def get_hasher(algorithm="default"): "passlib replacement for get_hasher()" if algorithm == "default": scheme = None else: scheme = hasher_to_passlib_name(algorithm) handler = password_context.handler(scheme) return get_passlib_hasher(handler)
def make_password(password, salt=None, hasher="default"): "passlib replacement for make_password()" if not is_valid_secret(password): return UNUSABLE_PASSWORD kwds = {} if salt is not None: kwds['salt'] = salt if hasher != "default": kwds['scheme'] = hasher_to_passlib_name(hasher) return password_context.encrypt(password, **kwds)
def get_hasher(algorithm="default"): """passlib replacement for get_hasher()""" if algorithm == "default": scheme = None else: scheme = hasher_to_passlib_name(algorithm) # NOTE: resolving scheme -> handler instead of # passing scheme into get_passlib_hasher(), # in case context contains custom handler # shadowing name of a builtin handler. handler = password_context.handler(scheme) return get_passlib_hasher(handler, algorithm=algorithm)
def make_password(password, salt=None, hasher="default"): """passlib replacement for make_password()""" if not is_valid_secret(password): return make_unusable_password() if hasher == "default": scheme = None else: scheme = hasher_to_passlib_name(hasher) kwds = dict(scheme=scheme) handler = password_context.handler(scheme) # NOTE: django make specify an empty string for the salt, # even if scheme doesn't accept a salt. we omit keyword # in that case. if salt is not None and (salt or "salt" in handler.setting_kwds): kwds["salt"] = salt return password_context.encrypt(password, **kwds)
def make_password(password, salt=None, hasher="default"): """passlib replacement for make_password()""" if not is_valid_secret(password): return make_unusable_password() if hasher == "default": scheme = None else: scheme = hasher_to_passlib_name(hasher) kwds = dict(scheme=scheme) handler = password_context.handler(scheme) # NOTE: django make specify an empty string for the salt, # even if scheme doesn't accept a salt. we omit keyword # in that case. if salt is not None and (salt or 'salt' in handler.setting_kwds): kwds['salt'] = salt return password_context.encrypt(password, **kwds)
def make_password(password, salt=None, hasher="default"): """passlib replacement for make_password()""" if not is_valid_secret(password): return make_unusable_password() if hasher == "default": scheme = None else: scheme = hasher_to_passlib_name(hasher) kwds = dict(scheme=scheme) handler = password_context.handler(scheme) if "salt" in handler.setting_kwds: if hasher.startswith("unsalted_"): # Django 1.4.6+ uses a separate 'unsalted_sha1' hasher for "sha1$$digest", # but passlib just reuses it's "sha1" handler ("sha1$salt$digest"). To make # this work, have to explicitly tell the sha1 handler to use an empty salt. kwds['salt'] = '' elif salt: # Django make_password() autogenerates a salt if salt is bool False (None / ''), # so we only pass the keyword on if there's actually a fixed salt. kwds['salt'] = salt return password_context.encrypt(password, **kwds)
def test_config(self): """test hashing interface this function is run against both the actual django code, to verify the assumptions of the unittests are correct; and run against the passlib extension, to verify it matches those assumptions. """ patched, config = self.patched, self.config # this tests the following methods: # User.set_password() # User.check_password() # make_password() -- 1.4 only # check_password() # identify_hasher() # User.has_usable_password() # User.set_unusable_password() # XXX: this take a while to run. what could be trimmed? # TODO: get_hasher() #======================================================= # setup helpers & imports #======================================================= ctx = self.context setter = create_mock_setter() PASS1 = "toomanysecrets" WRONG1 = "letmein" has_identify_hasher = False from passlib.ext.django.utils import hasher_to_passlib_name, passlib_to_hasher_name from django.contrib.auth.hashers import check_password, make_password, is_password_usable if patched or DJANGO_VERSION >= (1,5): # identify_hasher() # django 1.4 -- not present # django 1.5 -- present (added in django ticket 18184) # passlib integration -- present even under 1.4 from django.contrib.auth.hashers import identify_hasher has_identify_hasher = True #======================================================= # make sure extension is configured correctly #======================================================= if patched: # contexts should match from passlib.ext.django.models import password_context