def test_that_a_hash_can_not_be_validated_against_a_hash(self): # NOTE(dstanek): Bug 1279849 reported a problem where passwords # were not being hashed if they already looked like a hash. This # would allow someone to hash their password ahead of time # (potentially getting around password requirements, like # length) and then they could auth with their original password. password = uuid.uuid4().hex hashed_password = common_utils.hash_password(password) new_hashed_password = common_utils.hash_password(hashed_password) self.assertFalse(common_utils.check_password(password, new_hashed_password))
def test_that_a_hash_can_not_be_validated_against_a_hash(self): # NOTE(dstanek): Bug 1279849 reported a problem where passwords # were not being hashed if they already looked like a hash. This # would allow someone to hash their password ahead of time # (potentially getting around password requirements, like # length) and then they could auth with their original password. password = uuid.uuid4().hex hashed_password = common_utils.hash_password(password) new_hashed_password = common_utils.hash_password(hashed_password) self.assertFalse( common_utils.check_password(password, new_hashed_password))
def _authenticate(self): cached_data = cache.token_region.get(self._user_ref['id']) if cached_data: cached_password_hash, token_data = cached_data if utils.check_password(self._password, cached_password_hash): return token_data headers = const.HEADERS.copy() if self._x_forwarded_for: headers['X-Forwarded-For'] = self._x_forwarded_for LOG.info(_LI('Authenticating user %s against v2.'), self._username) token_data = self.POST('/tokens', headers=headers, data={ 'auth': { 'passwordCredentials': { 'username': self._username, 'password': self._password, }, }, }, expected_status=requests.codes.ok) users_password_hash = utils.hash_password(self._password) cache.token_region.set(self._user_ref['id'], (users_password_hash, token_data)) cache.token_map_region.set(token_data['access']['token']['id'], self._user_ref['id']) return token_data
def change_password(self, user_id, new_password): with sql.session_for_write() as session: user_ref = session.query(model.User).get(user_id) if user_ref.password_ref and user_ref.password_ref.self_service: self._validate_minimum_password_age(user_ref) user_ref.password = utils.hash_password(new_password) user_ref.password_ref.self_service = True
def change_password(self, user_id, new_password): with sql.session_for_write() as session: user_ref = session.query(model.User).get(user_id) if user_ref.password_ref and user_ref.password_ref.self_service: self._validate_minimum_password_age(user_ref) self._validate_password_history(new_password, user_ref) user_ref.password = utils.hash_password(new_password) user_ref.password_ref.self_service = True
def update_user_history(self, user_id, original_password, count): session = sql.get_session() with session.begin(): user_history_refs = self._get_user_history(session, user_id) if user_history_refs: h_user_cnt = len(user_history_refs) if h_user_cnt is not 0 and h_user_cnt >= count: user = user_history_refs[h_user_cnt - 1] setattr(user, 'password', utils.hash_password(original_password)) setattr(user, 'date', datetime.datetime.now()) session.query(UserHistory).filter(UserHistory.id == user.id).update(user, synchronize_session=False) if h_user_cnt > count: ## deleting the redundant user history uids = [] for x in range(count, h_user_cnt): uids.append(user_history_refs[x].id) if uids and len(uids) > 0: session.query(UserHistory).filter(UserHistory.id.in_(uids)).delete(synchronize_session=False) else: session.add(UserHistory(userid=user_id, password=utils.hash_password(original_password), date=datetime.datetime.now()))
def test_hash_edge_cases(self): hashed = common_utils.hash_password('secret') self.assertFalse(common_utils.check_password('', hashed)) self.assertFalse(common_utils.check_password(None, hashed))
def test_hash_long_password_truncation(self): self.config_fixture.config(strict_password_check=False) invalid_length_password = '******' * 9999999 hashed = common_utils.hash_password(invalid_length_password) self.assertTrue( common_utils.check_password(invalid_length_password, hashed))
def test_hash(self): password = '******' wrong = 'wrongwrong' # Two wrongs don't make a right hashed = common_utils.hash_password(password) self.assertTrue(common_utils.check_password(password, hashed)) self.assertFalse(common_utils.check_password(wrong, hashed))
def test_hash_unicode(self): password = u'Comment \xe7a va' wrong = 'Comment ?a va' hashed = common_utils.hash_password(password) self.assertTrue(common_utils.check_password(password, hashed)) self.assertFalse(common_utils.check_password(wrong, hashed))
def test_hash_long_password_truncation(self): self.config_fixture.config(strict_password_check=False) invalid_length_password = '******' * 9999999 hashed = common_utils.hash_password(invalid_length_password) self.assertTrue(common_utils.check_password(invalid_length_password, hashed))
def setUp(self): super(TestPasswordHashing, self).setUp() self.password = uuid.uuid4().hex self.hashed_password = utils.hash_password(self.password)
def test_hash(self): password = "******" wrong = "wrongwrong" # Two wrongs don't make a right hashed = utils.hash_password(password) self.assertTrue(utils.check_password(password, hashed)) self.assertFalse(utils.check_password(wrong, hashed))
def test_hash_unicode(self): password = u"Comment \xe7a va" wrong = "Comment ?a va" hashed = utils.hash_password(password) self.assertTrue(utils.check_password(password, hashed)) self.assertFalse(utils.check_password(wrong, hashed))
def test_hash_edge_cases(self): hashed = utils.hash_password("secret") self.assertFalse(utils.check_password("", hashed)) self.assertFalse(utils.check_password(None, hashed))
def test_hash_long_password(self): bigboy = '0' * 9999999 hashed = utils.hash_password(bigboy) self.assertTrue(utils.check_password(bigboy, hashed))
def _ensure_hashed_password(user_ref): pw = user_ref.get('password', None) if pw is not None: user_ref['password'] = utils.hash_password(pw) return user_ref