def test_set_inital_admin_twice(self):
# first create the user table
SetPasswordHandler.create_table(self.db_context)
admin_user = '******'
admin_pw = libcrypt_password('admin_password')
# setup the inital user and it's password
SetPasswordHandler.create_admin_user(self.db_context,
username=admin_user,
crypted_password=admin_pw)
admin_user = '******'
admin_pw = libcrypt_password('password_of_admin')
# setup the inital user and try to set it's password a second time
# - this will fail as the user could only be set once
SetPasswordHandler.create_admin_user(self.db_context,
username=admin_user,
crypted_password=admin_pw)
pw_handler = SetPasswordHandler(self.db_context)
msg = "old password missmatch!"
self.check_for_exeption(pw_handler,
'admin', 'password_of_admin', 'new_password',
Exception, message=msg)
pw_handler.set_password('admin', 'admin_password', 'new_password')
return
def test_set_inital_admin_twice(self):
# first create the user table
SetPasswordHandler.create_table(self.db_context)
admin_user = '******'
admin_pw = libcrypt_password('admin_password')
# setup the inital user and it's password
SetPasswordHandler.create_admin_user(self.db_context,
username=admin_user,
crypted_password=admin_pw)
admin_user = '******'
admin_pw = libcrypt_password('password_of_admin')
# setup the inital user and try to set it's password a second time
# - this will fail as the user could only be set once
SetPasswordHandler.create_admin_user(self.db_context,
username=admin_user,
crypted_password=admin_pw)
pw_handler = SetPasswordHandler(self.db_context)
msg = "old password missmatch!"
self.check_for_exeption(pw_handler,
'admin', 'password_of_admin', 'new_password',
Exception, message=msg)
pw_handler.set_password('admin', 'admin_password', 'new_password')
return
def set_password(self, username, old_password, new_password):
"""
set the password, which requires the old_password for authorisation
:param username: the admin username
:param old_password: use the old password for authorisation
:param new_password: the new password
:return: - nothing -
"""
session = self.db_context.get_session()
try:
try:
admin_user = session.query(self.AdminUser).filter(
self.AdminUser.username == username).one()
except NoResultFound:
log.error("no user %r found!", username)
raise Exception("no user %r found!" % username)
except MultipleResultsFound:
log.error("multiple users %r found!", username)
raise Exception("multiple users %r found!" % username)
crypted_password = admin_user.password
if libcrypt_password(old_password,
crypted_password) != crypted_password:
raise Exception("old password missmatch!")
admin_user.password = libcrypt_password(new_password)
session.add(admin_user)
session.commit()
except Exception as exx:
log.exception(exx)
session.rollback()
raise exx
finally:
session.close()
def set_password(self, username, old_password, new_password):
"""
set the password, which requires the old_password for authorisation
:param username: the admin username
:param old_password: use the old password for authorisation
:param new_password: the new password
:return: - nothing -
"""
session = self.db_context.get_session()
try:
try:
admin_user = session.query(self.AdminUser).filter(
self.AdminUser.username == username).one()
except NoResultFound:
log.error("no user %r found!", username)
raise Exception("no user %r found!" % username)
except MultipleResultsFound:
log.error("multiple users %r found!", username)
raise Exception("multiple users %r found!" % username)
crypted_password = admin_user.password
if libcrypt_password(
old_password, crypted_password) != crypted_password:
raise Exception("old password missmatch!")
