| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* split ut2 backports into separate module to keep them distinct from customizations
* added backport of skip() / skipIf(), simplified a bunch of code
* "PASSLIB_TESTS" env var renamed to "PASSLIB_TEST_MODE",
has one of three values (quick,default,full)
* assertWarningList() can now be used as context manager
* added TestCase.mktemp(), and some capability tests via TestCase.require_xxx()
* HandlerCase
- subclasses can now modify do_xxx() settings and context using unified interface.
- defaults to lower number of rounds for all hashes, to speed up UTs
- create_backend_case() is now classmethod that yields multiple backends
- added test to ensure os_crypt hashes forbid NULL chars
- EncodingHandlerMixin for common tests of 'encoding' keyword
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
reference
|
| |
|
|
|
|
|
| |
* password hash api rewritten to center around PasswordHash abstract class
* extended walkthrough and documentation for PasswordHash interface
* pared down the per-hash examples, added links to PasswordHash
* updates docs and warnings
|
| |
|
|
|
|
|
|
|
|
|
| |
- monkeypatching now formalized w/ a patch manager,
and should be *much* more resilient.
- patch states reduced greatly, simplified code and tests
- now handles django 1.4 correctly - patches hashers module as well
(had to write some new wrappers)
- added experimental methods GenericHandler.parsehash() to back our wrapper of Hasher.safe_summary()
- XXX: doesn't currently import current HASHER state,
- XXX: can't import hashers into passlib either -- though left initial notes on this
|
| |
|
|
|
|
| |
- updated salt handling of the existing django hashes, in a way which should be backwards compatible w/ django 1.0
- UTs now test Django hasher output against passlib handlers (reverse was already being done)
- refactor of fuzz testing to reuse some of the methods.
|
| |
|
|
|
|
| |
passlib.ifc.PasswordHash
(also had to make some tweaks to fix class repr due to ABCMeta)
|
| |
|
|
| |
containing ALL hashes, with the exception of ones with problematic identify() methods
|
| |
|
|
| |
of hash components
|
| |
|
|
|
|
| |
- plaintext, ldap_plaintext, lmhash, htdigest all support it
- also expose default_encoding attribute
- moved HasEncodingContext from lmhash to handlers
|
| | |
|
| |
|
|
| |
for release. will adjust issue 24.
|
| |
|
|
|
|
|
| |
- renamed internal update hooks as well
- needs_update() now accepts an optional copy of the password.
this is unused for now, but should pave the way for properly
migrating crypt_blowfish $2x$ hashes in the next release.
|
| |
|
|
|
|
| |
- handler() uses scheme=None instead of "default" for default scheme
- factored out common _get_or_identify_record() from genhash, verify, etc
- added schemes & category typecheck to _get_record(), takes care of primary interface methods
|
| | |
|
| |
|
|
| |
helper functions
|
| |
|
|
| |
hashes
|
| | |
|
| |
|
|
| |
issue w/ os_crypt proxying builtin bcrypt
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
crypt() testing
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
* bsdi_crypt apparently available on openbsd 4.9
* typo fixes
* ConfigParser apparently only uses OrderedDict for >= PY27,
adjusted CryptContext test accordingly
* fixed test that depended on sha256_crypt.default_rounds
* handle os_crypt backend w/ no fallback (bcrypt)
* let _norm_rounds accept longs
|
| | |
|
| |
|
|
| |
with even rounds
|
| | |
|
| |
|
|
|
|
| |
* moved test_context to test_context_deprecated, to ensure pre-1.6 behavior
is retained, at least until 1.8
* new test_context merges CryptPolicy tests into CryptContextTest
|
| |
|
|
| |
directly
|
| |
|
|
| |
tweaked a little
|
| |
|
|
|
|
|
|
|
|
| |
* this should simplify the api for users, CryptPolicy encapsulated an implementation detail
they didn't need to deal with.
* config file parsing is a lot stricter, easier for apps to add custom hacks
* CryptContext instances can now be reconfigured much easier.
* loads should be faster.
(breaking changes into multiple commits)
|
| |
|
|
| |
missing chars
|
| |
|
|
| |
ambiguous method names
|
| | |
|
| |
|
|
|
| |
* cleaned up source of des_crypt variants and DES util functions
* DES utils functions now have tighter input validation, full UT coverage
|
| |
|
|
|
|
|
| |
* test os_crypt backend has functional fallback
* test handler methods accept all unicode/bytes combinations for secret & hash
* fixed some incorrect error messages & types being caught & raised
* other minor cleanups
|
| |
|
|
| |
error for inconsistent hashes.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* passing a non-string secret or non-string hash to any
CryptContext or handler method will now reliably result
in a TypeError.
previously, passing hash=None to many handler identify() and verify()
methods would return False, while others would raise a TypeError.
other handler methods would alternately throw ValueError or TypeError
when passed a value that wasn't unicode or bytes.
the various CryptContext methods also behaved inconsistently,
depending on the behavior of the underlying handler.
all of these behaviors are gone, they should all raise the same TypeError.
* redid many of the from_string() methods to verify the hash type.
* moved secret type & size validation to GenericHandler's encrypt/genhash/verify methods.
this cheaply made the secret validation global to all hashes, and lets
_calc_digest() implementations trust that the secret is valid.
* updated the CryptContext and handler unittests to verify the above behavior is adhered to.
|
| |
|
|
| |
right_pad_string)
|
| |
|
|
|
|
|
|
|
| |
* split os_crypt tests into separate mixin
* tests now require os_crypt backends to detect some simple incorrect returns from crypt()
- e.g. returning wrong ident prefix, wrong size, etc
- added relevant asserts to all os_crypt backends
* tests now check if platform crypt detection is functioning correctly
via platform_crypt_support dict in tests.
|
| | |
|
| |
|
|
|
| |
* tried to clarify documentation & alg for builtin md5_crypt / sha2-crypt backends
* replaced regex parser in sha2-crypt with index-based one - less redundant, and should be faster.
|
| |
|
|
| |
bunch of redundant code
|