self.assertEqual(password_context.to_dict(resolve=True), ctx.to_dict(resolve=True)) # should have patched both places from django.contrib.auth.models import check_password as check_password2 self.assertIs(check_password2, check_password) #======================================================= # default algorithm #======================================================= # User.set_password() should use default alg user = FakeUser() user.set_password(PASS1) self.assertTrue(ctx.handler().verify(PASS1, user.password)) self.assert_valid_password(user) # User.check_password() - n/a # make_password() should use default alg hash = make_password(PASS1) self.assertTrue(ctx.handler().verify(PASS1, hash)) # check_password() - n/a #======================================================= # empty password behavior #======================================================= if DJANGO_VERSION < (1,6): # NOTE: django 1.4-1.5 treat empty password as invalid # User.set_password() should set unusable flag user = FakeUser() user.set_password('') self.assert_unusable_password(user) # User.check_password() should never return True user = FakeUser() user.password = hash = ctx.encrypt("") self.assertFalse(user.check_password("")) self.assert_valid_password(user, hash) # make_password() should reject empty passwords self.assertEqual(make_password(""), "!") # check_password() should never return True self.assertFalse(check_password("", hash)) else: # User.set_password() should use default alg user = FakeUser() user.set_password('') hash = user.password self.assertTrue(ctx.handler().verify('', hash)) self.assert_valid_password(user, hash) # User.check_password() should return True self.assertTrue(user.check_password("")) self.assert_valid_password(user, hash) # no make_password() # check_password() should return True self.assertTrue(check_password("", hash)) #======================================================= # 'unusable flag' behavior #======================================================= # sanity check via user.set_unusable_password() user = FakeUser() user.set_unusable_password() self.assert_unusable_password(user) # ensure User.set_password() sets unusable flag user = FakeUser() user.set_password(None) self.assert_unusable_password(user) # User.check_password() should always fail self.assertFalse(user.check_password(None)) self.assertFalse(user.check_password('None')) self.assertFalse(user.check_password('')) self.assertFalse(user.check_password(PASS1)) self.assertFalse(user.check_password(WRONG1)) self.assert_unusable_password(user) # make_password() should also set flag if DJANGO_VERSION >= (1,6): self.assertTrue(make_password(None).startswith("!")) else: self.assertEqual(make_password(None), "!") # check_password() should return False (didn't handle disabled under 1.3) self.assertFalse(check_password(PASS1, '!')) # identify_hasher() and is_password_usable() should reject it self.assertFalse(is_password_usable(user.password)) if has_identify_hasher: self.assertRaises(ValueError, identify_hasher, user.password) #======================================================= # hash=None #======================================================= # User.set_password() - n/a # User.check_password() - returns False user = FakeUser() user.password = None self.assertFalse(user.check_password(PASS1)) self.assertFalse(user.has_usable_password()) # make_password() - n/a # check_password() - error self.assertFalse(check_password(PASS1, None)) # identify_hasher() - error if has_identify_hasher: self.assertRaises(TypeError, identify_hasher, None) #======================================================= # empty & invalid hash values # NOTE: django 1.5 behavior change due to django ticket 18453 # NOTE: passlib integration tries to match current django version #======================================================= for hash in ("", # empty hash "$789$foo", # empty identifier ): # User.set_password() - n/a # User.check_password() # empty # ----- # django 1.4 -- blank threw error (fixed in 1.5) # django 1.5 -- blank hash returns False # # invalid # ------- # django 1.4 -- invalid hash threw error (fixed in 1.5) # django 1.5 -- invalid hash returns False user = FakeUser() user.password = hash if DJANGO_VERSION >= (1,5): # returns False for hash self.assertFalse(user.check_password(PASS1)) else: # throws error for hash self.assertRaises(ValueError, user.check_password, PASS1) # verify hash wasn't changed/upgraded during check_password() call self.assertEqual(user.password, hash) self.assertEqual(user.pop_saved_passwords(), []) # User.has_usable_password() # django 