class WhoPlugin(object): implements(IAuthenticator) _finder = None def __init__(self, zodb_uri): self._zodb_uri = zodb_uri self._pwd_mgr = SSHAPasswordManager() def _getFinder(self): if self._finder is None: self._finder = PersistentApplicationFinder(self._zodb_uri, appmaker) return self._finder def authenticate(self, environ, identity): """ See IAuthenticator. """ login = identity.get('login') password = identity.get('password') if login is not None and password is not None: request = get_current_request() context = getattr(request, 'context', None) registry = get_current_registry() confirmed = registry.queryAdapter(context, IRegistrations, name='confirmed') if confirmed is None: if getattr(context, '_p_jar', None) is None: context = self._getFinder()(environ) while context.__parent__ is not None: context = context.__parent__ confirmed = ConfirmedRegistrations(context) record = confirmed.get_by_login(login) if record and self._pwd_mgr.checkPassword(record.password, password): return record.uuid
def authenticate(self, environ, identity): try: login = identity['login'] password = identity['password'] except KeyError: return None pwd_mgr = SSHAPasswordManager() record = FauxConfirmedRegistrations(None).get_by_login(login) if (record is not None and pwd_mgr.checkPassword(record.password, password)): return record.uuid
def do_login(self, **data): login = Login() self.applyData(login, **data) principals = IOAuthPrincipalSource(grok.getApplication()) account = principals.find(login=login.login, domain=principals.domain) if account: # check password, and authenticate if match from zope.password.password import SSHAPasswordManager mgr = SSHAPasswordManager() if mgr.checkPassword(account.secret, login.secret): session = ISession(self.request)['OAuth2'] session['principal'] = account # Found the principal
def test_POST_w_password_match_w_after_edit_url(self): from webob.exc import HTTPFound from webob.multidict import MultiDict from zope.password.password import SSHAPasswordManager AFTER = '/' OLD_EMAIL = '*****@*****.**' NEW_EMAIL = '*****@*****.**' ENVIRON = {'repoze.who.identity': {'repoze.who.userid': 'UUID'}} self.config.registry.settings['cartouche.after_edit_url'] = AFTER pwd_mgr = SSHAPasswordManager() encoded = pwd_mgr.encodePassword('old_password') by_uuid, by_login, by_email = self._registerConfirmed() by_uuid['UUID'] = Dummy(login='******', email=OLD_EMAIL, password=encoded, security_question='borncity', security_answer='FXBG') by_email[OLD_EMAIL] = by_login['before'] = 'UUID' POST = MultiDict([ ('login_name', 'after'), ('email', NEW_EMAIL), ('old_password', 'old_password'), ('__start__', 'password:mapping'), ('value', 'newpassword'), ('confirm', 'newpassword'), ('__end__', 'password:mapping'), ('__start__', 'security:mapping'), ('question', 'petname'), ('answer', 'Fido'), ('__end__', 'security:mapping'), ('update', ''), ]) request = self._makeRequest(POST=POST, environ=ENVIRON, view_name='edit_account.html') response = self._callFUT(request=request) self.failUnless(isinstance(response, HTTPFound)) self.assertEqual(response.location, 'http://example.com/') new_record = by_uuid['UUID'] self.assertEqual(new_record.login, 'after') self.failUnless( pwd_mgr.checkPassword(new_record.password, 'newpassword')) self.assertEqual(new_record.security_question, 'petname') self.assertEqual(new_record.security_answer, 'Fido') self.failIf(OLD_EMAIL in by_email) self.assertEqual(by_email[NEW_EMAIL], 'UUID') self.failIf('before' in by_login) self.assertEqual(by_login['after'], 'UUID')
def test_hit_w_password_utility(self): import re from repoze.sendmail.interfaces import IMailDelivery from zope.password.password import SSHAPasswordManager from cartouche.interfaces import IPasswordGenerator GENERATED = re.compile(r'Your new password is:\s+(?P<password>[^\s]+)', re.MULTILINE) FROM_EMAIL = '*****@*****.**' TO_EMAIL = '*****@*****.