def generate_link(request, user):
xom = request.registry['xom']
serializer = itsdangerous.URLSafeTimedSerializer(xom.config.secret)
result = {'hash_type': 'sha256', 'salt': newsalt(), 'username': user.name}
result['token'] = generate_token(result, get_pwhash(user))
value = serializer.dumps(result)
return request.route_url('passwd_reset', token=value)
def test_hash_migration():
secret = "hello"
salt = newsalt()
hash = getpwhash(secret, salt)
(valid, newhash) = verify_and_update_password_hash(secret, hash, salt=salt)
assert valid
assert newhash != hash
assert newhash.startswith('$argon2')
def generate_link(request, user):
xom = request.registry['xom']
serializer = itsdangerous.URLSafeTimedSerializer(xom.config.secret)
result = {
'hash_type': 'sha256',
'salt': newsalt(),
'username': user.name}
result['token'] = generate_token(result, get_pwhash(user))
value = serializer.dumps(result)
return request.route_url('passwd_reset', token=value)
def test_server_passwd_with_old_salt_hash(self, model, monkeypatch):
from devpi_server.auth import newsalt, getpwhash
secret = "hello"
new_secret = "123"
salt = newsalt()
hash = getpwhash(secret, salt)
user = model.get_user("root")
with user.key.update() as userconfig:
userconfig['pwsalt'] = salt
userconfig['pwhash'] = hash
userconfig = user.get(credentials=True)
assert userconfig['pwsalt'] is not None
assert userconfig['pwhash'] is not None
monkeypatch.setattr(py.std.getpass, "getpass", lambda x: new_secret)
run_passwd(model, "root")
assert model.get_user("root").validate(new_secret)
def test_migrate_hash(self, caplog, model):
from devpi_server.auth import newsalt, getpwhash
user = model.create_user("user", "password", email="*****@*****.**")
userconfig = user.get(credentials=True)
assert 'pwsalt' not in userconfig
assert 'pwhash' in userconfig
salt = newsalt()
hash = getpwhash("password", salt)
user.modify(pwsalt=salt, pwhash=hash)
userconfig = user.get(credentials=True)
assert userconfig['pwsalt'] == salt
assert userconfig['pwhash'] == hash
# now validate and check for migration
recs = caplog.getrecords(".*modified user .*")
assert len(recs) == 1
assert "pwsalt=*******" in recs[0].getMessage()
assert user.validate("password")
recs = caplog.getrecords(".*modified user .*")
assert len(recs) == 2
assert "pwsalt=None" in recs[1].getMessage()
userconfig = user.get(credentials=True)
assert 'pwsalt' not in userconfig
assert userconfig['pwhash'].startswith("$argon2")
def test_newsalt():
assert newsalt() != newsalt()
