def get_username_and_password_from_request(request): """Returns tuple of (username, password). Tuple values may be null.""" from corehq.apps.hqwebapp.utils import decode_password if 'HTTP_AUTHORIZATION' not in request.META: return None, None @sensitive_variables() def _decode(string): try: return string.decode('utf-8') except UnicodeDecodeError: # https://sentry.io/dimagi/commcarehq/issues/391378081/ return string.decode('latin1') auth = request.META['HTTP_AUTHORIZATION'].split() username = password = None if auth[0].lower() == DIGEST: try: digest = parse_digest_credentials(request.META['HTTP_AUTHORIZATION']) username = digest.username.lower() except UnicodeDecodeError: pass elif auth[0].lower() == BASIC: username, password = _decode(base64.b64decode(auth[1])).split(':', 1) username = username.lower() # decode password submitted from mobile app login password = decode_password(password, username) return username, password
def get_username_and_password_from_request(request): """Returns tuple of (username, password). Tuple values may be null.""" from corehq.apps.hqwebapp.utils import decode_password if 'HTTP_AUTHORIZATION' not in request.META: return None, None @sensitive_variables() def _decode(string): try: return string.decode('utf-8') except UnicodeDecodeError: # https://sentry.io/dimagi/commcarehq/issues/391378081/ return string.decode('latin1') auth = request.META['HTTP_AUTHORIZATION'].split() username = password = None if auth[0].lower() == DIGEST: try: digest = parse_digest_credentials( request.META['HTTP_AUTHORIZATION']) username = digest.username.lower() except UnicodeDecodeError: pass elif auth[0].lower() == BASIC: username, password = _decode(base64.b64decode(auth[1])).split(':', 1) username = username.lower() # decode password submitted from mobile app login password = decode_password(password) return username, password
def clean_new_password1(self): password1 = decode_password(self.cleaned_data.get('new_password1')) if password1 == '': raise ValidationError( _("Password cannot be empty"), code='new_password1_empty', ) if self.project.strong_mobile_passwords: return clean_password(password1) return password1
def clean_new_password1(self): password1 = decode_password(self.cleaned_data.get('new_password1')) if password1 == '': raise ValidationError( _("Password cannot be empty"), code='new_password1_empty', ) if self.project.strong_mobile_passwords: return clean_password(password1) return password1
def clean_new_password1(self): from corehq.apps.domain.forms import clean_password from corehq.apps.hqwebapp.utils import decode_password new_password = decode_password(self.cleaned_data.get('new_password1')) # User might not be able to submit empty password but decode_password might # return empty password in case the password hashing is messed up with if new_password == '': raise ValidationError( _("Password cannot be empty"), code='new_password1_empty', ) return clean_password(new_password)
def get_username_and_password_from_request(request): from corehq.apps.hqwebapp.utils import decode_password username, password = None, None if 'HTTP_AUTHORIZATION' in request.META: auth = request.META['HTTP_AUTHORIZATION'].split() if len(auth) == 2: if auth[0].lower() == BASIC: username, password = base64.b64decode(auth[1]).split(':', 1) # decode password submitted from mobile app login password = decode_password(password) return username, password
def get_username_and_password_from_request(request): from corehq.apps.hqwebapp.utils import decode_password def _decode(string): try: return string.decode('utf-8') except UnicodeDecodeError: # https://sentry.io/dimagi/commcarehq/issues/391378081/ return string.decode('latin1') username, password = None, None if 'HTTP_AUTHORIZATION' in request.META: auth = request.META['HTTP_AUTHORIZATION'].split() if len(auth) == 2: if auth[0].lower() == BASIC: username, password = base64.b64decode(auth[1]).split(':', 1) # decode password submitted from mobile app login password = decode_password(password) username, password = _decode(username), _decode(password) return username, password
def clean_password(self): return clean_password(decode_password(self.cleaned_data.get('password')))
def clean_password(self): from corehq.apps.hqwebapp.utils import decode_password # decode password submitted from HQ login # also pass in username to track replay attack return decode_password(self.cleaned_data['password'], self.clean_username())
def clean_old_password(self): from corehq.apps.hqwebapp.utils import decode_password self.cleaned_data['old_password'] = decode_password( self.cleaned_data['old_password']) return super(HQPasswordChangeForm, self).clean_old_password()
def clean_password(self): from corehq.apps.hqwebapp.utils import decode_password # decode password submitted from HQ login # also pass in username to track replay attack return decode_password(self.cleaned_data['password'], self.clean_username())
def clean_password(self): cleaned_password = decode_password(self.cleaned_data.get('password')) if self.project.strong_mobile_passwords: return clean_password(cleaned_password) return cleaned_password
def clean_password(self): return clean_password( decode_password(self.cleaned_data.get('password')))
def clean_password(self): cleaned_password = decode_password(self.cleaned_data.get('password')) if self.project.strong_mobile_passwords: return clean_password(cleaned_password) return cleaned_password
def clean_old_password(self): from corehq.apps.hqwebapp.utils import decode_password self.cleaned_data['old_password'] = decode_password(self.cleaned_data['old_password']) return super(HQPasswordChangeForm, self).clean_old_password()
def clean_new_password2(self): from corehq.apps.hqwebapp.utils import decode_password return decode_password(self.cleaned_data.get('new_password2'))
def clean_new_password2(self): from corehq.apps.hqwebapp.utils import decode_password return decode_password(self.cleaned_data.get('new_password2'))