def encode(self, password, salt): assert password assert salt and '$' not in salt hasher = passlib.hash.sha512_crypt(salt=salt, rounds=self.iterations) pwhash = hasher.encrypt(password) nul, nul, round, salt, hash = pwhash.split('$') iterations = round.split('=')[1] return "%s$%s$%s$%s" % (self.algorithm, iterations, salt, hash.replace('.', '+'))
def verify_django(secret, hash): """django/check_password""" if self.handler.name == "django_bcrypt" and hash.startswith( "bcrypt$$2y$"): hash = hash.replace("$$2y$", "$$2a$") if isinstance(secret, bytes): secret = secret.decode("utf-8") return check_password(secret, hash)
def test_needs_update_w_type(self): handler = self.handler hash = handler.hash("stub") self.assertFalse(handler.needs_update(hash)) hash2 = hash.replace("$argon2i$", "$argon2d$") self.assertTrue(handler.needs_update(hash2))
def verify_django(secret, hash): """django/check_password""" if self.handler.name == "django_bcrypt" and hash.startswith("bcrypt$$2y$"): hash = hash.replace("$$2y$", "$$2a$") if self.django_has_encoding_glitch and isinstance(secret, bytes): # e.g. unsalted_md5 on 1.5 and higher try to combine # salt + password before encoding to bytes, leading to ascii error. # this works around that issue. secret = secret.decode("utf-8") return check_password(secret, hash)
def verify_django(secret, hash): """django/check_password""" if (1,4) <= DJANGO_VERSION < (1,6) and not secret: return "skip" if self.handler.name == "django_bcrypt" and hash.startswith("bcrypt$$2y$"): hash = hash.replace("$$2y$", "$$2a$") if DJANGO_VERSION >= (1,5) and self.django_has_encoding_glitch and isinstance(secret, bytes): # e.g. unsalted_md5 on 1.5 and higher try to combine # salt + password before encoding to bytes, leading to ascii error. # this works around that issue. secret = secret.decode("utf-8") return check_password(secret, hash)
def django_to_passlib(password): # Convert Keystone style password to Django password. algr, round, salt, hash = password.split('$') passwd = "$6$rounds=%s$%s$%s" % (round, salt, hash.replace('+', '.').rstrip('=')) return passwd