def init_config(self, app): """Initialize configuration. :param app: The Flask application. """ try: pkg_resources.get_distribution("celery") app.config.setdefault("ACCOUNTS_USE_CELERY", not (app.debug or app.testing)) except pkg_resources.DistributionNotFound: # pragma: no cover app.config.setdefault("ACCOUNTS_USE_CELERY", False) # Register Invenio legacy password hashing register_crypt_handler(InvenioAesEncryptedEmail) # Change Flask defaults app.config.setdefault("SESSION_COOKIE_SECURE", not app.debug) # Change Flask-Security defaults app.config.setdefault("SECURITY_PASSWORD_SALT", app.config["SECRET_KEY"]) # Set JWT secret key app.config.setdefault( "ACCOUNTS_JWT_SECRET_KEY", app.config.get("ACCOUNTS_JWT_SECRET_KEY", app.config.get("SECRET_KEY")), ) config_apps = ["ACCOUNTS", "SECURITY_"] for k in dir(config): if any([k.startswith(prefix) for prefix in config_apps]): app.config.setdefault(k, getattr(config, k))
def test_get_crypt_handler(self): """test get_crypt_handler()""" class dummy_1(uh.StaticHandler): name = "dummy_1" # without available handler self.assertRaises(KeyError, get_crypt_handler, "dummy_1") self.assertIs(get_crypt_handler("dummy_1", None), None) # already loaded handler register_crypt_handler(dummy_1) self.assertIs(get_crypt_handler("dummy_1"), dummy_1) with warnings.catch_warnings(): warnings.filterwarnings("ignore", "handler names should be lower-case, and use underscores instead of hyphens:.*", UserWarning) # already loaded handler, using incorrect name self.assertIs(get_crypt_handler("DUMMY-1"), dummy_1) # lazy load of unloaded handler, using incorrect name register_crypt_handler_path('dummy_0', __name__) self.assertIs(get_crypt_handler("DUMMY-0"), dummy_0) # check system & private names aren't returned import passlib.hash # ensure module imported, so py3.3 sets __package__ passlib.hash.__dict__["_fake"] = "dummy" # so behavior seen under py2x also for name in ["_fake", "__package__"]: self.assertRaises(KeyError, get_crypt_handler, name) self.assertIs(get_crypt_handler(name, None), None)
def test_get_crypt_handler(self): """test get_crypt_handler()""" class dummy_1(uh.StaticHandler): name = "dummy_1" # without available handler self.assertRaises(KeyError, get_crypt_handler, "dummy_1") self.assertIs(get_crypt_handler("dummy_1", None), None) # already loaded handler register_crypt_handler(dummy_1) self.assertIs(get_crypt_handler("dummy_1"), dummy_1) with warnings.catch_warnings(): warnings.filterwarnings( "ignore", "handler names should be lower-case, and use underscores instead of hyphens:.*", UserWarning) # already loaded handler, using incorrect name self.assertIs(get_crypt_handler("DUMMY-1"), dummy_1) # lazy load of unloaded handler, using incorrect name register_crypt_handler_path('dummy_0', __name__) self.assertIs(get_crypt_handler("DUMMY-0"), dummy_0) # check system & private names aren't returned from passlib import hash hash.__dict__["_fake"] = "dummy" for name in ["_fake", "__package__"]: self.assertRaises(KeyError, get_crypt_handler, name) self.assertIs(get_crypt_handler(name, None), None)