admin_user.password = libcrypt_password(new_password)
session.add(admin_user)
session.commit()
except Exception as exx:
log.exception(exx)
session.rollback()
raise exx
finally:
session.close()
def setOtpKey(self, otpKey, reset_failcount=True):
"""
the seed / secret for the password token contains the unix hashed
(hmac256) format of the password. the iv is used as indicator that
we are using the new format, which is the ':1:' indicator
:param otpKey: the token seed / secret
:param reset_failcount: boolean, if the failcounter should be reseted
"""
password_hash = libcrypt_password(otpKey.encode('utf-8'))
self.token.set_encrypted_seed(password_hash, ":1:",
reset_failcount=reset_failcount)
def create_admin_user(self):
"""
for testing we require the admin user to exist
"""
sqlconnect = self.appconf.get('sqlalchemy.url')
engine = create_engine(sqlconnect)
db_context = DataBaseContext(engine.url)
SetPasswordHandler.create_table(db_context)
SetPasswordHandler.create_admin_user(
db_context,
username='******',
crypted_password=libcrypt_password('nimda'))
def create_admin_user(self):
"""
for testing we require the admin user to exist
"""
sqlconnect = self.appconf.get('sqlalchemy.url')
engine = create_engine(sqlconnect)
db_context = DataBaseContext(engine.url)
SetPasswordHandler.create_table(db_context)
SetPasswordHandler.create_admin_user(
db_context,
username='******',
crypted_password=libcrypt_password('nimda'))
def test_compare_password(self):
"""
test the new compare passwords - used in the pw and lost token
"""
# init the SecretObject
sec_obj = SecretObj(val=libcrypt_password('password'), iv=':1:')
# run the comparison tests - positive test
res = sec_obj.compare_password('password')
self.assertTrue(res)
# negative test
res = sec_obj.compare_password('Password')
self.assertFalse(res)
return
def test_compare_password(self):
"""
test the new compare passwords - used in the pw and lost token
"""
# init the SecretObject
sec_obj = SecretObj(val=libcrypt_password('password'), iv=':1:')
# run the comparison tests - positive test
res = sec_obj.compare_password('password')
self.assertTrue(res)
# negative test
res = sec_obj.compare_password('Password')
self.assertFalse(res)
return
def test_set_password(self):
# first create the user table
SetPasswordHandler.create_table(self.db_context)
admin_user = '******'
admin_pw = libcrypt_password('admin_password')
# setup the inital user and it's password
SetPasswordHandler.create_admin_user(self.db_context,
username=admin_user,
crypted_password=admin_pw)
# run a valid change of the admin password
pw_handler = SetPasswordHandler(self.db_context)
pw_handler.set_password(admin_user, 'admin_password', 'new_password')
# test for non existing user
msg = "no user 'username' found!"
self.check_for_exeption(pw_handler,
'username',
'old_password',
'new_password',
Exception,
message=msg)
# test for old password mismatch
msg = "old password missmatch!"
self.check_for_exeption(pw_handler,
'admin',
'old_password',
'new_password',
Exception,
message=msg)
# test for invalid new password using different data types
msg = "must be string, not None"
self.check_for_exeption(pw_handler,
'admin',
'new_password',
None,
Exception,
message=msg)
msg = "must be string, not int"
self.check_for_exeption(pw_handler,
'admin',
'new_password',
123456,
Exception,
message=msg)
msg = "must be string, not float"
self.check_for_exeption(pw_handler,
'admin',
'new_password',
1234.56,
Exception,
message=msg)
msg = "must be string, not DataBaseContext"
self.check_for_exeption(pw_handler,
'admin',
'new_password',
self.db_context,
Exception,
message=msg)
# make sure that the password did not change in between and the
# password could be set correctly
pw_handler.set_password(admin_user, 'new_password', 'admin_password')
return
def creat_password_hash(self, plain_password):
"""
create a password hash entry from a given plaintext password
"""
self.password = libcrypt_password(plain_password)
self._pw_gen = True
def test_set_password(self):
# first create the user table
SetPasswordHandler.create_table(self.db_context)
admin_user = '******'
admin_pw = libcrypt_password('admin_password')
# setup the inital user and it's password
SetPasswordHandler.create_admin_user(self.db_context,
username=admin_user,
crypted_password=admin_pw)
# run a valid change of the admin password
pw_handler = SetPasswordHandler(self.db_context)
pw_handler.set_password(admin_user,
'admin_password',
'new_password')
# test for non existing user
msg = "no user 'username' found!"
self.check_for_exeption(pw_handler,
'username', 'old_password', 'new_password',
Exception, message=msg)
# test for old password mismatch
msg = "old password missmatch!"
self.check_for_exeption(pw_handler,
'admin', 'old_password', 'new_password',
Exception, message=msg)
# test for invalid new password using different data types
msg = "must be string, not None"
self.check_for_exeption(pw_handler,
'admin', 'new_password', None,
Exception, message=msg)
msg = "must be string, not int"
self.check_for_exeption(pw_handler,
'admin', 'new_password', 123456,
Exception, message=msg)
msg = "must be string, not float"
self.check_for_exeption(pw_handler,
'admin', 'new_password', 1234.56,
Exception, message=msg)
msg = "must be string, not DataBaseContext"
self.check_for_exeption(pw_handler,
'admin', 'new_password', self.db_context,
Exception, message=msg)
# make sure that the password did not change in between and the
# password could be set correctly
pw_handler.set_password(admin_user,
'new_password',
'admin_password')
return
def creat_password_hash(self, plain_password):
"""
create a password hash entry from a given plaintext password
"""
self.password = libcrypt_password(plain_password)
self._pw_gen = True
