From e71ddce83853566311effebf68b9bbbdebf4c2ab Mon Sep 17 00:00:00 2001
From: Eli Collins <elic@assurancetechnologies.com>
Date: Thu, 12 Apr 2012 14:13:36 -0400
Subject: scram hash: improved UTs to cover some edge cases, full-verify now
 throws error for inconsistent hashes.

---
 passlib/handlers/scram.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'passlib/handlers/scram.py')

diff --git a/passlib/handlers/scram.py b/passlib/handlers/scram.py
index e7919a2..e7d6399 100644
--- a/passlib/handlers/scram.py
+++ b/passlib/handlers/scram.py
@@ -374,9 +374,8 @@ class scram(uh.HasRounds, uh.HasRawSalt, uh.HasRawChecksum, uh.GenericHandler):
                 else:
                     failed = True
             if correct and failed:
-                warning("scram hash verified inconsistently, may be corrupted",
-                        PasslibHashWarning)
-                return False
+                raise ValueError("scram hash verified inconsistently, "
+                                 "may be corrupted")
             else:
                 return correct
         else:
-- 
cgit v1.2.1


From c0f420bf7d7659ee110432f7cbb0233554dfd32a Mon Sep 17 00:00:00 2001
From: Eli Collins <elic@assurancetechnologies.com>
Date: Thu, 12 Apr 2012 21:52:26 -0400
Subject: assorted bugfixes, tweaks, and tests added; based on coverage
 examination

* test os_crypt backend has functional fallback
* test handler methods accept all unicode/bytes combinations for secret & hash
* fixed some incorrect error messages & types being caught & raised
* other minor cleanups
---
 passlib/handlers/scram.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'passlib/handlers/scram.py')

diff --git a/passlib/handlers/scram.py b/passlib/handlers/scram.py
index e7d6399..036d7c2 100644
--- a/passlib/handlers/scram.py
+++ b/passlib/handlers/scram.py
@@ -285,7 +285,7 @@ class scram(uh.HasRounds, uh.HasRawSalt, uh.HasRawChecksum, uh.GenericHandler):
                 raise ValueError("SCRAM limits algorithm names to "
                                  "9 characters: %r" % (alg,))
             if not isinstance(digest, bytes):
-                raise TypeError("digests must be raw bytes")
+                raise uh.exc.ExpectedTypeError(digest, "raw bytes", "digests")
             # TODO: verify digest size (if digest is known)
         if 'sha-1' not in checksum:
             # NOTE: required because of SCRAM spec.
@@ -384,7 +384,8 @@ class scram(uh.HasRounds, uh.HasRawSalt, uh.HasRawChecksum, uh.GenericHandler):
                 if alg in chkmap:
                     other = self._calc_checksum(secret, alg)
                     return consteq(other, chkmap[alg])
-            # there should *always* be at least sha-1.
+            # there should always be sha-1 at the very least,
+            # or something went wrong inside _norm_algs()
             raise AssertionError("sha-1 digest not found!")
 
     #=========================================================
-- 
cgit v1.2.1