def testCheckSamePassword(self):
"""
If the L{hashPassword} function is called with a hashed password as
its salt, it'll return the same hashed password if the given plain
text password matches.
"""
password = u'password'
hashedPassword = hashPassword(password)
hashedPassword2 = hashPassword(password, hashedPassword)
self.assertEqual(hashedPassword, hashedPassword2)
def testCheckSamePassword(self):
"""
If the L{hashPassword} function is called with a hashed password as
its salt, it'll return the same hashed password if the given plain
text password matches.
"""
password = u'password'
hashedPassword = hashPassword(password)
hashedPassword2 = hashPassword(password, hashedPassword)
self.assertEqual(hashedPassword, hashedPassword2)
def testCheckDifferentPassword(self):
"""
If the L{hashPassword} function is called with a hashed password as
its salt and a plain text password that doesn't match, it'll return
the hash value for the plain text password.
"""
password = u'password'
hashedPassword = hashPassword(password)
password2 = u'password2'
hashedPassword2 = hashPassword(password2, hashedPassword)
self.assertNotEqual(hashedPassword, hashedPassword2)
def testCheckDifferentPassword(self):
"""
If the L{hashPassword} function is called with a hashed password as
its salt and a plain text password that doesn't match, it'll return
the hash value for the plain text password.
"""
password = u'password'
hashedPassword = hashPassword(password)
password2 = u'password2'
hashedPassword2 = hashPassword(password2, hashedPassword)
self.assertNotEqual(hashedPassword, hashedPassword2)
def testCheckPasswordIncorrect(self):
"""
C{checkPassword} will return C{False} when the password hash doesn't
match the plaintext password.
"""
password = u'super-secret'
passwordHash = hashPassword(u'different-password')
self.assertFalse(checkPassword(password, passwordHash))
def testCheckPassword(self):
"""
C{checkPassword} will return C{True} when the password hash matches
the plaintext password.
"""
password = u'super-secret'
passwordHash = hashPassword(password)
self.assertTrue(checkPassword(password, passwordHash))
def testCheckPasswordIncorrect(self):
"""
C{checkPassword} will return C{False} when the password hash doesn't
match the plaintext password.
"""
password = u'super-secret'
passwordHash = hashPassword(u'different-password')
self.assertFalse(checkPassword(password, passwordHash))
def testCheckPassword(self):
"""
C{checkPassword} will return C{True} when the password hash matches
the plaintext password.
"""
password = u'super-secret'
passwordHash = hashPassword(password)
self.assertTrue(checkPassword(password, passwordHash))
def testPredictablePasswordWithSalt(self):
"""
If the L{hashPassword} function is called with a known salt, the
hashed string must be always the same.
"""
password = u'password'
salt = 'salt'
hashedPassword = hashPassword(password, salt)
self.assertEqual('sa3tHJ3/KuYvI', hashedPassword)
def checkPassword(password, passwordHash):
"""Check that a given plaintext password matches a password hash.
@param password: A C{unicode} password in plain text.
@param passwordHash: A hashed C{str}.
@return: C{True} if the password matches the password hash, otherwise
C{False}.
"""
return hashPassword(password, passwordHash) == passwordHash
def testPredictablePasswordWithSalt(self):
"""
If the L{hashPassword} function is called with a known salt, the
hashed string must be always the same.
"""
password = u'password'
salt = 'salt'
hashedPassword = hashPassword(password, salt)
self.assertEqual('sa3tHJ3/KuYvI', hashedPassword)
def checkPassword(password, passwordHash):
"""Check that a given plaintext password matches a password hash.
@param password: A C{unicode} password in plain text.
@param passwordHash: A hashed C{str}.
@return: C{True} if the password matches the password hash, otherwise
C{False}.
"""
return hashPassword(password, passwordHash) == passwordHash
def testCreate(self):
"""L{User.create} creates new L{User}s based on the provided data."""
users = [(u'fred', u'fred-secret', u'Fred', u'*****@*****.**'),
(u'joe', u'joe-secret', u'Joe', u'*****@*****.**')]
self.users.create(users)
result = self.store.find(User,
Not(Or(User.username == u'fluiddb',
User.username == u'fluidinfo.com',
User.username == u'anon')))
result.order_by(User.username)
[user1, user2] = list(result)
self.assertEqual(u'fred', user1.username)
self.assertEqual(hashPassword(u'fred-secret', user1.passwordHash),
user1.passwordHash)
self.assertEqual(u'Fred', user1.fullname)
self.assertEqual(u'*****@*****.**', user1.email)
self.assertEqual(u'joe', user2.username)
self.assertEqual(hashPassword(u'joe-secret', user2.passwordHash),
user2.passwordHash)
self.assertEqual(u'Joe', user2.fullname)
self.assertEqual(u'*****@*****.**', user2.email)
def testRandomSaltMD5(self):
"""
If the L{hashPassword} function is called without a salt, it must
generate a random one and return a hashed string using the MD5
algorithm.
