def verify(cls, secret, hash, encoding=None):
if not encoding:
encoding = cls.default_encoding
hash = to_native_str(hash, encoding, "hash")
if not cls.identify(hash):
raise uh.exc.InvalidHashError(cls)
return str_consteq(cls.hash(secret, encoding), hash)
def verify(cls, secret, hash, encoding=None):
if not encoding:
encoding = cls.default_encoding
hash = to_native_str(hash, encoding, "hash")
if not cls.identify(hash):
raise uh.exc.InvalidHashError(cls)
return str_consteq(cls.hash(secret, encoding), hash)
def test_consteq(self):
"""test consteq()"""
# NOTE: this test is kind of over the top, but that's only because
# this is used for the critical task of comparing hashes for equality.
from passlib.utils import consteq, str_consteq
# ensure error raises for wrong types
self.assertRaises(TypeError, consteq, u(''), b'')
self.assertRaises(TypeError, consteq, u(''), 1)
self.assertRaises(TypeError, consteq, u(''), None)
self.assertRaises(TypeError, consteq, b'', u(''))
self.assertRaises(TypeError, consteq, b'', 1)
self.assertRaises(TypeError, consteq, b'', None)
self.assertRaises(TypeError, consteq, None, u(''))
self.assertRaises(TypeError, consteq, None, b'')
self.assertRaises(TypeError, consteq, 1, u(''))
self.assertRaises(TypeError, consteq, 1, b'')
def consteq_supports_string(value):
# under PY2, it supports all unicode strings (when present at all),
# under PY3, compare_digest() only supports ascii unicode strings.
# confirmed for: cpython 2.7.9, cpython 3.4, pypy, pypy3, pyston
return (consteq is str_consteq or PY2 or is_ascii_safe(value))
# check equal inputs compare correctly
for value in [
u("a"),
u("abc"),
u("\xff\xa2\x12\x00")*10,
]:
if consteq_supports_string(value):
self.assertTrue(consteq(value, value), "value %r:" % (value,))
else:
self.assertRaises(TypeError, consteq, value, value)
self.assertTrue(str_consteq(value, value), "value %r:" % (value,))
value = value.encode("latin-1")
self.assertTrue(consteq(value, value), "value %r:" % (value,))
# check non-equal inputs compare correctly
for l,r in [
# check same-size comparisons with differing contents fail.
(u("a"), u("c")),
(u("abcabc"), u("zbaabc")),
(u("abcabc"), u("abzabc")),
(u("abcabc"), u("abcabz")),
((u("\xff\xa2\x12\x00")*10)[:-1] + u("\x01"),
u("\xff\xa2\x12\x00")*10),
# check different-size comparisons fail.
(u(""), u("a")),
(u("abc"), u("abcdef")),
(u("abc"), u("defabc")),
(u("qwertyuiopasdfghjklzxcvbnm"), u("abc")),
]:
if consteq_supports_string(l) and consteq_supports_string(r):
self.assertFalse(consteq(l, r), "values %r %r:" % (l,r))
self.assertFalse(consteq(r, l), "values %r %r:" % (r,l))
else:
self.assertRaises(TypeError, consteq, l, r)
self.assertRaises(TypeError, consteq, r, l)
self.assertFalse(str_consteq(l, r), "values %r %r:" % (l,r))
self.assertFalse(str_consteq(r, l), "values %r %r:" % (r,l))
l = l.encode("latin-1")
r = r.encode("latin-1")
self.assertFalse(consteq(l, r), "values %r %r:" % (l,r))
self.assertFalse(consteq(r, l), "values %r %r:" % (r,l))
def test_consteq(self):
"""test consteq()"""
# NOTE: this test is kind of over the top, but that's only because
# this is used for the critical task of comparing hashes for equality.
from passlib.utils import consteq, str_consteq
# ensure error raises for wrong types
self.assertRaises(TypeError, consteq, u(''), b'')
self.assertRaises(TypeError, consteq, u(''), 1)
self.assertRaises(TypeError, consteq, u(''), None)
self.assertRaises(TypeError, consteq, b'', u(''))
self.assertRaises(TypeError, consteq, b'', 1)
self.assertRaises(TypeError, consteq, b'', None)
self.assertRaises(TypeError, consteq, None, u(''))
self.assertRaises(TypeError, consteq, None, b'')
self.assertRaises(TypeError, consteq, 1, u(''))
self.assertRaises(TypeError, consteq, 1, b'')
def consteq_supports_string(value):
# under PY2, it supports all unicode strings (when present at all),
# under PY3, compare_digest() only supports ascii unicode strings.
# confirmed for: cpython 2.7.9, cpython 3.4, pypy, pypy3, pyston
return (consteq is str_consteq or PY2 or is_ascii_safe(value))
# check equal inputs compare correctly
for value in [
u("a"),
u("abc"),
u("\xff\xa2\x12\x00")*10,
]:
if consteq_supports_string(value):
self.assertTrue(consteq(value, value), "value %r:" % (value,))
else:
self.assertRaises(TypeError, consteq, value, value)
self.assertTrue(str_consteq(value, value), "value %r:" % (value,))
value = value.encode("latin-1")
self.assertTrue(consteq(value, value), "value %r:" % (value,))
# check non-equal inputs compare correctly
for l,r in [
# check same-size comparisons with differing contents fail.
(u("a"), u("c")),
(u("abcabc"), u("zbaabc")),
(u("abcabc"), u("abzabc")),
(u("abcabc"), u("abcabz")),
((u("\xff\xa2\x12\x00")*10)[:-1] + u("\x01"),
u("\xff\xa2\x12\x00")*10),
# check different-size comparisons fail.
(u(""), u("a")),
(u("abc"), u("abcdef")),
(u("abc"), u("defabc")),
(u("qwertyuiopasdfghjklzxcvbnm"), u("abc")),
]:
if consteq_supports_string(l) and consteq_supports_string(r):
self.assertFalse(consteq(l, r), "values %r %r:" % (l,r))
self.assertFalse(consteq(r, l), "values %r %r:" % (r,l))
else:
self.assertRaises(TypeError, consteq, l, r)
self.assertRaises(TypeError, consteq, r, l)
self.assertFalse(str_consteq(l, r), "values %r %r:" % (l,r))
self.assertFalse(str_consteq(r, l), "values %r %r:" % (r,l))
l = l.encode("latin-1")
r = r.encode("latin-1")
self.assertFalse(consteq(l, r), "values %r %r:" % (l,r))
self.assertFalse(consteq(r, l), "values %r %r:" % (r,l))