diff options
author | Eli Collins <elic@assurancetechnologies.com> | 2017-01-22 13:57:19 -0500 |
---|---|---|
committer | Eli Collins <elic@assurancetechnologies.com> | 2017-01-22 13:57:19 -0500 |
commit | 6b3c7bc41519db039098b6f769734e34a388423c (patch) | |
tree | b83980ea03765d099c6a3c2e6e5354490237a474 | |
parent | a8a6d594f15458b4e81fa0054d2c49b57dd72fb5 (diff) | |
parent | 51f21eb091243fe4abf0915a4c391c548e24e9a9 (diff) | |
download | passlib-6b3c7bc41519db039098b6f769734e34a388423c.tar.gz |
Merge with stable
-rw-r--r-- | docs/history/1.5.rst | 4 | ||||
-rw-r--r-- | docs/history/1.6.rst | 4 | ||||
-rw-r--r-- | docs/history/1.7.rst | 5 | ||||
-rw-r--r-- | docs/lib/passlib.hash.bcrypt.rst | 7 | ||||
-rw-r--r-- | passlib/_setup/stamp.py | 12 | ||||
-rw-r--r-- | passlib/crypto/digest.py | 2 | ||||
-rw-r--r-- | passlib/handlers/bcrypt.py | 4 | ||||
-rw-r--r-- | passlib/ifc.py | 2 | ||||
-rw-r--r-- | passlib/tests/test_totp.py | 48 | ||||
-rw-r--r-- | passlib/tests/utils.py | 8 | ||||
-rw-r--r-- | passlib/totp.py | 4 | ||||
-rw-r--r-- | passlib/utils/handlers.py | 3 |
12 files changed, 69 insertions, 34 deletions
diff --git a/docs/history/1.5.rst b/docs/history/1.5.rst index 9d4135c..9d084c2 100644 --- a/docs/history/1.5.rst +++ b/docs/history/1.5.rst @@ -99,8 +99,8 @@ Passlib 1.5 * improved version datestamps in build script. -**1.5** (2011-07-11) -==================== +**1.5.0** (2011-07-11) +====================== *"20% more unicode than the leading breakfast cereal"* diff --git a/docs/history/1.6.rst b/docs/history/1.6.rst index 466343f..45ae322 100644 --- a/docs/history/1.6.rst +++ b/docs/history/1.6.rst @@ -115,8 +115,8 @@ Other Changes * Various documentation updates and corrections. -**1.6** (2012-05-01) -==================== +**1.6.0** (2012-05-01) +====================== Overview -------- diff --git a/docs/history/1.7.rst b/docs/history/1.7.rst index 449ee56..60319dd 100644 --- a/docs/history/1.7.rst +++ b/docs/history/1.7.rst @@ -13,6 +13,11 @@ Passlib 1.7 * bugfix: setup.py: prevent erroneous version strings when run from an sdist. +* bugfix: TOTP tests: test setup now traps additional errors utcfromtimestamp() + may throw under python 3. + +* various documentation updates + .. rst-class:: emphasize-children toc-always-open **1.7.0** (2016-11-22) diff --git a/docs/lib/passlib.hash.bcrypt.rst b/docs/lib/passlib.hash.bcrypt.rst index 4683690..c7c5951 100644 --- a/docs/lib/passlib.hash.bcrypt.rst +++ b/docs/lib/passlib.hash.bcrypt.rst @@ -169,7 +169,7 @@ This implementation of bcrypt differs from others in a few ways: generated with the buggy algorithm. Passlib 1.6 recognizes (but does not currently support generating or verifying) these hashes. - ``$2y$``, the default for crypt_blowfish 1.1 and newer, indicates + ``$2y$``, the default for crypt_blowfish 1.1-1.2, indicates the hash was generated with the canonical OpenBSD-compatible algorithm, and should match *correctly* generated ``$2a$`` hashes. Passlib 1.6 can generate and verify these hashes. @@ -180,6 +180,8 @@ This implementation of bcrypt differs from others in a few ways: does not support this algorithmic variant either, though it should be *very* rarely encountered in practice. + (crypt_blowfish 1.3 switched to the ``$2b$`` standard as the default) + .. versionchanged:: 1.6.3 Passlib will now throw a :exc:`~passlib.exc.PasslibSecurityError` if an attempt is @@ -223,4 +225,5 @@ This implementation of bcrypt differs from others in a few ways: `CVE-2011-2483 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2483>`_ .. [#wraparound] The wraparound flaw is described here - - `<http://www.openwall.com/lists/oss-security/2012/01/02/4>`_