"""
password = u'password'
# An MD5-hashed password consists of three fields separated by $:
# 1) the mechanism (1 for MD5, 2a for Blowfish, 5 for SHA-256 and 6
# for SHA-512)
# 2) the salt
# 3) the hashed password
_, mechanism, salt, hashedPassword = hashPassword(password).split('$')
self.assertEqual('1', mechanism)
def testRandomSaltMD5(self):
"""
If the L{hashPassword} function is called without a salt, it must
generate a random one and return a hashed string using the MD5
algorithm.
"""
password = u'password'
# An MD5-hashed password consists of three fields separated by $:
# 1) the mechanism (1 for MD5, 2a for Blowfish, 5 for SHA-256 and 6
# for SHA-512)
# 2) the salt
# 3) the hashed password
_, mechanism, salt, hashedPassword = hashPassword(password).split('$')
self.assertEqual('1', mechanism)
def testCreate(self):
"""L{User.create} creates new L{User}s based on the provided data."""
users = [(u'fred', u'fred-secret', u'Fred', u'*****@*****.**'),
(u'joe', u'joe-secret', u'Joe', u'*****@*****.**')]
self.users.create(users)
result = self.store.find(
User,
Not(
Or(User.username == u'fluiddb',
User.username == u'fluidinfo.com',
User.username == u'anon')))
result.order_by(User.username)
[user1, user2] = list(result)
self.assertEqual(u'fred', user1.username)
self.assertEqual(hashPassword(u'fred-secret', user1.passwordHash),
user1.passwordHash)
self.assertEqual(u'Fred', user1.fullname)
self.assertEqual(u'*****@*****.**', user1.email)
self.assertEqual(u'joe', user2.username)
self.assertEqual(hashPassword(u'joe-secret', user2.passwordHash),
user2.passwordHash)
self.assertEqual(u'Joe', user2.fullname)
self.assertEqual(u'*****@*****.**', user2.email)
def set(self, values):
"""Update information about L{User}s.
If an incoming field is C{None} the appropriate instance field will not
be modified.
@param values: A sequence of C{(username, password, fullname, email,
role)} 5-tuples.
@raise FeatureError: Raised if C{values} is empty.
@raise UnknownUserError: Raised if a specified L{User} does not exist.
@return: A 2-tuples representing the L{User}s that were updated.
"""
if not values:
raise FeatureError('Information about at least one user must be '
'provided.')
usernames = set(username for username, _, _, _, _ in values)
users = dict((user.username, user)
for user in getUsers(usernames=usernames))
existingUsernames = set(users.iterkeys())
unknownUsernames = usernames - existingUsernames
if unknownUsernames:
raise UnknownUserError(list(unknownUsernames))
result = []
systemValues = {}
for username, password, fullname, email, role in values:
user = users[username]
valuesToUpdate = {}
if password is not None:
user.passwordHash = hashPassword(password)
if fullname is not None:
user.fullname = fullname
valuesToUpdate[u'fluiddb/users/name'] = user.fullname
if email is not None:
user.email = email
valuesToUpdate[u'fluiddb/users/email'] = user.email
if role is not None:
user.role = role
valuesToUpdate[u'fluiddb/users/role'] = unicode(user.role)
if valuesToUpdate:
systemValues[user.objectID] = valuesToUpdate
result.append((user.objectID, user.username))
if systemValues:
admin = getUser(u'fluiddb')
self._factory.tagValues(admin).set(systemValues)
return result
def set(self, values):
"""Update information about L{User}s.
If an incoming field is C{None} the appropriate instance field will not
be modified.
@param values: A sequence of C{(username, password, fullname, email,
role)} 5-tuples.
@raise FeatureError: Raised if C{values} is empty.
@raise UnknownUserError: Raised if a specified L{User} does not exist.
@return: A 2-tuples representing the L{User}s that were updated.
"""
if not values:
raise FeatureError('Information about at least one user must be '
'provided.')
usernames = set(username for username, _, _, _, _ in values)
users = dict(
(user.username, user) for user in getUsers(usernames=usernames))
existingUsernames = set(users.iterkeys())
unknownUsernames = usernames - existingUsernames
if unknownUsernames:
raise UnknownUserError(list(unknownUsernames))
result = []
systemValues = {}
for username, password, fullname, email, role in values:
user = users[username]
valuesToUpdate = {}
if password is not None:
user.passwordHash = hashPassword(password)
if fullname is not None:
user.fullname = fullname
valuesToUpdate[u'fluiddb/users/name'] = user.fullname
if email is not None:
user.email = email
valuesToUpdate[u'fluiddb/users/email'] = user.email
if role is not None:
user.role = role
valuesToUpdate[u'fluiddb/users/role'] = unicode(user.role)
if valuesToUpdate:
systemValues[user.objectID] = valuesToUpdate
result.append((user.objectID, user.username))
if systemValues:
admin = getUser(u'fluiddb')
self._factory.tagValues(admin).set(systemValues)
return result