def test_that_a_hash_can_not_be_validated_against_a_hash(self):
# NOTE(dstanek): Bug 1279849 reported a problem where passwords
# were not being hashed if they already looked like a hash. This
# would allow someone to hash their password ahead of time
# (potentially getting around password requirements, like
# length) and then they could auth with their original password.
password = uuid.uuid4().hex
hashed_password = common_utils.hash_password(password)
new_hashed_password = common_utils.hash_password(hashed_password)
self.assertFalse(common_utils.check_password(password, new_hashed_password))
def test_that_a_hash_can_not_be_validated_against_a_hash(self):
# NOTE(dstanek): Bug 1279849 reported a problem where passwords
# were not being hashed if they already looked like a hash. This
# would allow someone to hash their password ahead of time
# (potentially getting around password requirements, like
# length) and then they could auth with their original password.
password = uuid.uuid4().hex
hashed_password = common_utils.hash_password(password)
new_hashed_password = common_utils.hash_password(hashed_password)
self.assertFalse(
common_utils.check_password(password, new_hashed_password))
def _authenticate(self):
cached_data = cache.token_region.get(self._user_ref['id'])
if cached_data:
cached_password_hash, token_data = cached_data
if utils.check_password(self._password, cached_password_hash):
return token_data
headers = const.HEADERS.copy()
if self._x_forwarded_for:
headers['X-Forwarded-For'] = self._x_forwarded_for
LOG.info(_LI('Authenticating user %s against v2.'), self._username)
token_data = self.POST('/tokens',
headers=headers,
data={
'auth': {
'passwordCredentials': {
'username': self._username,
'password': self._password,
},
},
},
expected_status=requests.codes.ok)
users_password_hash = utils.hash_password(self._password)
cache.token_region.set(self._user_ref['id'],
(users_password_hash, token_data))
cache.token_map_region.set(token_data['access']['token']['id'],
self._user_ref['id'])
return token_data
def change_password(self, user_id, new_password):
with sql.session_for_write() as session:
user_ref = session.query(model.User).get(user_id)
if user_ref.password_ref and user_ref.password_ref.self_service:
self._validate_minimum_password_age(user_ref)
user_ref.password = utils.hash_password(new_password)
user_ref.password_ref.self_service = True
def change_password(self, user_id, new_password):
with sql.session_for_write() as session:
user_ref = session.query(model.User).get(user_id)
if user_ref.password_ref and user_ref.password_ref.self_service:
self._validate_minimum_password_age(user_ref)
self._validate_password_history(new_password, user_ref)
user_ref.password = utils.hash_password(new_password)
user_ref.password_ref.self_service = True
def update_user_history(self, user_id, original_password, count):
session = sql.get_session()
with session.begin():
user_history_refs = self._get_user_history(session, user_id)
if user_history_refs:
h_user_cnt = len(user_history_refs)
if h_user_cnt is not 0 and h_user_cnt >= count:
user = user_history_refs[h_user_cnt - 1]
setattr(user, 'password', utils.hash_password(original_password))
setattr(user, 'date', datetime.datetime.now())
session.query(UserHistory).filter(UserHistory.id == user.id).update(user, synchronize_session=False)
if h_user_cnt > count:
## deleting the redundant user history
uids = []
for x in range(count, h_user_cnt):
uids.append(user_history_refs[x].id)
if uids and len(uids) > 0:
session.query(UserHistory).filter(UserHistory.id.in_(uids)).delete(synchronize_session=False)
else:
session.add(UserHistory(userid=user_id,
password=utils.hash_password(original_password),
date=datetime.datetime.now()))
def test_hash_edge_cases(self):
hashed = common_utils.hash_password('secret')
self.assertFalse(common_utils.check_password('', hashed))
self.assertFalse(common_utils.check_password(None, hashed))
def test_hash_long_password_truncation(self):
self.config_fixture.config(strict_password_check=False)
invalid_length_password = '******' * 9999999
hashed = common_utils.hash_password(invalid_length_password)
self.assertTrue(
common_utils.check_password(invalid_length_password, hashed))
def test_hash(self):
password = '******'
wrong = 'wrongwrong' # Two wrongs don't make a right
hashed = common_utils.hash_password(password)
self.assertTrue(common_utils.check_password(password, hashed))
self.assertFalse(common_utils.check_password(wrong, hashed))
def test_hash_unicode(self):
password = u'Comment \xe7a va'
wrong = 'Comment ?a va'
hashed = common_utils.hash_password(password)
self.assertTrue(common_utils.check_password(password, hashed))
self.assertFalse(common_utils.check_password(wrong, hashed))
def test_hash_edge_cases(self):
hashed = common_utils.hash_password('secret')
self.assertFalse(common_utils.check_password('', hashed))
self.assertFalse(common_utils.check_password(None, hashed))
def test_hash_long_password_truncation(self):
self.config_fixture.config(strict_password_check=False)
invalid_length_password = '******' * 9999999
hashed = common_utils.hash_password(invalid_length_password)
self.assertTrue(common_utils.check_password(invalid_length_password,
hashed))
def setUp(self):
super(TestPasswordHashing, self).setUp()
self.password = uuid.uuid4().hex
self.hashed_password = utils.hash_password(self.password)
def test_hash_unicode(self):
password = u'Comment \xe7a va'
wrong = 'Comment ?a va'
hashed = common_utils.hash_password(password)
self.assertTrue(common_utils.check_password(password, hashed))
self.assertFalse(common_utils.check_password(wrong, hashed))
def test_hash(self):
password = "******"
wrong = "wrongwrong" # Two wrongs don't make a right
hashed = utils.hash_password(password)
self.assertTrue(utils.check_password(password, hashed))
self.assertFalse(utils.check_password(wrong, hashed))
def test_hash_unicode(self):
password = u"Comment \xe7a va"
wrong = "Comment ?a va"
hashed = utils.hash_password(password)
self.assertTrue(utils.check_password(password, hashed))
self.assertFalse(utils.check_password(wrong, hashed))
def test_hash_edge_cases(self):
hashed = utils.hash_password("secret")
self.assertFalse(utils.check_password("", hashed))
self.assertFalse(utils.check_password(None, hashed))
def setUp(self):
super(TestPasswordHashing, self).setUp()
self.password = uuid.uuid4().hex
self.hashed_password = utils.hash_password(self.password)
def test_hash(self):
password = '******'
wrong = 'wrongwrong' # Two wrongs don't make a right
hashed = common_utils.hash_password(password)
self.assertTrue(common_utils.check_password(password, hashed))
self.assertFalse(common_utils.check_password(wrong, hashed))
def test_hash_long_password(self):
bigboy = '0' * 9999999
hashed = utils.hash_password(bigboy)
self.assertTrue(utils.check_password(bigboy, hashed))
def _ensure_hashed_password(user_ref):
pw = user_ref.get('password', None)
if pw is not None:
user_ref['password'] = utils.hash_password(pw)
return user_ref
def test_hash_long_password(self):
bigboy = '0' * 9999999
hashed = utils.hash_password(bigboy)
self.assertTrue(utils.check_password(bigboy, hashed))