1.4 -- invalid/empty usable (fixed in 1.5) # django 1.5 -- invalid/empty no longer usable if DJANGO_VERSION < (1,5): self.assertTrue(user.has_usable_password()) else: self.assertFalse(user.has_usable_password()) # make_password() - n/a # check_password() # django 1.4 -- invalid/empty hash threw error (fixed in 1.5) # django 1.5 -- invalid/empty hash now returns False if DJANGO_VERSION < (1,5): self.assertRaises(ValueError, check_password, PASS1, hash) else: self.assertFalse(check_password(PASS1, hash)) # identify_hasher() - throws error if has_identify_hasher: self.assertRaises(ValueError, identify_hasher, hash) #======================================================= # run through all the schemes in the context, # testing various bits of per-scheme behavior. #======================================================= for scheme in ctx.schemes(): #------------------------------------------------------- # setup constants & imports, pick a sample secret/hash combo #------------------------------------------------------- handler = ctx.handler(scheme) deprecated = ctx._is_deprecated_scheme(scheme) assert not deprecated or scheme != ctx.default_scheme() try: testcase = get_handler_case(scheme) except exc.MissingBackendError: assert scheme == "bcrypt" continue assert testcase.handler is handler if testcase.is_disabled_handler: continue if not has_active_backend(handler): # TODO: move this above get_handler_case(), # and omit MissingBackendError check. assert scheme in ["django_bcrypt", "django_bcrypt_sha256"], "%r scheme should always have active backend" % scheme continue try: secret, hash = sample_hashes[scheme] except KeyError: while True: secret, hash = testcase('setUp').get_sample_hash() if secret: # don't select blank passwords, especially under django 1.4/1.5 break other = 'dontletmein' # User.set_password() - n/a #------------------------------------------------------- # User.check_password()+migration against known hash #------------------------------------------------------- user = FakeUser() user.password = hash # check against invalid password self.assertFalse(user.check_password(None)) ##self.assertFalse(user.check_password('')) self.assertFalse(user.check_password(other)) self.assert_valid_password(user, hash) # check against valid password self.assertTrue(user.check_password(secret)) # check if it upgraded the hash # NOTE: needs_update kept separate in case we need to test rounds. needs_update = deprecated if needs_update: self.assertNotEqual(user.password, hash) self.assertFalse(handler.identify(user.password)) self.assertTrue(ctx.handler().verify(secret, user.password)) self.assert_valid_password(user, saved=user.password) else: self.assert_valid_password(user, hash) # don't need to check rest for most deployments if TEST_MODE(max="default"): continue #------------------------------------------------------- # make_password() correctly selects algorithm #------------------------------------------------------- hash2 = make_password(secret, hasher=passlib_to_hasher_name(scheme)) self.assertTrue(handler.verify(secret, hash2)) #------------------------------------------------------- # check_password()+setter against known hash #------------------------------------------------------- # should call setter only if it needs_update self.assertTrue(check_password(secret, hash, setter=setter)) self.assertEqual(setter.popstate(), [secret] if needs_update else []) # should not call setter self.assertFalse(check_password(other, hash, setter=setter)) self.assertEqual(setter.popstate(), []) ### check preferred kwd is ignored (django 1.4 feature we don't support) ##self.assertTrue(check_password(secret, hash, setter=setter, preferred='fooey')) ##self.assertEqual(setter.popstate(), [secret]) # TODO: get_hasher() #------------------------------------------------------- # identify_hasher() recognizes known hash #------------------------------------------------------- if has_identify_hasher: self.assertTrue(is_password_usable(hash)) name = hasher_to_passlib_name(identify_hasher(hash).algorithm) self.assertEqual(name, scheme)
