def test_verifyCryptedPasswordOSError(self): """ L{cred_unix.verifyCryptedPassword} when OSError is raised """ def mockCrypt(password, salt): raise OSError("") password = "******" cryptedCorrect = crypt.crypt(password, "ab") self.patch(crypt, "crypt", mockCrypt) self.assertFalse( cred_unix.verifyCryptedPassword(cryptedCorrect, password))
def requestAvatarId(self, credentials): # We get bytes, but the Py3 pwd module uses str. So attempt to decode # it using the same method that CPython does for the file on disk. username = credentials.username.decode(sys.getfilesystemencoding()) password = credentials.password.decode(sys.getfilesystemencoding()) for func in self._getByNameFunctions: try: pwnam = func(username) except KeyError: return defer.fail(UnauthorizedLogin("invalid username")) else: if pwnam is not None: crypted = pwnam[1] if crypted == "": continue if verifyCryptedPassword(crypted, password): return defer.succeed(credentials.username) # fallback return defer.fail(UnauthorizedLogin("unable to verify password"))
def test_verifyCryptedPassword(self): """ L{cred_unix.verifyCryptedPassword} """ password = "******" for salt in (None, "ab"): try: cryptedCorrect = crypt.crypt(password, salt) if isinstance(cryptedCorrect, bytes): cryptedCorrect = cryptedCorrect.decode("utf-8") except TypeError: # Older Python versions would throw a TypeError if # a value of None was is used for the salt. # Newer Python versions allow it. continue cryptedIncorrect = "$1x1234" self.assertTrue( cred_unix.verifyCryptedPassword(cryptedCorrect, password)) self.assertFalse( cred_unix.verifyCryptedPassword(cryptedIncorrect, password)) # Python 3.3+ has crypt.METHOD_*, but not all # platforms implement all methods. for method in ("METHOD_SHA512", "METHOD_SHA256", "METHOD_MD5", "METHOD_CRYPT"): cryptMethod = getattr(crypt, method, None) if not cryptMethod: continue password = "******" crypted = crypt.crypt(password, cryptMethod) if isinstance(crypted, bytes): crypted = crypted.decode("utf-8") incorrectCrypted = crypted + "blahfooincorrect" result = cred_unix.verifyCryptedPassword(crypted, password) self.assertTrue(result) # Try to pass in bytes result = cred_unix.verifyCryptedPassword(crypted.encode("utf-8"), password.encode("utf-8")) self.assertTrue(result) result = cred_unix.verifyCryptedPassword(incorrectCrypted, password) self.assertFalse(result) # Try to pass in bytes result = cred_unix.verifyCryptedPassword( incorrectCrypted.encode("utf-8"), password.encode("utf-8")) self.assertFalse(result)