\ No newline at end of file + `<http://www.openwall.com/lists/oss-security/2012/01/02/4>`_ + diff --git a/passlib/_setup/stamp.py b/passlib/_setup/stamp.py index 2ce3eb3..5806479 100644 --- a/passlib/_setup/stamp.py +++ b/passlib/_setup/stamp.py @@ -24,14 +24,10 @@ def get_command_class(opts, name): return opts['cmdclass'].get(name) or Distribution().get_command_class(name) def get_command_options(opts, command): - return opts.setdefault("command_options", {}).setdefault(command, {}) - -def set_command_options(opts, command, _source_="setup.py", **kwds): - target = get_command_options(opts, command) - target.update( - (key, (_source_, value)) - for key, value in kwds.items() - ) + return opts.setdefault("options", {}).setdefault(command, {}) + +def set_command_options(opts, command, **kwds): + get_command_options(opts, command).update(kwds) def _get_file(path): with open(path, "r") as fh: diff --git a/passlib/crypto/digest.py b/passlib/crypto/digest.py index 18dce85..d26f892 100644 --- a/passlib/crypto/digest.py +++ b/passlib/crypto/digest.py @@ -124,7 +124,7 @@ def _get_hash_aliases(name): return result # try to clean name up some more - m = re.match("(?i)^(?P<name>[a-z]+)-?(?P<rev>\d)?-?(?P<size>\d{3,4})?$", name) + m = re.match(r"(?i)^(?P<name>[a-z]+)-?(?P<rev>\d)?-?(?P<size>\d{3,4})?$", name) if m: # roughly follows "SHA2-256" style format, normalize representation, # and checked table. diff --git a/passlib/handlers/bcrypt.py b/passlib/handlers/bcrypt.py index 117bc64..e5fbfe0 100644 --- a/passlib/handlers/bcrypt.py +++ b/passlib/handlers/bcrypt.py @@ -775,13 +775,13 @@ class bcrypt(_NoBackend, _BcryptCommon): :type ident: str :param ident: Specifies which version of the BCrypt algorithm will be used when creating a new hash. - Typically this option is not needed, as the default (``"2a"``) is usually the correct choice. + Typically this option is not needed, as the default (``"2b"``) is usually the correct choice. If specified, it must be one of the following: * ``"2"`` - the first revision of BCrypt, which suffers from a minor security flaw and is generally not used anymore. * ``"2a"`` - some implementations suffered from rare security flaws, replaced by 2b. * ``"2y"`` - format specific to the *crypt_blowfish* BCrypt implementation, - identical to ``"2a"`` in all but name. + identical to ``"2b"`` in all but name. * ``"2b"`` - latest revision of the official BCrypt algorithm, current default. :param bool truncate_error: diff --git a/passlib/ifc.py b/passlib/ifc.py index 606fd05..7adf665 100644 --- a/passlib/ifc.py +++ b/passlib/ifc.py @@ -91,7 +91,7 @@ class PasswordHash(object): @abstractmethod def hash(cls, secret, # * **setting_and_context_kwds): # pragma: no cover -- abstract method - """ + r""" Hash secret, returning result. Should handle generating salt, etc, and should return string containing identifier, salt & other configuration, as well as digest. diff --git a/passlib/tests/test_totp.py b/passlib/tests/test_totp.py index 9af4d15..54a9d91 100644 --- a/passlib/tests/test_totp.py +++ b/passlib/tests/test_totp.py @@ -53,15 +53,45 @@ KEY4_RAW = b'Hello!\xde\xad\xbe\xef' assert sys.float_info.radix == 2, "unexpected float_info.radix" assert sys.float_info.mant_dig >= 44, "double precision unexpectedly small" -# work out maximum value acceptable by hosts's time_t -# this is frequently 2**37, though smaller on some systems. -max_time_t = 30 -while True: - try: - datetime.datetime.utcfromtimestamp(max_time_t << 1) - max_time_t <<= 1 - except ValueError: - break +def _get_max_time_t(): + """ + helper to calc max_time_t constant (see below) + """ + value = 1 << 30 # even for 32 bit systems will handle this + year = 0 + while True: + next_value = value << 