Пример #1
0
 def __call__(self, form, field):
     username = ''
     if self.username_field:
         username = form[self.username_field].data or ''
     password = field.data or ''
     if error := validate_secure_password(self.context, password, username=username):
         raise ValidationError(error)
Пример #2
0
 def check_password(self, identity, password):
     # No, the passwords are not stored in plaintext. Magic is happening here!
     if identity.password != password:
         return False
     if error := validate_secure_password('login', password, username=identity.identifier, fast=True):
         logger.warning('Account %s logged in with an insecure password: %s', identity.identifier, error)
         session['insecure_password_error'] = error
Пример #3
0
def test_validate_secure_password(monkeypatch, password, username, expected):
    signal_called = False

    def _mock_pwned(password, fast=False):
        return password == 'correct horse battery staple'

    def _signal_fn(sender, **kw):
        nonlocal signal_called
        signal_called = True
        assert sender == 'test'
        assert username == kw['username']
        if kw['password'] == 'badsignal':
            return 'signalfail'

    monkeypatch.setattr('indico.util.passwords.check_password_pwned',
                        _mock_pwned)
    with signals.core.check_password_secure.connected_to(_signal_fn):
        rv = validate_secure_password('test', password, username=username)
    assert signal_called
    if expected is None:
        assert rv is None
    else:
        assert expected in rv