| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* tests now filter out some passlib deprecation warnings
* bugfix: @doesnt_require_backend() decorator (rev XXX) now silences
MissingBackendError exceptions thrown during HandlerCase.setUp()
* simplified some monkeypatching within test_registry
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| | |
For all prior releases of passlib, `TOTP().to_uri()` would only output an
"issuer" parameter. Per the KeyURI spec, issuer should also be prepended
to the label for backward compatibility.
|
|/
|
|
|
|
|
| |
realized can do this now that we're requiring python3 >= 3.3.
had to keep u() helper around for u(r"") instances, since py3 doesn't have ur"".
but switched it to use ascii decoding for py2, to make sure things are clean.
|
|
|
|
| |
fix max_time_t to catch yet another utcfromtimestamp() error.
|
|
|
|
| |
it was errorneously letting through; also workaround for python 3.6 issue 29346.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in reproducible manner.
* added TestCase.getRandom() helper, which creates RNG initialized
from ${RANDOM_TEST_SEED} or ${PYTHONHASHSEED} when possible,
and logs the seed so that exact test can be reproduced in future.
* replaced all test references to 'passlib.utils.rng' or other random source
with TestCase().getRandom() call.
* once remaining bit was all the hash fuzz tests.
since these are called over multiple threads, would either have to
pass around a per-thread RNG to every call, or refactor fuzz generator
into separate class, so we could make a separate instance per thread.
latter choice seemed generally cleaner anyways, so...
* Refactored fuzz generator methods into FuzzHashGeneator class.
- Uses separate RNG per thread, seeded from .getRandom() using thread name.
- removed class-scanning magic, now uses explicit lists of verifiers
& parameter generation helpers.
|
|
|
|
| |
TOTP.normalize_time() turned into class method, made public.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* renamed AppWallet.can_encrypt -> AppWallet.has_secrets,
no longer set to False if AES support is missing --
that way if app provides a secret, we either encrypt or throw error,
rather than silently not encrypting.
* .to_dict()'s "encrypt" keyword now uses None as default, rather than special string "auto"
* hmac function now cached across multiple ._generate() calls,
making ._find_match() a lot faster.
* .key now a property, so that setting it clears encrypt key & hmac cache
* factored out encrypted key code into .encrypted_key property.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
place.
* renamed TOTP.verify() to TOTP.match() -- this matches the TotpMatch class name
a little better, and frees up TOTP.verify() for something new.
* added new TOTP.verify() which handles parsing TOTP config source,
and calling TOTP.match(), in one go. Main purpose of this is that
it has same signature (and roughly the same behavior) as PasswordHash.verify().
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the application secrets needing for encryption -- renamed to AppWallet()
* AppWallet class dedicated to just holding application secrets,
rather than providing awkward frontend for TOTP construction.
Intended method for invoking it is through TOTP.using(),
which handles the details of construction.
* Renamed TOTP.context attr to TOTP.wallet
* Removed 'context' keyword from TOTP.from_source() etc,
callers should now bind the wallet via TOTP.using().from_source().
* Made AppWallet.default_tag a public attr,
renamed 'cost' attr to 'encrypt_cost'
* Removed the passlib.totp toplevel constructors (new, from_uri, from_json) --
can now do all that from TOTP class.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
configuration options
(such as secrets) already bound to the class.
* added TOTP.using() helper
* removed 'now' keyword from TOTP() constructor,
can now only be specified via TOTP.using() -- adjusted UTs accordingly
*
|
|
|
|
|
|
| |
different.
otherwise get unexpected results when outputting encrypted objects.
|
|
|
|
| |
and added TOTP.from_dict() for explicitly deserializing from dict format.
|
|
|
|
|
| |
to provider .cache_seconds & .cache_time attributes to help applications
decide how long the counter value should be cached.
|
|
|
|
|
|
|
| |
TOTP.last_counter).
switching to purely stateless object, will update docs so that apps are
instructed to persist verify()'s last_counter value independantly.
|
|
|
|
| |
since there's no need for the subdivision.
|
|
|
|
| |
to justify the contortions it requires in the shared BaseOTP api.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
of the verify() return types, other related changes.