1 + try: + next_year = datetime.datetime.utcfromtimestamp(next_value-1).year + except (ValueError, OSError, OverflowError): + # utcfromtimestamp() may throw any of the following: + # + # * year out of range for datetime: + # py < 3.6 throws ValueError. + # (py 3.6.0 returns odd value instead, see workaround below) + # + # * int out of range for host's gmtime/localtime: + # py2 throws ValueError, py3 throws OSError. + # + # * int out of range for host's time_t: + # py2 throws ValueError, py3 throws OverflowError. + # + return value-1 + + # Workaround for python 3.6.0 issue -- + # Instead of throwing ValueError if year out of range for datetime, + # Python 3.6 will do some weird behavior that masks high bits + # e.g. (1<<40) -> year 36812, but (1<<41) -> year 6118. + # (Filed as bug -- http://bugs.python.org/issue29346) + # This check stops at largest non-wrapping bit size. + if next_year < year: + return value-1 + + value = next_value + +#: Rough approximation of max value acceptable by hosts's time_t. +#: This is frequently ~2**37 on 64 bit, and ~2**31 on 32 bit systems. +max_time_t = _get_max_time_t() def to_b32_size(raw_size): return (raw_size * 8 + 4) // 5 diff --git a/passlib/tests/utils.py b/passlib/tests/utils.py index 62f3ab3..e1b7b0e 100644 --- a/passlib/tests/utils.py +++ b/passlib/tests/utils.py @@ -246,7 +246,7 @@ def hb(source): usage: ``hb("deadbeef23")`` """ - return unhexlify(re.sub("\s", "", source)) + return unhexlify(re.sub(r"\s", "", source)) def limit(value, lower, upper): if value < lower: @@ -261,7 +261,7 @@ def quicksleep(delay): while tick()-start < delay: pass -def time_call(func, setup=None, maxtime=1, bestof=3): +def time_call(func, setup=None, maxtime=1, bestof=10): """ timeit() wrapper which tries to get as accurate a measurement as possible w/in maxtime seconds. @@ -366,8 +366,8 @@ class TestCase(_TestCase): # ignore warnings about PasswordHash features deprecated in 1.7 # TODO: should be cleaned in 2.0, when support will be dropped. # should be kept until then, so we test the legacy paths. - warnings.filterwarnings("ignore", "the method .*\.(encrypt|genconfig|genhash)\(\) is deprecated") - warnings.filterwarnings("ignore", "the 'vary_rounds' option is deprecated") + warnings.filterwarnings("ignore", r"the method .*\.(encrypt|genconfig|genhash)\(\) is deprecated") + warnings.filterwarnings("ignore", r"the 'vary_rounds' option is deprecated") #--------------------------------------------------------------- # tweak message formatting so longMessage mode is only enabled diff --git a/passlib/totp.py b/passlib/totp.py index f0edf36..c2e8891 100644 --- a/passlib/totp.py +++ b/passlib/totp.py @@ -83,7 +83,7 @@ if sys.version_info < (2,7,4): #----------------------------------------------------------------------------- #: regex used to clean whitespace from tokens & keys -_clean_re = re.compile(u("\s|[-=]"), re.U) +_clean_re = re.compile(u(r"\s|[-=]"), re.U) _chunk_sizes = [4,6,5] @@ -1140,7 +1140,7 @@ class TOTP(object): @classmethod def verify(cls, token, source, **kwds): - """ + r""" Convenience wrapper around :meth:`TOTP.from_source` and :meth:`TOTP.match`. This parses a TOTP key & configuration from the specified source, diff --git a/passlib/utils/handlers.py b/passlib/utils/handlers.py index ef553ab..76613bf 100644 --- a/passlib/utils/handlers.py +++ b/passlib/utils/handlers.py @@ -654,7 +654,8 @@ class GenericHandler(MinimalHandler): @classmethod def from_string(cls, hash, **context): # pragma: no cover - """return parsed instance from hash/configuration string + r""" + return parsed instance from hash/configuration string :param \*\*context: context keywords to pass to constructor (if applicable). |