Projet

Général

Profil

0001-fields-add-PBKDF2-hashed-password-format-35533.patch

Nicolas Roche, 09 septembre 2019 15:05

Télécharger (4,06 ko)

Voir les différences: 

Subject: [PATCH] fields: add PBKDF2 hashed password format (#35533)


 tests/test_form_pages.py | 12 ++++++------
 wcs/fields.py            |  3 ++-
 wcs/qommon/form.py       |  4 +++-
 3 files changed, 11 insertions(+), 8 deletions(-)
tests/test_form_pages.py
19 19 
except ImportError:
20 20 
    Image = None
21 21 

  		




  
  22
  
    
from django.contrib.auth.hashers import PBKDF2PasswordHasher

  		




  22
  23
  
    
from quixote.http_request import Upload as QuixoteUpload

  		




  23
  24
  
    
from wcs.qommon.emails import docutils

  		




  24
  25
  
    
from wcs.qommon.form import UploadedFile

  		




  ......




  1937
  1938
  
    
    formdef = create_formdef()

  		




  1938
  1939
  
    
    formdef.enable_tracking_codes = True

  		




  1939
  1940
  
    
    formdef.fields = [fields.PasswordField(id='0', label='password',

  		




  1940
  
  
    
        formats=['sha1', 'md5', 'cleartext'])]

  		




  
  1941
  
    
        formats=['sha1', 'md5', 'cleartext', 'pbkdf2'])]

  		




  1941
  1942
  
    
    formdef.store()

  		




  1942
  1943
  
    
    page = app.get('/test/')

  		




  1943
  1944
  
    
    formdef.data_class().wipe()

  		




  ......




  1954
  1955
  
    
    assert formdef.data_class().count() == 1

  		




  1955
  1956
  
    
    data_id = formdef.data_class().select()[0].id

  		




  1956
  1957
  
    
    data = formdef.data_class().get(data_id)

  		




  1957
  
  
    
    assert data.data == {'0': {

  		




  1958
  
  
    
        'sha1': hashlib.sha1(password).hexdigest(),

  		




  1959
  
  
    
        'md5': hashlib.md5(password).hexdigest(),

  		




  1960
  
  
    
        'cleartext': unicode(password, 'utf-8'),

  		




  1961
  
  
    
        }}

  		




  
  1958
  
    
    assert data.data['0']['sha1'] == hashlib.sha1(password).hexdigest()

  		




  
  1959
  
    
    assert data.data['0']['md5'] == hashlib.md5(password).hexdigest()

  		




  
  1960
  
    
    assert data.data['0']['cleartext'] == unicode(password, 'utf-8')

  		




  
  1961
  
    
    assert PBKDF2PasswordHasher().verify(password, data.data['0']['pbkdf2'])

  		




  1962
  1962
  
    

  		




  1963
  1963
  
    
def test_form_password_field_submit(pub):

  		




  1964
  1964
  
    
    user = create_user(pub)

  		












  

    
      wcs/fields.py
    
  





  2285
  2285
  
    
    confirmation = True

  		




  2286
  2286
  
    
    confirmation_title = None

  		




  2287
  2287
  
    
    strength_indicator = True

  		




  2288
  
  
    
    formats = ['sha1']

  		




  
  2288
  
    
    formats = ['pbkdf2']

  		




  2289
  2289
  
    
    extra_attributes = ['formats', 'min_length', 'max_length',

  		




  2290
  2290
  
    
            'count_uppercase', 'count_lowercase', 'count_digit',

  		




  2291
  2291
  
    
            'count_special', 'confirmation', 'confirmation_title',

  		




  ......




  2301
  2301
  
    
        formats = [('cleartext', _('Clear text')),

  		




  2302
  2302
  
    
            ('md5', _('MD5')),

  		




  2303
  2303
  
    
            ('sha1', _('SHA1')),

  		




  
  2304
  
    
            ('pbkdf2', _('PBKDF2')),

  		




  2304
  2305
  
    
            ]

  		




  2305
  2306
  
    
        form.add(CheckboxesWidget, 'formats', title=_('Storage formats'),

  		




  2306
  2307
  
    
                value=self.formats, options=formats, inline=True)

  		












  

    
      wcs/qommon/form.py
    
  





  66
  66
  
    
from django.utils.six import StringIO

  		




  67
  67
  
    

  		




  68
  68
  
    
from django.conf import settings

  		




  
  69
  
    
from django.contrib.auth.hashers import PBKDF2PasswordHasher

  		




  69
  70
  
    
from django.utils.safestring import mark_safe

  		




  70
  71
  
    

  		




  71
  72
  
    
from .template import render as render_template, Template, TemplateError

  		




  ......




  2068
  2069
  
    
        confirmation_title = kwargs.get('confirmation_title') or _('Confirmation')

  		




  2069
  2070
  
    
        self.strength_indicator = kwargs.get('strength_indicator', True)

  		




  2070
  2071
  
    

  		




  2071
  
  
    
        self.formats = kwargs.get('formats', ['sha1'])

  		




  
  2072
  
    
        self.formats = kwargs.get('formats', ['pbkdf2'])

  		




  2072
  2073
  
    
        if not self.attrs.get('readonly'):

  		




  2073
  2074
  
    
            self.add(PasswordWidget, name='pwd1', title='',

  		




  2074
  2075
  
    
                    value='',

  		




  ......




  2184
  2185
  
    
            'cleartext': lambda x: x,

  		




  2185
  2186
  
    
            'md5': lambda x: hashlib.md5(x).hexdigest(),

  		




  2186
  2187
  
    
            'sha1': lambda x: hashlib.sha1(x).hexdigest(),

  		




  
  2188
  
    
            'pbkdf2': lambda x: PBKDF2PasswordHasher().encode(x, PBKDF2PasswordHasher().salt())

  		




  2187
  2189
  
    
        }

  		




  2188
  2190
  
    

  		




  2189
  2191
  
    
        if pwd1:

  		




  2190
  
  
    
-