This commit updates a bunch of the TOTP API, in an attempt to finalize it for release.
TOTP
----
* The client clock-skew prediction code was stripped out from TOTP.consume()
and elsewhere, along with the internal "history" attribute. This code wasn't
going to be much use unless much better statistical analysis was added,
so stripping out the non-functional code that was present.
All that's left is the ability to pass an externally calculated
'skew' value into TOTP.verify() / .consume() (keyword previously named 'offset',
which was deemed too ambigious).
* TOTP.verify() / TotpMatch: Iterable signature changed from (matched_counter, estimated_skew)
to (matched_counter, time). This reflects the underlying
source data, eliminating the need to needlessly calculate derived values.
It also aligns better with HotpMatch, and removes the 'skew' parameter
(which has been stripped out).
'.counter_skipped' attribute was renamed to '.skipped'
* TOTP.verify() now handles token-reuse detection:
Relocated code handling this from TOTP.consume(),
renamed 'min_start' renamed to 'last_counter',
and added 'reuse=False' keyword.
This makes it easier to test & use independantly,
as well as making TOTP.consume() more of just a wrapper for .verify().
* TOTP.consume() now returns TotpMatch() object from .verify(),
rather than just "True"; more consistent as just a wrapper for .verify()
* internal TOTP._time_to_counter() no longer passing input through normalize_time(),
removing some redundant calls.
HOTP
----
* HOTP.verify() / HotpMatch: Iterable content changed from (next_counter, skipped)
to (matched_counter, expected_counter). This reflects the underlying
source data, eliminating the need to needlessly calculate derived values.
It also aligns better with TotpMatch.
'.counter_skipped' attribute was renamed to '.skipped'
* HTOP.verify(): now compares token against last counter value,
so that it can raise a UsedTokenError() when appropriate.
* HOTP.consume() now returns HotpMatch() object from .verify(),
rather than just "True"; more consistent as just a wrapper for .verify()
Other
-----
* OTPContext: stripped out support for XOR-based encryption scheme (only used during alpha development)
* HotpMatch, TotpToken, and TotpMatch now have custom reprs,
to highlight that they aren't just tuples.
Tests
-----
* removed clock-skew prediction tests
* removed legacy XOR-based encryption tests
* consolidated some boilerplate arrays of tests into some helper methods.
this includes .assertHotpMatch(), .assertTotpMatch(), .assertVerifyMatches(), .assertVerifyRaises()
* added tests for TOTP.verify()/.consume()'s "skew" and "reuse" parameters
* various updates to account for call signature changes above
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
application secrets
This reworks a large portion of the totp module's API, to make it fit better
with the needs of the applications it's been integrated into so far.
* Key encryption encapsulated in new OTPContext() class,
which not only handles encryption of keys, but supports
multiple application secrets, allowing migration to new secrets
(whether periodic, or after a breach).
This makes workflow of OTP object serialization *much* simpler.
* encryption format changed to use a simple dict, which gets embedded
into overall json data; eliminates need for custom binary format.
* BaseOTP.generate_next() has been renamed to .advance(),
to make it distinct from .generate(), and give better hinting
that it modifies the internal state
BaseOTP.verify_next() has been renamed to .consume() for similar reasons.
* All .verify() and .verify_next() methods have been modified
so they throw an InvalidTokenError if the token doesn't match,
instead of returning False.
This reduces the boilerplate needed to implement them,
as code already had to catch ValueErrors for malformed tokens & reused tokens.
- the HotpMatch / TotpMatch objects were adjusted to account
for fact that they're only used when token matches successfully.
* better exception hierarchy: added base TokenError,
as well as subclasses for specific cases (MalformedTokenError,
InvalidTokenError, UsedTokenError).
* renamed BaseOTP.dirty -> BaseOTP.changed
* BaseOTP now detects if encryption is old, and flags that re-encryption
+ re-serialization is needed.
