def test_06_hash_pepper(self):
h = hash_with_pepper("superPassword")
self.assertTrue("$pbkdf2" in h, h)
r = verify_with_pepper(h, "superPassword")
self.assertEqual(r, True)
r = verify_with_pepper(h, "super Password")
self.assertEqual(r, False)
def test_06_hash_pepper(self):
h = hash_with_pepper("superPassword")
self.assertTrue("$pbkdf2"in h, h)
r = verify_with_pepper(h, "superPassword")
self.assertEqual(r, True)
r = verify_with_pepper(h, "super Password")
self.assertEqual(r, False)
def create_recoverycode(user,
email=None,
expiration_seconds=3600,
recoverycode=None,
base_url=""):
"""
Create and send a password recovery code
:param user: User for whom the password reset code should be sent
:type user: User Object
:param email: The optional email of the user
:param recoverycode: Only used for testing purpose
:return: bool
"""
base_url = base_url.strip("recover")
base_url += "#"
recoverycode = recoverycode or generate_password(size=24)
hash_code = hash_with_pepper(recoverycode)
# send this recoverycode
#
pwreset = PasswordReset(hash_code,
username=user.login,
realm=user.realm,
expiration_seconds=expiration_seconds)
pwreset.save()
res = False
if not user:
raise UserError("User required for recovery token.")
user_email = user.info.get("email")
if email and email.lower() != user_email.lower():
raise UserError("The email does not match the users email.")
identifier = get_from_config("recovery.identifier")
if identifier:
# send email
r = send_email_identifier(
identifier, user_email, "Your password reset",
BODY.format(base_url, user.login, user.realm, recoverycode))
if not r:
raise privacyIDEAError("Failed to send email. {0!s}".format(r))
else:
raise ConfigAdminError("Missing configuration " "recovery.identifier.")
res = True
return res
def create_recoverycode(user, email=None, expiration_seconds=3600,
recoverycode=None, base_url=""):
"""
Create and send a password recovery code
:param user: User for whom the password reset code should be sent
:type user: User Object
:param email: The optional email of the user
:param recoverycode: Only used for testing purpose
:return: bool
"""
base_url = base_url.strip("recover")
base_url += "#"
recoverycode = recoverycode or generate_password(size=24)
hash_code = hash_with_pepper(recoverycode)
# send this recoverycode
#
pwreset = PasswordReset(hash_code, username=user.login,
realm=user.realm,
expiration_seconds=expiration_seconds)
pwreset.save()
res = False
if not user:
raise UserError("User required for recovery token.")
user_email = user.info.get("email")
if email and email.lower() != user_email.lower():
raise UserError("The email does not match the users email.")
identifier = get_from_config("recovery.identifier")
if identifier:
# send email
r = send_email_identifier(identifier, user_email,
"Your password reset",
BODY.format(base_url,
user.login, user.realm,
recoverycode))
if not r:
raise privacyIDEAError("Failed to send email. {0!s}".format(r))
else:
raise ConfigAdminError("Missing configuration "
"recovery.identifier.")
res = True
return res
def create_db_admin(app, username, email=None, password=None):
pw_dig = None
if password:
pw_dig = hash_with_pepper(password)
user = Admin(email=email, username=username, password=pw_dig)
user.save()