def init_config(self, app): """Initialize configuration. :param app: The Flask application. """ try: pkg_resources.get_distribution('celery') app.config.setdefault("ACCOUNTS_USE_CELERY", not (app.debug or app.testing)) except pkg_resources.DistributionNotFound: # pragma: no cover app.config.setdefault("ACCOUNTS_USE_CELERY", False) app.config.setdefault('ACCOUNTS', True) # Register Invenio legacy password hashing register_crypt_handler(InvenioAesEncryptedEmail) # Change Flask-Security defaults app.config.setdefault('SECURITY_CHANGEABLE', True) app.config.setdefault('SECURITY_CONFIRMABLE', True) app.config.setdefault('SECURITY_PASSWORD_HASH', 'pbkdf2_sha512') app.config.setdefault('SECURITY_PASSWORD_SCHEMES', ['pbkdf2_sha512', 'invenio_aes_encrypted_email']) app.config.setdefault('SECURITY_DEPRECATED_PASSWORD_SCHEMES', ['invenio_aes_encrypted_email']) app.config.setdefault('SECURITY_RECOVERABLE', True) app.config.setdefault('SECURITY_REGISTERABLE', True) app.config.setdefault('SECURITY_TRACKABLE', True) app.config.setdefault('SECURITY_LOGIN_WITHOUT_CONFIRMATION', True) app.config.setdefault('SECURITY_PASSWORD_SALT', app.config['SECRET_KEY']) # Change default templates app.config.setdefault("SECURITY_FORGOT_PASSWORD_TEMPLATE", "invenio_accounts/forgot_password.html") app.config.setdefault("SECURITY_LOGIN_USER_TEMPLATE", "invenio_accounts/login_user.html") app.config.setdefault("SECURITY_REGISTER_USER_TEMPLATE", "invenio_accounts/register_user.html") app.config.setdefault("SECURITY_RESET_PASSWORD_TEMPLATE", "invenio_accounts/reset_password.html") app.config.setdefault("SECURITY_CHANGE_PASSWORD_TEMPLATE", "invenio_accounts/change_password.html") app.config.setdefault("SECURITY_SEND_CONFIRMATION_TEMPLATE", "invenio_accounts/send_confirmation.html") app.config.setdefault("SECURITY_SEND_LOGIN_TEMPLATE", "invenio_accounts/send_login.html") app.config.setdefault("SECURITY_REGISTER_URL", "/signup/") app.config.setdefault("SECURITY_RESET_URL", "/lost-password/") app.config.setdefault("SECURITY_LOGIN_URL", "/login/") app.config.setdefault("SECURITY_LOGOUT_URL", "/logout/") app.config.setdefault("SECURITY_CHANGE_URL", "/accounts/settings/password/") for k in dir(config): if k.startswith('ACCOUNTS_'): app.config.setdefault(k, getattr(config, k))
def init_app(self, app): """Initialize application.""" # Register Invenio legacy password hashing. register_crypt_handler(invenio_aes_encrypted_email) app.config.setdefault('PASSLIB_SCHEMES', ['sha512_crypt', 'invenio_aes_encrypted_email']) app.config.setdefault('PASSLIB_DEPRECATED_SCHEMES', ['invenio_aes_encrypted_email']) # Create password context. app.extensions['passlib'] = CryptContext( schemes=app.config['PASSLIB_SCHEMES'], deprecated=app.config['PASSLIB_DEPRECATED_SCHEMES'])
def test_get_crypt_handler(self): "test get_crypt_handler()" class dummy_1(uh.StaticHandler): name = "dummy_1" self.assertRaises(KeyError, get_crypt_handler, "dummy_1") register_crypt_handler(dummy_1) self.assertIs(get_crypt_handler("dummy_1"), dummy_1) with catch_warnings(): warnings.filterwarnings("ignore", "handler names should be lower-case, and use underscores instead of hyphens:.*", UserWarning) self.assertIs(get_crypt_handler("DUMMY-1"), dummy_1)
def init_config(self, app): """Initialize configuration. :param app: The Flask application. """ try: pkg_resources.get_distribution('celery') app.config.setdefault("ACCOUNTS_USE_CELERY", not (app.debug or app.testing)) except pkg_resources.DistributionNotFound: # pragma: no cover app.config.setdefault("ACCOUNTS_USE_CELERY", False) # Register Invenio legacy password hashing register_crypt_handler(InvenioAesEncryptedEmail) # Change Flask defaults app.config.setdefault('SESSION_COOKIE_SECURE', not app.debug) # Change Flask-Security defaults