def testBlankPassword(schema_id):
pw = u''
enc = AuthEncoding.pw_encrypt(pw, schema_id)
assert enc != pw
assert AuthEncoding.pw_validate(enc, pw)
assert not AuthEncoding.pw_validate(enc, enc)
assert not AuthEncoding.pw_validate(enc, u'xxx')
def testBlankPassword(schema_id):
pw = u''
enc = AuthEncoding.pw_encrypt(pw, schema_id)
assert enc != pw
assert AuthEncoding.pw_validate(enc, pw)
assert not AuthEncoding.pw_validate(enc, enc)
assert not AuthEncoding.pw_validate(enc, u'xxx')
def testGoodPassword(schema_id, password):
enc = AuthEncoding.pw_encrypt(password, schema_id)
assert enc != password
assert AuthEncoding.pw_validate(enc, password)
assert AuthEncoding.pw_validate(u(enc), password)
assert AuthEncoding.is_encrypted(enc)
assert not AuthEncoding.is_encrypted(password)
def testGoodPassword(schema_id, password):
enc = AuthEncoding.pw_encrypt(password, schema_id)
assert enc != password
assert AuthEncoding.pw_validate(enc, password)
assert AuthEncoding.pw_validate(u(enc), password)
assert AuthEncoding.is_encrypted(enc)
assert not AuthEncoding.is_encrypted(password)
def _pw_encrypt(self, password):
"""Returns the AuthEncoding encrypted password
If 'password' is already encrypted, it is returned
as is and not encrypted again.
"""
if AuthEncoding.is_encrypted(password):
return password
return AuthEncoding.pw_encrypt(password)
def authenticate(self, password, request):
passwrd = self._getPassword()
result = AuthEncoding.pw_validate(passwrd, password)
domains = self.getDomains()
if domains:
return result and domainSpecMatch(domains, request)
return result
def authenticateCredentials(self, credentials):
""" See IAuthenticationPlugin.
o We expect the credentials to be those returned by
ILoginPasswordExtractionPlugin.
"""
login = credentials.get('login')
password = credentials.get('password')
if login is None or password is None:
return None
# Do we have a link between login and userid? Do NOT fall
# back to using the login as userid when there is no match, as
# that gives a high chance of seeming to log in successfully,
# but in reality failing.
userid = self._login_to_userid.get(login)
if userid is None:
# Someone may be logging in with a userid instead of a
# login name and the two are not the same. We could try
# turning those around, but really we should just fail.
#
# userid = login
# login = self._userid_to_login.get(userid)
# if login is None:
# return None
return None
reference = self._user_passwords.get(userid)
if reference is None:
return None
if AuthEncoding.is_encrypted(reference):
if AuthEncoding.pw_validate(reference, password):
return userid, login
# Support previous naive behavior
if isinstance(password, six.text_type):
password = password.encode('utf8')
digested = sha(password).hexdigest()
if reference == digested:
return userid, login
return None
def testBadPassword(schema_id, password):
enc = AuthEncoding.pw_encrypt(password, schema_id)
assert enc != password
assert not AuthEncoding.pw_validate(enc, u'xxx')
assert not AuthEncoding.pw_validate(enc, b'xxx')
assert not AuthEncoding.pw_validate(u(enc), u'xxx')
assert not AuthEncoding.pw_validate(enc, enc)
if schema_id != u'CRYPT':
# crypt truncates passwords and would fail this test.
assert not AuthEncoding.pw_validate(enc, password[:-1])
assert not AuthEncoding.pw_validate(enc, password[1:])
assert AuthEncoding.pw_validate(enc, password)
def testBadPassword(schema_id, password):
enc = AuthEncoding.pw_encrypt(password, schema_id)
assert enc != password
assert not AuthEncoding.pw_validate(enc, u'xxx')
assert not AuthEncoding.pw_validate(enc, b'xxx')
assert not AuthEncoding.pw_validate(u(enc), u'xxx')
assert not AuthEncoding.pw_validate(enc, enc)
if schema_id != u'CRYPT':
# crypt truncates passwords and would fail this test.
assert not AuthEncoding.pw_validate(enc, password[:-1])
assert not AuthEncoding.pw_validate(enc, password[1:])
assert AuthEncoding.pw_validate(enc, password)
def testLongPassword(schema_id):
pw = u'Pw' * 2000
enc = AuthEncoding.pw_encrypt(pw, schema_id)
assert AuthEncoding.pw_validate(enc, pw)
assert not AuthEncoding.pw_validate(enc, enc)
assert not AuthEncoding.pw_validate(enc, u'xxx')
if u'CRYPT' not in schema_id:
# crypt and bcrypt truncates passwords and would fail these tests.
assert not AuthEncoding.pw_validate(enc, pw[:-2])
assert not AuthEncoding.pw_validate(enc, pw[2:])
def testLongPassword(schema_id):
pw = u'Pw' * 2000
enc = AuthEncoding.pw_encrypt(pw, schema_id)
assert AuthEncoding.pw_validate(enc, pw)
assert not AuthEncoding.pw_validate(enc, enc)
assert not AuthEncoding.pw_validate(enc, u'xxx')
if u'CRYPT' not in schema_id:
# crypt and bcrypt truncates passwords and would fail these tests.
assert not AuthEncoding.pw_validate(enc, pw[:-2])
assert not AuthEncoding.pw_validate(enc, pw[2:])
# FOR A PARTICULAR PURPOSE
#
##############################################################################
"""Test of AuthEncoding
"""
from AuthEncoding import AuthEncoding
from ..compat import b, u
import pytest
def testListSchemes():
assert len(AuthEncoding.listSchemes()) > 0 # At least one must exist!
