def test_change_password_failures(client): new_password = "******" user = users_factories.UserFactory() access_token = create_access_token(identity=user.email) client.auth_header = {"Authorization": f"Bearer {access_token}"} response = client.post( "/native/v1/change_password", json={ "currentPassword": "******", "newPassword": new_password }, ) assert response.status_code == 400 assert response.json["code"] == "INVALID_PASSWORD" response = client.post( "/native/v1/change_password", json={ "currentPassword": users_factories.DEFAULT_PASSWORD, "newPassword": "******" }, ) assert response.status_code == 400 assert response.json["code"] == "WEAK_PASSWORD" db.session.refresh(user) assert user.password == crypto.hash_password( users_factories.DEFAULT_PASSWORD)
def _build(cls, model_class, *args, **kwargs): password = kwargs.get("password", DEFAULT_PASSWORD) kwargs["password"] = crypto.hash_password(password) if "publicName" not in kwargs and kwargs["firstName"] and kwargs[ "lastName"]: kwargs["publicName"] = "%s %s" % (kwargs["firstName"], kwargs["lastName"]) instance = super()._build(model_class, *args, **kwargs) instance.clearTextPassword = DEFAULT_PASSWORD return instance
def test_reset_password_for_unvalidated_email(client): new_password = "******" user = users_factories.UserFactory(isEmailValidated=False) token = users_factories.ResetPasswordToken(user=user) data = {"reset_password_token": token.value, "new_password": new_password} response = client.post("/native/v1/reset_password", json=data) assert response.status_code == 204 db.session.refresh(user) assert user.password == crypto.hash_password(new_password) assert user.isEmailValidated
def test_reset_password_success(client): new_password = "******" user = users_factories.UserFactory() token = users_factories.ResetPasswordToken(user=user) data = {"reset_password_token": token.value, "new_password": new_password} response = client.post("/native/v1/reset_password", json=data) assert response.status_code == 204 db.session.refresh(user) assert user.password == crypto.hash_password(new_password) token = Token.query.get(token.id) assert token.isUsed
def test_change_password_success(client): new_password = "******" user = users_factories.UserFactory() access_token = create_access_token(identity=user.email) client.auth_header = {"Authorization": f"Bearer {access_token}"} response = client.post( "/native/v1/change_password", json={ "currentPassword": users_factories.DEFAULT_PASSWORD, "newPassword": new_password }, ) assert response.status_code == 204 db.session.refresh(user) assert user.password == crypto.hash_password(new_password)
def hash_secret(self, create, extracted): self.secret = crypto.hash_password(extracted or DEFAULT_SECRET)
def generate_api_key(offerer_id: int) -> tuple[ApiKey, str]: clear_secret = secrets.token_hex(32) prefix = _generate_api_key_prefix() key = ApiKey(offererId=offerer_id, prefix=prefix, secret=crypto.hash_password(clear_secret)) return key, f"{prefix}{API_KEY_SEPARATOR}{clear_secret}"
def setPassword(self, newpass): self.clearTextPassword = newpass self.password = crypto.hash_password(newpass)
def _build(cls, model_class, *args, **kwargs): password = kwargs.get("password", DEFAULT_PASSWORD) kwargs["password"] = crypto.hash_password(password) instance = super()._build(model_class, *args, **kwargs) instance.clearTextPassword = DEFAULT_PASSWORD return instance
def random_hashed_password() -> bytes: return crypto.hash_password(random_token(length=12))
from pcapi.models import Offerer from pcapi.models import Stock from pcapi.models import UserOfferer from pcapi.models import Venue from pcapi.repository import repository from pcapi.repository.user_queries import find_user_by_email from pcapi.utils import crypto from . import constants from . import exceptions from . import models from .models import User logger = logging.getLogger(__name__) HASHED_PLACEHOLDER = crypto.hash_password("placeholder") def check_user_and_credentials(user: User, password: str) -> None: # Order is important to prevent end-user to guess user emails # We need to check email and password before checking email validation if not user: # Hash the given password, just like we would do if the user # existed. This avoids user enumeration by comparing server # response time. crypto.check_password(password, HASHED_PLACEHOLDER) raise exceptions.InvalidIdentifier() if not user.checkPassword(password) or not user.isActive: logging.info("Failed authentication attempt", extra={ "user": user.id,
def test_check_password(self): hashed = crypto.hash_password("secret") assert not crypto.check_password("wrong", hashed) assert crypto.check_password("secret", hashed)
def test_hash_password_uses_md5(self): hashed = crypto.hash_password("secret") assert hashed == b"5ebe2294ecd0e0f08eab7690d2a6ee69"
def test_hash_password_uses_bcrypt(self): hashed = crypto.hash_password("secret") assert hashed != "secret" assert hashed.startswith(b"$2b$") # bcrypt prefix