app.config.setdefault('SECURITY_PASSWORD_SALT', app.config['SECRET_KEY']) # Set JWT secret key app.config.setdefault( 'ACCOUNTS_JWT_SECRET_KEY', app.config.get('ACCOUNTS_JWT_SECRET_KEY', app.config.get('SECRET_KEY'))) config_apps = ['ACCOUNTS', 'SECURITY_'] for k in dir(config): if any([k.startswith(prefix) for prefix in config_apps]): app.config.setdefault(k, getattr(config, k)) # Set Session KV store if app.config.get('ACCOUNTS_SESSION_REDIS_URL'): import redis from simplekv.memory.redisstore import RedisStore session_kvstore = RedisStore( redis.StrictRedis.from_url( app.config['ACCOUNTS_SESSION_REDIS_URL'])) else: from simplekv.memory import DictStore session_kvstore = DictStore() self.kvsession_extension = KVSessionExtension(session_kvstore, app)
def init_app(self, app): """Initialize application.""" # Register Invenio legacy password hashing. register_crypt_handler(invenio_aes_encrypted_email) app.config.setdefault( 'PASSLIB_SCHEMES', ['sha512_crypt', 'invenio_aes_encrypted_email'] ) app.config.setdefault( 'PASSLIB_DEPRECATED_SCHEMES', ['invenio_aes_encrypted_email'] ) # Create password context. app.extensions['passlib'] = CryptContext( schemes=app.config['PASSLIB_SCHEMES'], deprecated=app.config['PASSLIB_DEPRECATED_SCHEMES'] )
def test_register_crypt_handler(self): """test register_crypt_handler()""" self.assertRaises(TypeError, register_crypt_handler, {}) self.assertRaises(ValueError, register_crypt_handler, type('x', (uh.StaticHandler,), dict(name=None))) self.assertRaises(ValueError, register_crypt_handler, type('x', (uh.StaticHandler,), dict(name="AB_CD"))) self.assertRaises(ValueError, register_crypt_handler, type('x', (uh.StaticHandler,), dict(name="ab-cd"))) self.assertRaises(ValueError, register_crypt_handler, type('x', (uh.StaticHandler,), dict(name="ab__cd"))) self.assertRaises(ValueError, register_crypt_handler, type('x', (uh.StaticHandler,), dict(name="default"))) class dummy_1(uh.StaticHandler): name = "dummy_1" class dummy_1b(uh.StaticHandler): name = "dummy_1" self.assertTrue('dummy_1' not in list_crypt_handlers()) register_crypt_handler(dummy_1) register_crypt_handler(dummy_1) self.assertIs(get_crypt_handler("dummy_1"), dummy_1) self.assertRaises(KeyError, register_crypt_handler, dummy_1b) self.assertIs(get_crypt_handler("dummy_1"), dummy_1) register_crypt_handler(dummy_1b, force=True) self.assertIs(get_crypt_handler("dummy_1"), dummy_1b) self.assertTrue('dummy_1' in list_crypt_handlers())
def init_config(self, app): """Initialize configuration. :param app: The Flask application. """ try: pkg_resources.get_distribution('celery') app.config.setdefault("ACCOUNTS_USE_CELERY", not (app.debug or app.testing)) except pkg_resources.DistributionNotFound: # pragma: no cover app.config.setdefault("ACCOUNTS_USE_CELERY", False) # Register Invenio legacy password hashing register_crypt_handler(InvenioAesEncryptedEmail) # Change Flask-Security defaults app.config.setdefault('SECURITY_PASSWORD_SALT', app.config['SECRET_KEY']) config_apps = ['ACCOUNTS', 'SECURITY_'] for k in dir(config): if any([k.startswith(prefix) for prefix in config_apps]): app.config.setdefault(k, getattr(config, k))
