def _process_role_body( cls, cmd: sd.Command, schema: s_schema.Schema, astnode: qlast.DDLOperation, context: sd.CommandContext, ) -> None: password = cmd.get_attribute_value('password') if password is not None: if cmd.get_attribute_value('password_hash') is not None: raise errors.EdgeQLSyntaxError( 'cannot specify both `password` and `password_hash` in' ' the same statement', context=astnode.context, ) salted_password = scram.build_verifier(password) cmd.set_attribute_value('password', salted_password) password_hash = cmd.get_attribute_value('password_hash') if password_hash is not None: try: scram.parse_verifier(password_hash) except ValueError as e: raise errors.InvalidValueError( e.args[0], context=astnode.context) cmd.set_attribute_value('password', password_hash)
def test_scram_sha_256_verifier(self): salt = 'W22ZaJ0SNY7soEsUEjb6gQ==' password = '******' v = scram.build_verifier( password, salt=base64.b64decode(salt), iterations=4096, ) stored_key = 'WG5d8oPm3OtcPnkdi4Uo7BkeZkBFzpcXkuLmtbsT4qY=' server_key = 'wfPLwcE6nTWhTAmQ7tl2KeoiWGPlZqQxSrmfPwDl2dU=' self.assertEqual( v, f'SCRAM-SHA-256$4096:{salt}${stored_key}:{server_key}') parsed = scram.parse_verifier(v) self.assertEqual(parsed.mechanism, 'SCRAM-SHA-256') self.assertEqual(parsed.iterations, 4096) self.assertEqual(parsed.salt, base64.b64decode(salt)) self.assertEqual(parsed.stored_key, base64.b64decode(stored_key)) self.assertEqual(parsed.server_key, base64.b64decode(server_key)) self.assertTrue(scram.verify_password(password, v))
def _process_role_body( cls, cmd: sd.Command, schema: s_schema.Schema, astnode: qlast.DDLOperation, context: sd.CommandContext, ) -> None: password = cmd.get_attribute_value('password') if password is not None: salted_password = scram.build_verifier(password) cmd.set_attribute_value('password', salted_password)
def _process_role_body(cls, cmd, schema, astnode, context): password = cmd.get_attribute_value('password') if password is not None: salted_password = scram.build_verifier(password) cmd.set_attribute_value('password', salted_password)