@pytest.mark.parametrize('schema_id', AuthEncoding.listSchemes())
@pytest.mark.parametrize('password', [u'good_pw', u'gööd_pw', b(u'gööd_pw')])
def testGoodPassword(schema_id, password):
enc = AuthEncoding.pw_encrypt(password, schema_id)
assert enc != password
assert AuthEncoding.pw_validate(enc, password)
assert AuthEncoding.pw_validate(u(enc), password)
assert AuthEncoding.is_encrypted(enc)
assert not AuthEncoding.is_encrypted(password)
@pytest.mark.parametrize('schema_id', AuthEncoding.listSchemes())
@pytest.mark.parametrize(
'password', [u'OK_pa55w0rd \n', u'OK_pä55w0rd \n',
b(u'OK_pä55w0rd \n')])
def testBadPassword(schema_id, password):
def testShortPassword(schema_id):
pw = u'1'
enc = AuthEncoding.pw_encrypt(pw, schema_id)
assert AuthEncoding.pw_validate(enc, pw)
assert not AuthEncoding.pw_validate(enc, enc)
assert not AuthEncoding.pw_validate(enc, u'xxx')
def testListSchemes():
assert len(AuthEncoding.listSchemes()) > 0 # At least one must exist!
def testEncryptWithNotSupportedScheme():
with pytest.raises(ValueError) as err:
AuthEncoding.pw_encrypt(u'asdf', 'MD1')
assert 'Not supported: MD1' == str(err.value)
def testUnencryptedPassword():
# Sanity check
pw = u'my-password'
assert AuthEncoding.pw_validate(pw, pw)
assert not AuthEncoding.pw_validate(pw, pw + u'asdf')
# FOR A PARTICULAR PURPOSE
#
##############################################################################
"""Test of AuthEncoding
"""
from AuthEncoding import AuthEncoding
from ..compat import b, u
import pytest
def testListSchemes():
assert len(AuthEncoding.listSchemes()) > 0 # At least one must exist!
@pytest.mark.parametrize('schema_id', AuthEncoding.listSchemes())
@pytest.mark.parametrize('password', [u'good_pw', u'gööd_pw', b(u'gööd_pw')])
def testGoodPassword(schema_id, password):
enc = AuthEncoding.pw_encrypt(password, schema_id)
assert enc != password
assert AuthEncoding.pw_validate(enc, password)
assert AuthEncoding.pw_validate(u(enc), password)
assert AuthEncoding.is_encrypted(enc)
assert not AuthEncoding.is_encrypted(password)
@pytest.mark.parametrize('schema_id', AuthEncoding.listSchemes())
@pytest.mark.parametrize(
'password', [u'OK_pa55w0rd \n', u'OK_pä55w0rd \n', b(u'OK_pä55w0rd \n')])
def testBadPassword(schema_id, password):
enc = AuthEncoding.pw_encrypt(password, schema_id)
def testEncryptAcceptsTextAndBinaryEncodingNames():
assert (AuthEncoding.pw_encrypt(u'asdf',
b'SHA') == AuthEncoding.pw_encrypt(
u'asdf', u'SHA'))
def _encryptPassword(self, pw):
return AuthEncoding.pw_encrypt(pw, 'SSHA')
def testEncryptWithNotSupportedScheme():
with pytest.raises(ValueError) as err:
AuthEncoding.pw_encrypt(u'asdf', 'MD1')
assert 'Not supported: MD1' == str(err.value)
def testIsEncryptedAcceptsTextAndBinary():
assert AuthEncoding.is_encrypted(b'{SHA}')
assert AuthEncoding.is_encrypted(u'{SHA}')
assert not AuthEncoding.is_encrypted(b'foo')
assert not AuthEncoding.is_encrypted(u'foo')
def testListSchemes():
assert len(AuthEncoding.listSchemes()) > 0 # At least one must exist!
def testUnencryptedPassword():
# Sanity check
pw = u'my-password'
assert AuthEncoding.pw_validate(pw, pw)
assert not AuthEncoding.pw_validate(pw, pw + u'asdf')
def testShortPassword(schema_id):
pw = u'1'
enc = AuthEncoding.pw_encrypt(pw, schema_id)
assert AuthEncoding.pw_validate(enc, pw)
assert not AuthEncoding.pw_validate(enc, enc)
assert not AuthEncoding.pw_validate(enc, u'xxx')
def testEncryptAcceptsTextAndBinaryEncodingNames():
assert (AuthEncoding.pw_encrypt(u'asdf', b'SHA') ==
AuthEncoding.pw_encrypt(u'asdf', u'SHA'))
def _isPasswordEncrypted(self, pw):
return AuthEncoding.is_encrypted(pw)