def test_get_crypt_handler(self): "test get_crypt_handler()" class dummy_1(uh.StaticHandler): name = "dummy_1" # without available handler self.assertRaises(KeyError, get_crypt_handler, "dummy_1") self.assertIs(get_crypt_handler("dummy_1", None), None) # already loaded handler register_crypt_handler(dummy_1) self.assertIs(get_crypt_handler("dummy_1"), dummy_1) with catch_warnings(): warnings.filterwarnings("ignore", "handler names should be lower-case, and use underscores instead of hyphens:.*", UserWarning) # already loaded handler, using incorrect name self.assertIs(get_crypt_handler("DUMMY-1"), dummy_1) # lazy load of unloaded handler, using incorrect name register_crypt_handler_path('dummy_0', __name__) self.assertIs(get_crypt_handler("DUMMY-0"), dummy_0)
def init_config(self, app): """Initialize configuration. :param app: The Flask application. """ try: pkg_resources.get_distribution('celery') app.config.setdefault( "ACCOUNTS_USE_CELERY", not (app.debug or app.testing)) except pkg_resources.DistributionNotFound: # pragma: no cover app.config.setdefault("ACCOUNTS_USE_CELERY", False) app.config.setdefault('ACCOUNTS', True) # Register Invenio legacy password hashing register_crypt_handler(InvenioAesEncryptedEmail) # Change Flask-Security defaults app.config.setdefault('SECURITY_CHANGEABLE', True) app.config.setdefault('SECURITY_CONFIRMABLE', True) app.config.setdefault('SECURITY_PASSWORD_HASH', 'pbkdf2_sha512') app.config.setdefault('SECURITY_PASSWORD_SCHEMES', ['pbkdf2_sha512', 'invenio_aes_encrypted_email']) app.config.setdefault('SECURITY_DEPRECATED_PASSWORD_SCHEMES', ['invenio_aes_encrypted_email']) app.config.setdefault('SECURITY_RECOVERABLE', True) app.config.setdefault('SECURITY_REGISTERABLE', True) app.config.setdefault('SECURITY_TRACKABLE', True) app.config.setdefault('SECURITY_LOGIN_WITHOUT_CONFIRMATION', True) app.config.setdefault('SECURITY_PASSWORD_SALT', app.config['SECRET_KEY']) # Change default templates app.config.setdefault("SECURITY_FORGOT_PASSWORD_TEMPLATE", "invenio_accounts/forgot_password.html") app.config.setdefault("SECURITY_LOGIN_USER_TEMPLATE", "invenio_accounts/login_user.html") app.config.setdefault("SECURITY_REGISTER_USER_TEMPLATE", "invenio_accounts/register_user.html") app.config.setdefault("SECURITY_RESET_PASSWORD_TEMPLATE", "invenio_accounts/reset_password.html") app.config.setdefault("SECURITY_CHANGE_PASSWORD_TEMPLATE", "invenio_accounts/change_password.html") app.config.setdefault("SECURITY_SEND_CONFIRMATION_TEMPLATE", "invenio_accounts/send_confirmation.html") app.config.setdefault("SECURITY_SEND_LOGIN_TEMPLATE", "invenio_accounts/send_login.html") app.config.setdefault("SECURITY_REGISTER_URL", "/signup/") app.config.setdefault("SECURITY_RESET_URL", "/lost-password/") app.config.setdefault("SECURITY_LOGIN_URL", "/login/") app.config.setdefault("SECURITY_LOGOUT_URL", "/logout/") app.config.setdefault("SECURITY_CHANGE_URL", "/accounts/settings/password/") for k in dir(config): if k.startswith('ACCOUNTS_'): app.config.setdefault(k, getattr(config, k))
"helper for method in test_registry.py" from passlib.registry import register_crypt_handler import passlib.utils.handlers as uh class dummy_bad(uh.StaticHandler): name = "dummy_bad" class alt_dummy_bad(uh.StaticHandler): name = "dummy_bad" # NOTE: if passlib.tests is being run from symlink (e.g. via gaeunit), # this module may be imported a second time as test._test_bad_registry. # we don't want it to do anything in that case. if __name__.startswith("passlib.tests"): register_crypt_handler(alt_dummy_bad)
