diff options
Diffstat (limited to 'passlib/tests/test_handlers_django.py')
-rw-r--r-- | passlib/tests/test_handlers_django.py | 103 |
1 files changed, 85 insertions, 18 deletions
diff --git a/passlib/tests/test_handlers_django.py b/passlib/tests/test_handlers_django.py index ac5d1f9..00a2f9b 100644 --- a/passlib/tests/test_handlers_django.py +++ b/passlib/tests/test_handlers_django.py @@ -21,23 +21,30 @@ from passlib.tests.test_handlers import UPASS_WAV, UPASS_USD, UPASS_TABLE #============================================================================= # django #============================================================================= + +# standard string django uses +UPASS_LETMEIN = u('l\xe8tmein') + +def vstr(version): + return ".".join(str(e) for e in version) + class _DjangoHelper(object): # NOTE: not testing against Django < 1.0 since it doesn't support # most of these hash formats. - # flag if hash wasn't added until Django 1.4 - requires14 = False + # flag that hash wasn't added until specified version + min_django_version = () def fuzz_verifier_django(self): from passlib.tests.test_ext_django import DJANGO_VERSION - if DJANGO_VERSION < (1,0): - return None - if self.requires14 and DJANGO_VERSION < (1,4): + # check_password() not added until 1.0 + min_django_version = max(self.min_django_version, (1,0)) + if DJANGO_VERSION < min_django_version: return None from django.contrib.auth.models import check_password def verify_django(secret, hash): "django/check_password" - if DJANGO_VERSION >= (1,4) and not secret: + if (1,4) <= DJANGO_VERSION < (1,6) and not secret: return "skip" if self.handler.name == "django_bcrypt" and hash.startswith("bcrypt$$2y$"): hash = hash.replace("$$2y$", "$$2a$") @@ -51,16 +58,16 @@ class _DjangoHelper(object): def test_90_django_reference(self): "run known correct hashes through Django's check_password()" - from passlib.tests.test_ext_django import has_django1, has_django14 - if self.requires14 and not has_django14: - raise self.skipTest("Django >= 1.4 not installed") - if not has_django1: - raise self.skipTest("Django >= 1.0 not installed") + from passlib.tests.test_ext_django import DJANGO_VERSION + # check_password() not added until 1.0 + min_django_version = max(self.min_django_version, (1,0)) + if DJANGO_VERSION < min_django_version: + raise self.skipTest("Django >= %s not installed" % vstr(min_django_version)) from django.contrib.auth.models import check_password assert self.known_correct_hashes for secret, hash in self.iter_known_hashes(): - if has_django14 and not secret: - # django 1.4 rejects empty passwords + if (1,4) <= DJANGO_VERSION < (1,6) and not secret: + # django 1.4-1.5 rejects empty passwords self.assertFalse(check_password(secret, hash), "empty string should not have verified") continue @@ -76,8 +83,10 @@ class _DjangoHelper(object): def test_91_django_generation(self): "test against output of Django's make_password()" from passlib.tests.test_ext_django import DJANGO_VERSION - if DJANGO_VERSION < (1,4): - raise self.skipTest("Django >= 1.4 not installed") + # make_password() not added until 1.4 + min_django_version = max(self.min_django_version, (1,4)) + if DJANGO_VERSION < min_django_version: + raise self.skipTest("Django >= %s not installed" % vstr(min_django_version)) from passlib.utils import tick from django.contrib.auth.hashers import make_password name = self.handler.django_name # set for all the django_* handlers @@ -229,7 +238,7 @@ class django_salted_sha1_test(HandlerCase, _DjangoHelper): class django_pbkdf2_sha256_test(HandlerCase, _DjangoHelper): "test django_pbkdf2_sha256" handler = hash.django_pbkdf2_sha256 - requires14 = True + min_django_version = (1,4) known_correct_hashes = [ # @@ -244,7 +253,7 @@ class django_pbkdf2_sha256_test(HandlerCase, _DjangoHelper): class django_pbkdf2_sha1_test(HandlerCase, _DjangoHelper): "test django_pbkdf2_sha1" handler = hash.django_pbkdf2_sha1 - requires14 = True + min_django_version = (1,4) known_correct_hashes = [ # @@ -260,7 +269,7 @@ class django_bcrypt_test(HandlerCase, _DjangoHelper): "test django_bcrypt" handler = hash.django_bcrypt secret_size = 72 - requires14 = True + min_django_version = (1,4) known_correct_hashes = [ # @@ -292,6 +301,64 @@ class django_bcrypt_test(HandlerCase, _DjangoHelper): django_bcrypt_test = skipUnless(hash.bcrypt.has_backend(), "no bcrypt backends available")(django_bcrypt_test) +class django_bcrypt_sha256_test(HandlerCase, _DjangoHelper): + "test django_bcrypt_sha256" + handler = hash.django_bcrypt_sha256 + min_django_version = (1,6) + forbidden_characters = None + + known_correct_hashes = [ + # + # custom - generated via django 1.6 hasher + # + ('', + 'bcrypt_sha256$$2a$06$/3OeRpbOf8/l6nPPRdZPp.nRiyYqPobEZGdNRBWihQhiFDh1ws1tu'), + (UPASS_LETMEIN, + 'bcrypt_sha256$$2a$08$NDjSAIcas.EcoxCRiArvT.MkNiPYVhrsrnJsRkLueZOoV1bsQqlmC'), + (UPASS_TABLE, + 'bcrypt_sha256$$2a$06$kCXUnRFQptGg491siDKNTu8RxjBGSjALHRuvhPYNFsa4Ea5d9M48u'), + + # test >72 chars is hashed correctly -- under bcrypt these hash the same. + (repeat_string("abc123",72), + 'bcrypt_sha256$$2a$06$Tg/oYyZTyAf.Nb3qSgN61OySmyXA8FoY4PjGizjE1QSDfuL5MXNni'), + (repeat_string("abc123",72)+"qwr", + 'bcrypt_sha256$$2a$06$Tg/oYyZTyAf.Nb3qSgN61Ocy0BEz1RK6xslSNi8PlaLX2pe7x/KQG'), + (repeat_string("abc123",72)+"xyz", + 'bcrypt_sha256$$2a$06$Tg/oYyZTyAf.Nb3qSgN61OvY2zoRVUa2Pugv2ExVOUT2YmhvxUFUa'), + ] + + known_malformed_hashers = [ + # data in django salt field + 'bcrypt_sha256$xyz$2a$06$/3OeRpbOf8/l6nPPRdZPp.nRiyYqPobEZGdNRBWihQhiFDh1ws1tu', + ] + + def test_30_HasManyIdents(self): + raise self.skipTest("multiple idents not supported") + + def test_30_HasOneIdent(self): + # forbidding ident keyword, django doesn't support configuring this + handler = self.handler + handler(use_defaults=True) + self.assertRaises(TypeError, handler, ident="$2a$", use_defaults=True) + + # NOTE: the following have been cloned from _bcrypt_test() + + def populate_settings(self, kwds): + # speed up test w/ lower rounds + kwds.setdefault("rounds", 4) + super(django_bcrypt_sha256_test, self).populate_settings(kwds) + + def fuzz_setting_rounds(self): + # decrease default rounds for fuzz testing to speed up volume. + return randintgauss(5, 8, 6, 1) + + def fuzz_setting_ident(self): + # omit multi-ident tests, only $2a$ counts for this class + return None + +django_bcrypt_sha256_test = skipUnless(hash.bcrypt.has_backend(), + "no bcrypt backends available")(django_bcrypt_sha256_test) + #============================================================================= # eof #============================================================================= |