def test_config(self): """test hashing interface this function is run against both the actual django code, to verify the assumptions of the unittests are correct; and run against the passlib extension, to verify it matches those assumptions. """ patched, config = self.patched, self.config # this tests the following methods: # User.set_password() # User.check_password() # make_password() -- 1.4 only # check_password() # identify_hasher() # User.has_usable_password() # User.set_unusable_password() # XXX: this take a while to run. what could be trimmed? # TODO: get_hasher() #======================================================= # setup helpers & imports #======================================================= ctx = self.context setter = create_mock_setter() PASS1 = "toomanysecrets" WRONG1 = "letmein" if has_django14: from passlib.ext.django.utils import hasher_to_passlib_name, passlib_to_hasher_name from django.contrib.auth.hashers import check_password, make_password, is_password_usable if patched: from django.contrib.auth.hashers import identify_hasher else: from django.contrib.auth.models import check_password #======================================================= # make sure extension is configured correctly #======================================================= if patched: # contexts should match from passlib.ext.django.models import password_context self.assertEqual(password_context.to_dict(resolve=True), ctx.to_dict(resolve=True)) # should have patched both places if has_django14: from django.contrib.auth.models import check_password as check_password2 self.assertIs(check_password2, check_password) #======================================================= # default algorithm #======================================================= # User.set_password() should use default alg user = FakeUser() user.set_password(PASS1) self.assertTrue(ctx.handler().verify(PASS1, user.password)) self.assert_valid_password(user) # User.check_password() - n/a # make_password() should use default alg if has_django14: hash = make_password(PASS1) self.assertTrue(ctx.handler().verify(PASS1, hash)) # check_password() - n/a #======================================================= # empty password behavior #======================================================= if has_django14: # NOTE: django 1.4 treats empty password as invalid # User.set_password() should set unusable flag user = FakeUser() user.set_password('') self.assert_unusable_password(user) # User.check_password() should never return True user = FakeUser() user.password = hash = ctx.encrypt("") self.assertFalse(user.check_password("")) self.assert_valid_password(user, hash) # make_password() should reject empty passwords self.assertEqual(make_password(""), "!") # check_password() should never return True self.assertFalse(check_password("", hash)) else: # User.set_password() should use default alg user = FakeUser() user.set_password('') hash = user.password self.assertTrue(ctx.handler().verify('', hash)) self.assert_valid_password(user, hash) # User.check_password() should return True self.assertTrue(user.check_password("")) self.assert_valid_password(user, hash) # no make_password() # check_password() should return True self.assertTrue(check_password("", hash)) #======================================================= # 'unusable flag' behavior #======================================================= if has_django1 or patched: # sanity check via user.set_unusable_password() user = FakeUser() user.set_unusable_password() self.assert_unusable_password(user) # ensure User.set_password() sets flag user = FakeUser() user.set_password(None) self.assert_unusable_password(user) # User.check_password() should always fail self.assertFalse(user.check_password(None)) self.assertFalse(user.check_password('')) self.assertFalse(user.check_password(PASS1)) self.assertFalse(user.check_password(WRONG1)) self.assert_unusable_password(user) # make_password() should also set flag if has_django14: self.assertEqual(make_password(None), "!") # check_password() should return False (didn't handle disabled under 1.3) if has_django14 or patched: self.assertFalse(check_password(PASS1, '!')) # identify_hasher() and is_password_usable() should reject it if has_django14: self.assertFalse(is_password_usable(user.password)) if has_django14 and patched: self.assertRaises(ValueError, identify_hasher, user.password) #======================================================= # hash=None #======================================================= # User.set_password() - n/a # User.check_password() - returns False user = FakeUser() user.password = None if has_django14 or patched: self.assertFalse(user.check_password(PASS1)) else: self.assertRaises(TypeError, user.check_password, PASS1) if has_django1 or patched: self.assertFalse(user.has_usable_password()) # make_password() - n/a # check_password() - error if has_django14 or patched: self.assertFalse(check_password(PASS1, None)) else: self.assertRaises(AttributeError, check_password, PASS1, None) # identify_hasher() - error if has_django14 and patched: