def test_15_hash_passwords(self):
        p_hash = hash_password("pass0rd", "phpass")
        PH = PasswordHash()
        self.assertTrue(PH.check_password("pass0rd", p_hash))
        self.assertFalse(PH.check_password("passord", p_hash))

        # {SHA}
        p_hash = hash_password("passw0rd", "sha")
        self.assertTrue(check_sha(p_hash, "passw0rd"))
        self.assertFalse(check_sha(p_hash, "password"))

        # OTRS
        p_hash = hash_password("passw0rd", "otrs")
        self.assertTrue(otrs_sha256(p_hash, "passw0rd"))
        self.assertFalse(otrs_sha256(p_hash, "password"))

        # {SSHA}
        p_hash = hash_password("passw0rd", "ssha")
        self.assertTrue(check_ssha(p_hash, "passw0rd", hashlib.sha1, 20))
        self.assertFalse(check_ssha(p_hash, "password", hashlib.sha1, 20))

        # {SSHA256}
        p_hash = hash_password("passw0rd", "ssha256")
        self.assertTrue(check_ssha(p_hash, "passw0rd", hashlib.sha256, 32))
        self.assertFalse(check_ssha(p_hash, "password", hashlib.sha256, 32))

        # {SSHA512}
        p_hash = hash_password("passw0rd", "ssha512")
        self.assertTrue(check_ssha(p_hash, "passw0rd", hashlib.sha512, 64))
        self.assertFalse(check_ssha(p_hash, "password", hashlib.sha512, 64))
示例#2
0
    def test_15_hash_passwords(self):
        p_hash = hash_password("pass0rd", "phpass")
        PH = PasswordHash()
        self.assertTrue(PH.check_password("pass0rd", p_hash))
        self.assertFalse(PH.check_password("passord", p_hash))

        # {SHA}
        p_hash = hash_password("passw0rd", "sha")
        self.assertTrue(check_sha(p_hash, "passw0rd"))
        self.assertFalse(check_sha(p_hash, "password"))

        # OTRS
        p_hash = hash_password("passw0rd", "otrs")
        self.assertTrue(otrs_sha256(p_hash, "passw0rd"))
        self.assertFalse(otrs_sha256(p_hash, "password"))

        # {SSHA}
        p_hash = hash_password("passw0rd", "ssha")
        self.assertTrue(check_ssha(p_hash, "passw0rd", hashlib.sha1, 20))
        self.assertFalse(check_ssha(p_hash, "password", hashlib.sha1, 20))

        # {SSHA256}
        p_hash = hash_password("passw0rd", "ssha256")
        self.assertTrue(check_ssha(p_hash, "passw0rd", hashlib.sha256, 32))
        self.assertFalse(check_ssha(p_hash, "password", hashlib.sha256, 32))

        # {SSHA512}
        p_hash = hash_password("passw0rd", "ssha512")
        self.assertTrue(check_ssha(p_hash, "passw0rd", hashlib.sha512, 64))
        self.assertFalse(check_ssha(p_hash, "password", hashlib.sha512, 64))
    def checkPass(self, uid, password):
        """
        This function checks the password for a given uid.
        If ``password`` is a unicode object, it is converted to the database encoding first.
        - returns true in case of success
        -         false if password does not match

        """
        res = False
        userinfo = self.getUserInfo(uid)
        if isinstance(password, unicode):
            password = password.encode(self.encoding)

        database_pw = userinfo.get("password", "XXXXXXX")
        if database_pw[:2] in ["$P", "$S"]:
            # We have a phpass (wordpress) password
            PH = PasswordHash()
            res = PH.check_password(password, userinfo.get("password"))
        # check salted hashed passwords
#        elif database_pw[:2] == "$6":
#            res = sha512_crypt.verify(password, userinfo.get("password"))
        elif database_pw[:6].upper() == "{SSHA}":
            res = check_ssha(database_pw, password, hashlib.sha1, 20)
        elif database_pw[:9].upper() == "{SSHA256}":
            res = check_ssha(database_pw, password, hashlib.sha256, 32)
        elif database_pw[:9].upper() == "{SSHA512}":
            res = check_ssha(database_pw, password, hashlib.sha512, 64)
        # check for hashed password.
        elif userinfo.get("password", "XXXXX")[:5].upper() == "{SHA}":
            res = check_sha(database_pw, password)
        elif len(userinfo.get("password")) == 64:
            # OTRS sha256 password
            res = otrs_sha256(database_pw, password)

        return res
示例#4
0
    def checkPass(self, uid, password):
        """
        This function checks the password for a given uid.
        If ``password`` is a unicode object, it is converted to the database encoding first.
        - returns true in case of success
        -         false if password does not match

        """
        res = False
        userinfo = self.getUserInfo(uid)
        if isinstance(password, unicode):
            password = password.encode(self.encoding)

        database_pw = userinfo.get("password", "XXXXXXX")
        if database_pw[:2] in ["$P", "$S"]:
            # We have a phpass (wordpress) password
            PH = PasswordHash()
            res = PH.check_password(password, userinfo.get("password"))
        # check salted hashed passwords
#        elif database_pw[:2] == "$6":
#            res = sha512_crypt.verify(password, userinfo.get("password"))
        elif database_pw[:6].upper() == "{SSHA}":
            res = check_ssha(database_pw, password, hashlib.sha1, 20)
        elif database_pw[:9].upper() == "{SSHA256}":
            res = check_ssha(database_pw, password, hashlib.sha256, 32)
        elif database_pw[:9].upper() == "{SSHA512}":
            res = check_ssha(database_pw, password, hashlib.sha512, 64)
        # check for hashed password.
        elif userinfo.get("password", "XXXXX")[:5].upper() == "{SHA}":
            res = check_sha(database_pw, password)
        elif len(userinfo.get("password")) == 64:
            # OTRS sha256 password
            res = otrs_sha256(database_pw, password)

        return res