* .from_string() / .to_string() renamed to .from_json() / .to_json()
to disambiguate with .from_uri() / .to_uri(), which also returns a string.
|
|
|
|
| |
prevents crash under e.g. py27/win32, where time_t is limited to 34 bits.
|
|
|
|
| |
to tox.ini
|
|
|
|
| |
prevents some spurious test failures when under erratic system load
|
|
|
|
| |
'cryptography' package
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and moved them to a separate passlib.crypto subpackage.
along with this move, made a few api cleanups:
* unified all code that's looking up hashes
to use new passlib.crypto.lookup_hash() wrapper, which takes
care of hash name normalization, loading fallback implementations,
and alg metadata inspection, all hidden behind a memoized function.
* deprecated pbkdf2() in favor of pbkdf2_hmac() -- only real use,
and new signature matches stdlib function. additionally,
this version is a bit faster, due to some assumptions that
can be made due to the PRF always being HMAC based.
* added compile_hmac() helper which does an even more efficient
job of pre-compiling a keyed HMAC function; this helped speed up pbkdf2 a bit more.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* test_handlers: fix py3 u() compat issue
* test_totp: clean norm_hash_name() caches so warnings repeat per-test,
added/fixed some warnings checks.
* HandlerCase: HasRounds.using() test: hack so bsdi_crypt can pass
(the 'odd rounds only' was playing havoc w/ the test's expectations)
* HandlerCase: effective_rounds() / effective_ident() helpers
now unwrap PrefixWrappers first; wrappers aren't callable like classes.
* HandlerCase: HasRounds.using() test: don't check min_rounds-1
if min_rounds is 0.
* HandlerCase: multithreaded fuzz test -- detect & log errors if stalled thread,
rather than main thread stalling forever. reduced thread count down to 10.
* reset_warning_filter() context manager -- simplified __exit__() cleanup code
|
|
|
|
| |
as using query params.
|
|
|
|
| |
from base64.b32decode(). gah!
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
would like to keep it at more accurate real-world value,
but it fouls up the verify_next() testing under certain conditions
for example:
key='TTZV5K3V536R6Q4ICERGI3CNRHIXVD3RVZ264HIDMBGASIPEXT3Q'
alg='sha256'
period=25
time=121360270503.61707
token=u'932169'
test_time=time-period
verify_next(token, window=period) should be true, returns false.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
support;
as well as PyPy 1.x and Jython 2.5.
shims removed
-------------
* b() shim replaced with b'' (py25)
* 'bytes' alias no longer needed (py25)
* callable() shim no longer needed (py30,31)
* PY_MIN_32 flag replaced with PY3 flag (py30,31)
* removed 'abc' module stub used by passlib.ifc (py25)
* removed chain_from_iterable() backport (py25)
* tests: removed catch_warnings() backport,
replaced refs with real warnings.catch_warnings() (py25)
* tests: removed unittest2 backports (py25, py30, py31) --
now throw hard error if unittest2 not present under py26
(the only release remaining which lacks the unittest2 features)
* removed SUPPORTS_DIR_METHOD conditional (py25, pypy 1.x)
* some other minor workarounds
other
-----
* added check in passlib.compat which now throws error telling user
version isn't supported (to prevent spurious errors later)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TOTP module reworked drastically. Should have committed this a long time ago.
Now have what is (hopefully) the final API for the TOTP module.
* Supports TOTP & HOTP
* Supports URI rendering & parsing
* Highlevel methods to handle state management, client clock skew estimation, etc.
* Unittests mostly complete (a few edge cases)
* Persistent serialization supports encrypting secrets with a password,
to mitigate exposure of storage medium.
* Basic API documentation.
Should be suitable for following use-cases:
* lowlevel methods for implementing HOTP/TOTP on server
* highlevel methods for implementing HOTP/TOTP on server,
and letting them handle details of tracking client state.
* methods for implementing an HOTP / TOTP client.
|
|
module contains lowlevel functionality,
but needs a bunch of other bits before it's ready for release
|