class LegacyPassword(pbkdf2_sha256): name = "frappe_legacy" ident = "$frappel$" def _calc_checksum(self, secret): # check if this is a mysql hash # it is possible that we will generate a false positive if the users password happens to be 40 hex chars proceeded # by an * char, but this seems highly unlikely if not (secret[0] == "*" and len(secret) == 41 and all(c in string.hexdigits for c in secret[1:])): secret = mysql41.hash(secret + self.salt.decode('utf-8')) return super(LegacyPassword, self)._calc_checksum(secret) register_crypt_handler(LegacyPassword, force=True) passlibctx = CryptContext( schemes=[ "pbkdf2_sha256", "argon2", "frappe_legacy", ], deprecated=[ "frappe_legacy", ], ) def get_decrypted_password(doctype, name, fieldname="password",
def includeme(config): register_crypt_handler(EDWHash)
checksum_size = 32 max_salt_size = 32 _hash_func = hashlib.sha256 _hash_regex = re.compile(u(r"^\{SSHA256\}(?P<tmp>[+/a-zA-Z0-9]{48,}={0,2})$")) class ldap_salted_sha512(_SaltedBase64DigestHelper): name = 'ldap_salted_sha512' ident = u'{SSHA512}' checksum_size = 64 max_salt_size = 64 _hash_func = hashlib.sha512 _hash_regex = re.compile(u(r"^\{SSHA512\}(?P<tmp>[+/a-zA-Z0-9]{88,}={0,2})$")) register_crypt_handler(phpass_drupal) register_crypt_handler(ldap_salted_sha256) register_crypt_handler(ldap_salted_sha512) # The list of supported password hash types for verification (passlib handler) pw_ctx = CryptContext(schemes=['phpass', 'phpass_drupal', 'ldap_salted_sha1', 'ldap_salted_sha256', 'ldap_salted_sha512', 'ldap_sha1', 'md5_crypt', 'bcrypt', 'sha512_crypt', 'sha256_crypt', 'hex_sha256',
_hash_func = hashlib.sha256 _hash_regex = re.compile( u(r"^\{SSHA256\}(?P<tmp>[+/a-zA-Z0-9]{48,}={0,2})$")) class ldap_salted_sha512(_SaltedBase64DigestHelper): name = 'ldap_salted_sha512' ident = u'{SSHA512}' checksum_size = 64 max_salt_size = 64 _hash_func = hashlib.sha512 _hash_regex = re.compile( u(r"^\{SSHA512\}(?P<tmp>[+/a-zA-Z0-9]{88,}={0,2})$")) register_crypt_handler(phpass_drupal) register_crypt_handler(ldap_salted_sha256) register_crypt_handler(ldap_salted_sha512) # The list of supported password hash types for verification (passlib handler) pw_ctx = CryptContext(schemes=[ 'phpass', 'phpass_drupal', 'ldap_salted_sha1', 'ldap_salted_sha256', 'ldap_salted_sha512', 'ldap_sha1', 'md5_crypt', 'bcrypt', 'sha512_crypt', 'sha256_crypt',
def __enter__(self): from passlib import registry registry._unload_handler_name(self.name, locations=False) registry.register_crypt_handler(self.dummy) assert registry.get_crypt_handler(self.name) is self.dummy return self.dummy
class LegacyPassword(pbkdf2_sha256): name = "frappe_legacy" ident = "$frappel$" def _calc_checksum(self, secret): # check if this is a mysql hash # it is possible that we will generate a false positive if the users password happens to be 40 hex chars proceeded # by an * char, but this seems highly unlikely if not (secret[0] == "*" and len(secret) == 41 and all(c in string.hexdigits for c in secret[1:])): secret = mysql41.hash(secret + self.salt.decode('utf-8')) return super(LegacyPassword, self)._calc_checksum(secret) register_crypt_handler(LegacyPassword, force=True) passlibctx = CryptContext( schemes=[ "pbkdf2_sha256", "argon2", "frappe_legacy", ], deprecated=[ "frappe_legacy", ], ) def get_decrypted_password(doctype, name, fieldname='password', raise_exception=True): auth = frappe.db.sql('''select `password` from `__Auth` where doctype=%(doctype)s and name=%(name)s and fieldname=%(fieldname)s and encrypted=1''',
def includeme(config): register_crypt_handler(SNOWHash)