**' def _password(): return 'PASSWORD' self.config.registry.registerUtility(_password, IPasswordGenerator) self.config.registry.settings['cartouche.from_addr'] = FROM_EMAIL delivery = DummyMailer() self.config.registry.registerUtility(delivery, IMailDelivery) confirmed = DummyConfirmed() confirmed.set( 'UUID', email=TO_EMAIL, login='******', password='******', security_question='question', security_answer='answer', token=None, ) self._callFUT(userid='UUID', confirmed=confirmed) record = confirmed.get('UUID') self.assertEqual(record.uuid, 'UUID') self.assertEqual(record.email, TO_EMAIL) self.assertEqual(record.login, 'phred') password = record.password self.assertNotEqual(password, 'old_password') self.failUnless(password.startswith('{SSHA}')) self.assertEqual(record.security_question, 'question') self.assertEqual(record.security_answer, 'answer') self.assertEqual(record.token, None) login_url = 'http://example.com/login.html' self.assertEqual(delivery._sent[0], FROM_EMAIL) self.assertEqual(list(delivery._sent[1]), [TO_EMAIL]) payload = delivery._sent[2].get_payload() self.failUnless(login_url in payload) found = GENERATED.search(payload) generated = found.group('password') self.assertEqual(generated, 'PASSWORD') pwd_mgr = SSHAPasswordManager() self.failUnless(pwd_mgr.checkPassword(password, generated))
def test_POST_w_password_match_w_after_edit_url(self): from webob.exc import HTTPFound from webob.multidict import MultiDict from zope.password.password import SSHAPasswordManager AFTER = '/' OLD_EMAIL = '*****@*****.**' NEW_EMAIL = '*****@*****.**' ENVIRON = {'repoze.who.identity': {'repoze.who.userid': 'UUID'}} self.config.registry.settings['cartouche.after_edit_url'] = AFTER pwd_mgr = SSHAPasswordManager() encoded = pwd_mgr.encodePassword('old_password') by_uuid, by_login, by_email = self._registerConfirmed() by_uuid['UUID'] = Dummy(login='******', email=OLD_EMAIL, password=encoded, security_question='borncity', security_answer='FXBG') by_email[OLD_EMAIL] = by_login['before'] = 'UUID' POST = MultiDict([('login_name', 'after'), ('email', NEW_EMAIL), ('old_password', 'old_password'), ('__start__', 'password:mapping'), ('password', 'newpassword'), ('password-confirm', 'newpassword'), ('__end__', 'password:mapping'), ('__start__', 'security:mapping'), ('question', 'petname'), ('answer', 'Fido'), ('__end__', 'security:mapping'), ('update', ''), ]) request = self._makeRequest(POST=POST, environ=ENVIRON, view_name='edit_account.html') response = self._callFUT(request=request) self.failUnless(isinstance(response, HTTPFound)) self.assertEqual(response.location, 'http://example.com/') new_record = by_uuid['UUID'] self.assertEqual(new_record.login, 'after') self.failUnless(pwd_mgr.checkPassword(new_record.password, 'newpassword')) self.assertEqual(new_record.security_question, 'petname') self.assertEqual(new_record.security_answer, 'Fido') self.failIf(OLD_EMAIL in by_email) self.assertEqual(by_email[NEW_EMAIL], 'UUID') self.failIf('before' in by_login) self.assertEqual(by_login['after'], 'UUID')
def authenticate(self, environ, identity): login = self.get_login(identity) password = self.get_pw(identity) if login is None or password is None: return users = self.users doc = users.find_one({'username': login}) if doc is None: return manager = SSHAPasswordManager() hashed = doc.get('password') result = manager.checkPassword(str(hashed), str(password)) if result: return login return None
def test_hit_wo_password_utility(self): import re from repoze.sendmail.interfaces import IMailDelivery from zope.password.password import SSHAPasswordManager GENERATED = re.compile(r'Your new password is:\s+(?P<password>[^\s]+)', re.MULTILINE) RANDOM_PATTERN = re.compile(r'[A-Za-z0-9]{6,8}' '[~!@#$%^&*]' '[A-Za-z0-9]{6,8}' ) FROM_EMAIL = '*****@*****.**' TO_EMAIL = '*****@*****.**' self.config.registry.settings['cartouche.from_addr'] = FROM_EMAIL delivery = DummyMailer() self.config.registry.registerUtility(delivery, IMailDelivery) confirmed = DummyConfirmed() confirmed.set('UUID', email=TO_EMAIL, login='******', password='******', security_question='question', security_answer='answer', token=None, ) self._callFUT(userid='UUID', confirmed=confirmed) record = confirmed.get('UUID') self.assertEqual(record.uuid, 'UUID') self.assertEqual(record.email, TO_EMAIL) self.assertEqual(record.login, 'phred') password = record.password self.assertNotEqual(password, 'old_password') self.failUnless(password.startswith('{SSHA}')) self.assertEqual(record.security_question, 'question') self.assertEqual(record.security_answer, 'answer') self.assertEqual(record.token, None) login_url = 'http://example.com/login.html' self.assertEqual(delivery._sent[0], FROM_EMAIL) self.assertEqual(list(delivery._sent[1]), [TO_EMAIL]) payload = delivery._sent[2].get_payload() self.failUnless(login_url in payload) found = GENERATED.search(payload) generated = found.group('password') pwd_mgr = SSHAPasswordManager() self.failUnless(pwd_mgr.checkPassword(password, generated)) self.failUnless(RANDOM_PATTERN.match(generated))