def testSecurityCheckUnicode(self):
user = "******"
# TODO(hanuszczak): Test password with unicode characters as well. Currently
# this will not work because `CryptedPassword` is broken and does not work
# with unicode objects.
password = "******"
with aff4.FACTORY.Open("aff4:/users/%s" % user,
aff4_type=aff4_users.GRRUser,
mode="w",
token=self.token) as fd:
crypted_password = aff4_users.CryptedPassword()
crypted_password.SetPassword(password.encode("utf-8"))
fd.Set(fd.Schema.PASSWORD, crypted_password)
token = base64.b64encode(("%s:%s" % (user, password)).encode("utf-8"))
environ = werkzeug_test.EnvironBuilder(path="/foo",
headers={
"Authorization":
"Basic %s" % token,
}).get_environ()
request = wsgiapp.HttpRequest(environ)
def Handler(request, *args, **kwargs):
del args, kwargs # Unused.
self.assertEqual(request.user, user)
return werkzeug_wrappers.Response("foobar", status=200)
manager = webauth.BasicWebAuthManager()
response = manager.SecurityCheck(Handler, request)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.get_data(), "foobar")
def _SetupUser(self, user, password):
if data_store.AFF4Enabled():
with aff4.FACTORY.Open("aff4:/users/%s" % user,
aff4_type=aff4_users.GRRUser,
mode="w",
token=self.token) as fd:
crypted_password = aff4_users.CryptedPassword()
crypted_password.SetPassword(password.encode("utf-8"))
fd.Set(fd.Schema.PASSWORD, crypted_password)
else:
data_store.REL_DB.WriteGRRUser(user, password)
def testBackwardsCompatibility(self):
"""Old GRR installations used crypt based passwords.
Since crypt is not available on all platforms this has now been removed. We
still support it on those platforms which have crypt. Backwards support
means we can read and verify old crypt encoded passwords, but new passwords
are encoded with sha256.
"""
password = users.CryptedPassword()
# This is crypt.crypt("hello", "ax")
password._value = "axwHNtal/dlzU"
self.assertFalse(password.CheckPassword("goodbye"))
self.assertTrue(password.CheckPassword("hello"))
