def test_set_inital_admin_twice(self): # first create the user table SetPasswordHandler.create_table(self.db_context) admin_user = '******' admin_pw = libcrypt_password('admin_password') # setup the inital user and it's password SetPasswordHandler.create_admin_user(self.db_context, username=admin_user, crypted_password=admin_pw) admin_user = '******' admin_pw = libcrypt_password('password_of_admin') # setup the inital user and try to set it's password a second time # - this will fail as the user could only be set once SetPasswordHandler.create_admin_user(self.db_context, username=admin_user, crypted_password=admin_pw) pw_handler = SetPasswordHandler(self.db_context) msg = "old password missmatch!" self.check_for_exeption(pw_handler, 'admin', 'password_of_admin', 'new_password', Exception, message=msg) pw_handler.set_password('admin', 'admin_password', 'new_password') return
def set_password(self, username, old_password, new_password): """ set the password, which requires the old_password for authorisation :param username: the admin username :param old_password: use the old password for authorisation :param new_password: the new password :return: - nothing - """ session = self.db_context.get_session() try: try: admin_user = session.query(self.AdminUser).filter( self.AdminUser.username == username).one() except NoResultFound: log.error("no user %r found!", username) raise Exception("no user %r found!" % username) except MultipleResultsFound: log.error("multiple users %r found!", username) raise Exception("multiple users %r found!" % username) crypted_password = admin_user.password if libcrypt_password(old_password, crypted_password) != crypted_password: raise Exception("old password missmatch!") admin_user.password = libcrypt_password(new_password) session.add(admin_user) session.commit() except Exception as exx: log.exception(exx) session.rollback() raise exx finally: session.close()
def set_password(self, username, old_password, new_password): """ set the password, which requires the old_password for authorisation :param username: the admin username :param old_password: use the old password for authorisation :param new_password: the new password :return: - nothing - """ session = self.db_context.get_session() try: try: admin_user = session.query(self.AdminUser).filter( self.AdminUser.username == username).one() except NoResultFound: log.error("no user %r found!", username) raise Exception("no user %r found!" % username) except MultipleResultsFound: log.error("multiple users %r found!", username) raise Exception("multiple users %r found!" % username) crypted_password = admin_user.password if libcrypt_password( old_password, crypted_password) != crypted_password: raise Exception("old password missmatch!") admin_user.password = libcrypt_password(new_password) session.add(admin_user) session.commit() except Exception as exx: log.exception(exx) session.rollback() raise exx finally: session.close()
def setOtpKey(self, otpKey, reset_failcount=True): """ the seed / secret for the password token contains the unix hashed (hmac256) format of the password. the iv is used as indicator that we are using the new format, which is the ':1:' indicator :param otpKey: the token seed / secret :param reset_failcount: boolean, if the failcounter should be reseted """ password_hash = libcrypt_password(otpKey.encode('utf-8')) self.token.set_encrypted_seed(password_hash, ":1:", reset_failcount=reset_failcount)
def create_admin_user(self): """ for testing we require the admin user to exist """ sqlconnect = self.appconf.get('sqlalchemy.url') engine = create_engine(sqlconnect) db_context = DataBaseContext(engine.url) SetPasswordHandler.create_table(db_context) SetPasswordHandler.create_admin_user( db_context, username='******', crypted_password=libcrypt_password('nimda'))
def test_compare_password(self): """ test the new compare passwords - used in the pw and lost token """ # init the SecretObject sec_obj = SecretObj(val=libcrypt_password('password'), iv=':1:') # run the comparison tests - positive test res = sec_obj.compare_password('password') self.assertTrue(res) # negative test res = sec_obj.compare_password('Password') self.assertFalse(res) return
def test_set_password(self): # first create the user table SetPasswordHandler.create_table(self.db_context) admin_user = '******' admin_pw = libcrypt_password('admin_password') # setup the inital user and it's password SetPasswordHandler.create_admin_user(self.db_context, username=admin_user, crypted_password=admin_pw) # run a valid change of the admin password pw_handler = SetPasswordHandler(self.db_context) pw_handler.set_password(admin_user, 'admin_password', 'new_password') # test for non existing user msg = "no user 'username' found!" self.check_for_exeption(pw_handler, 'username', 'old_password', 'new_password', Exception, message=msg) # test for old password mismatch msg = "old password missmatch!" self.check_for_exeption(pw_handler, 'admin', 'old_password', 'new_password', Exception, message=msg) # test for invalid new password using different data types msg = "must be string, not None" self.check_for_exeption(pw_handler, 'admin', 'new_password', None, Exception, message=msg) msg = "must be string, not int" self.check_for_exeption(pw_handler, 'admin', 'new_password', 123456, Exception, message=msg) msg = "must be string, not float" self.check_for_exeption(pw_handler, 'admin', 'new_password', 1234.56, Exception, message=msg) msg = "must be string, not DataBaseContext" self.check_for_exeption(pw_handler, 'admin', 'new_password', self.db_context, Exception, message=msg) # make sure that the password did not change in between and the # password could be set correctly pw_handler.set_password(admin_user, 'new_password', 'admin_password') return
def creat_password_hash(self, plain_password): """ create a password hash entry from a given plaintext password """ self.password = libcrypt_password(plain_password) self._pw_gen = True