self.assertRaises(TypeError, identify_hasher, None) #======================================================= # invalid hash values #======================================================= for hash in ("", "$789$foo"): # User.set_password() - n/a # User.check_password() - blank hash causes error user = FakeUser() user.password = hash if has_django14 or patched or hash: self.assertRaises(ValueError, user.check_password, PASS1) else: # django 1.3 returns False for empty hashes self.assertFalse(user.check_password(PASS1)) self.assert_valid_password( user, hash) # '' counts as valid for some reason # make_password() - n/a # check_password() - error self.assertRaises(ValueError, check_password, PASS1, hash) # identify_hasher() - error if has_django14 and patched: self.assertRaises(ValueError, identify_hasher, hash) #======================================================= # run through all the schemes in the context, # testing various bits of per-scheme behavior. #======================================================= for scheme in ctx.schemes(): #------------------------------------------------------- # setup constants & imports, pick a sample secret/hash combo #------------------------------------------------------- handler = ctx.handler(scheme) deprecated = ctx._is_deprecated_scheme(scheme) assert not deprecated or scheme != ctx.default_scheme() try: testcase = get_handler_case(scheme) except exc.MissingBackendError: assert scheme == "bcrypt" continue assert testcase.handler is handler if testcase.is_disabled_handler: continue if not has_active_backend(handler): assert scheme == "django_bcrypt" continue while True: secret, hash = testcase('setUp').get_sample_hash() if secret: # don't select blank passwords, special under django break other = 'letmein' # User.set_password() - n/a #------------------------------------------------------- # User.check_password()+migration against known hash #------------------------------------------------------- user = FakeUser() user.password = hash # check against invalid password if has_django1 or patched: self.assertFalse(user.check_password(None)) else: self.assertRaises(TypeError, user.check_password, None) ##self.assertFalse(user.check_password('')) self.assertFalse(user.check_password(other)) self.assert_valid_password(user, hash) # check against valid password if has_django0 and isinstance(secret, unicode): secret = secret.encode("utf-8") self.assertTrue(user.check_password(secret)) # check if it upgraded the hash needs_update = deprecated if needs_update: self.assertFalse(handler.identify(user.password)) self.assertTrue(ctx.handler().verify(secret, user.password)) self.assert_valid_password(user, saved=user.password) else: self.assert_valid_password(user, hash) # don't need to check rest for most deployments if TEST_MODE(max="default"): continue #------------------------------------------------------- # make_password() correctly selects algorithm #------------------------------------------------------- if has_django14: hash2 = make_password(secret, hasher=passlib_to_hasher_name(scheme)) self.assertTrue(handler.verify(secret, hash2)) #------------------------------------------------------- # check_password()+setter against known hash #------------------------------------------------------- if has_django14 or patched: # should call setter only if it needs_update self.assertTrue(check_password(secret, hash, setter=setter)) self.assertEqual(setter.popstate(), [secret] if needs_update else []) # should not call setter self.assertFalse(check_password(other, hash, setter=setter)) self.assertEqual(setter.popstate(), []) ### check preferred kwd is ignored (django 1.4 feature we don't support) ##self.assertTrue(check_password(secret, hash, setter=setter, preferred='fooey')) ##self.assertEqual(setter.popstate(), [secret]) elif patched or scheme != "hex_md5": # django 1.3 never called check_password() for hex_md5 self.assertTrue(check_password(secret, hash)) self.assertFalse(check_password(other, hash)) # TODO: get_hasher() #------------------------------------------------------- # identify_hasher() recognizes known hash #------------------------------------------------------- if has_django14 and patched: self.assertTrue(is_password_usable(hash)) name = hasher_to_passlib_name(identify_hasher(hash).algorithm) self.assertEqual(name, scheme)
