEncrypted(self, pw): return AuthEncoding.is_encrypted(pw)