def test_config(self): """test hashing interface this function is run against both the actual django code, to verify the assumptions of the unittests are correct; and run against the passlib extension, to verify it matches those assumptions. """ patched, config = self.patched, self.config # this tests the following methods: # User.set_password() # User.check_password() # make_password() -- 1.4 only # check_password() # identify_hasher() # User.has_usable_password() # User.set_unusable_password() # XXX: this take a while to run. what could be trimmed? # TODO: get_hasher() #======================================================= # setup helpers & imports #======================================================= ctx = self.context setter = create_mock_setter() PASS1 = "toomanysecrets" WRONG1 = "letmein" if has_django14: from passlib.ext.django.utils import hasher_to_passlib_name, passlib_to_hasher_name from django.contrib.auth.hashers import check_password, make_password, is_password_usable if patched: from django.contrib.auth.hashers import identify_hasher else: from django.contrib.auth.models import check_password #======================================================= # make sure extension is configured correctly #======================================================= if patched: # contexts should match from passlib.ext.django.models import password_context self.assertEqual(password_context.to_dict(resolve=True), ctx.to_dict(resolve=True)) # should have patched both places if has_django14: from django.contrib.auth.models import check_password as check_password2 self.assertIs(check_password2, check_password) #======================================================= # default algorithm #======================================================= # User.set_password() should use default alg user = FakeUser() user.set_password(PASS1) self.assertTrue(ctx.handler().verify(PASS1, user.password)) self.assert_valid_password(user) # User.check_password() - n/a # make_password() should use default alg if has_django14: hash = make_password(PASS1) self.assertTrue(ctx.handler().verify(PASS1, hash)) # check_password() - n/a #======================================================= # empty password behavior #======================================================= if has_django14: # NOTE: django 1.4 treats empty password as invalid # User.set_password() should set unusable flag user = FakeUser() user.set_password('') self.assert_unusable_password(user) # User.check_password() should never return True user = FakeUser() user.password = hash = ctx.encrypt("") self.assertFalse(user.check_password("")) self.assert_valid_password(user, hash) # make_password() should reject empty passwords self.assertEqual(make_password(""), "!") # check_password() should never return True self.assertFalse(check_password("", hash)) else: # User.set_password() should use default alg user = FakeUser() user.set_password('') hash = user.password self.assertTrue(ctx.handler().verify('', hash)) self.assert_valid_password(user, hash) # User.check_password() should return True self.assertTrue(user.check_password("")) self.assert_valid_password(user, hash) # no make_password() # check_password() should return True self.assertTrue(check_password("", hash)) #======================================================= # 'unusable flag' behavior #======================================================= if has_django1 or patched: # sanity check via user.set_unusable_password() user = FakeUser() user.set_unusable_password() self.assert_unusable_password(user) # ensure User.set_password() sets flag user = FakeUser() user.set_password(None) self.assert_unusable_password(user) # User.check_password() should always fail self.assertFalse(user.check_password(None)) self.assertFalse(user.check_password('')) self.assertFalse(user.check_password(PASS1)) self.assertFalse(user.check_password(WRONG1)) self.assert_unusable_password(user) # make_password() should also set flag if has_django14: self.assertEqual(make_password(None), "!") # check_password() should return False (didn't handle disabled under 1.3) if has_django14 or patched: self.assertFalse(check_password(PASS1, '!')) # identify_hasher() and is_password_usable() should reject it if has_django14: self.assertFalse(is_password_usable(user.password)) if has_django14 and patched: self.assertRaises(ValueError, identify_hasher, user.password) #======================================================= # hash=None #======================================================= # User.set_password() - n/a # User.check_password() - returns False user = FakeUser() user.password = None if has_django14 or patched: self.assertFalse(user.check_password(PASS1)) else: self.assertRaises(TypeError, user.check_password, PASS1) if has_django1 or patched: self.assertFalse(user.has_usable_password()) # make_password() - n/a # check_password() - error if has_django14 or patched: self.assertFalse(check_password(PASS1, None)) else: self.assertRaises(AttributeError, check_password, PASS1, None) # identify_hasher() - error if has_django14 and patched: self.assertRaises(TypeError, identify_hasher, None) #======================================================= # invalid hash values #======================================================= for hash in ("", "$789$foo"): # User.set_password() - n/a # User.check_password() - blank hash causes error user = FakeUser() user.password = hash if has_django14 or patched or hash: self.assertRaises(ValueError, user.check_password, PASS1) else: # django 1.3 returns False for empty hashes self.assertFalse(user.check_password(PASS1)) self.assert_valid_password(user, hash) # '' counts as valid for some reason # make_password() - n/a # check_password() - error self.assertRaises(ValueError, check_password, PASS1, hash) # identify_hasher() - error if has_django14 and patched: self.assertRaises(ValueError, identify_hasher, hash) #======================================================= # run through all the schemes in the context, # testing various bits of per-scheme behavior. #======================================================= for scheme in ctx.schemes(): #------------------------------------------------------- # setup constants & imports, pick a sample secret/hash combo #------------------------------------------------------- handler = ctx.handler(scheme) deprecated = ctx._is_deprecated_scheme(scheme) assert not deprecated or scheme != ctx.default_scheme() try: testcase = get_handler_case(scheme) except exc.MissingBackendError: assert scheme == "bcrypt" continue assert testcase.handler is handler if testcase.is_disabled_handler: continue if not has_active_backend(handler): assert scheme == "django_bcrypt" continue while True: secret, hash = testcase('setUp').get_sample_hash() if secret: # don't select blank passwords, special under django break other = 'letmein' # User.set_password() - n/a #------------------------------------------------------- # User.check_password()+migration against known hash #------------------------------------------------------- user = FakeUser() user.password = hash # check against invalid password if has_django1 or patched: self.assertFalse(user.check_password(None)) else: self.assertRaises(TypeError, user.check_password, None) ##self.assertFalse(user.check_password('')) self.assertFalse(user.check_password(other)) self.assert_valid_password(user, hash) # check against valid password if has_django0 and isinstance(secret, unicode): secret = secret.encode("utf-8") self.assertTrue(user.check_password(secret)) # check if it upgraded the hash needs_update = deprecated if needs_update: self.assertFalse(handler.identify(user.password)) self.assertTrue(ctx.handler().verify(secret, user.password)) self.assert_valid_password(user, saved=user.password) else: self.assert_valid_password(user, hash) # don't need to check rest for most deployments if TEST_MODE(max="default"): continue #------------------------------------------------------- # make_password() correctly selects algorithm #------------------------------------------------------- if has_django14: hash2 = make_password(secret, hasher=passlib_to_hasher_name(scheme)) self.assertTrue(handler.verify(secret, hash2)) #------------------------------------------------------- # check_password()+setter against known hash #------------------------------------------------------- if has_django14 or patched: # should call setter only if it needs_update self.assertTrue(check_password(secret, hash, setter=setter)) self.assertEqual(setter.popstate(), [secret] if needs_update else []) # should not call setter self.assertFalse(check_password(other, hash, setter=setter)) self.assertEqual(setter.popstate(), []) ### check preferred kwd is ignored (django 1.4 feature we don't support) ##self.assertTrue(check_password(secret, hash, setter=setter, preferred='fooey')) ##self.assertEqual(setter.popstate(), [secret]) elif patched or scheme != "hex_md5": # django 1.3 never called check_password() for hex_md5 self.assertTrue(check_password(secret, hash)) self.assertFalse(check_password(other, hash)) # TODO: get_hasher() #------------------------------------------------------- # identify_hasher() recognizes known hash #------------------------------------------------------- if has_django14 and patched: self.assertTrue(is_password_usable(hash)) name = hasher_to_passlib_name(identify_hasher(hash).algorithm) self.assertEqual(name, scheme)