# HG changeset patch # User Julien Cristau # Date 1337096269 -7200 # Node ID e7243ed7bb0a8c6b9fa04c8fff5083c449ce4dc9 # Parent 9ac36a6ec07e95f6f08786933f19170cf1b4b79c Fixes for compatibility with passlib 1.6 (closes #2356393) Somebody missed the memo about API backwards compatibility: - calc_checksum is renamed _calc_checksum - passlib.utils.handlers.GenericHandler strict keyword removed - bytes vs str vs unicode issues diff -r 9ac36a6ec07e -r e7243ed7bb0a server/test/unittest_utils.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/server/test/unittest_utils.py Tue May 15 17:37:49 2012 +0200 @@ -0,0 +1,43 @@ +# copyright 2012 LOGILAB S.A. (Paris, FRANCE), all rights reserved. +# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr +# +# This file is part of CubicWeb. +# +# CubicWeb is free software: you can redistribute it and/or modify it under the +# terms of the GNU Lesser General Public License as published by the Free +# Software Foundation, either version 2.1 of the License, or (at your option) +# any later version. +# +# CubicWeb is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more +# details. +# +# You should have received a copy of the GNU Lesser General Public License along +# with CubicWeb. If not, see . +""" + +""" +from logilab.common.testlib import TestCase, unittest_main + +from cubicweb.server import utils + +class UtilsTC(TestCase): + def test_crypt(self): + for hash in ( + utils.crypt_password('xxx'), # default sha512 + 'ab$5UsKFxRKKN.d8iBIFBnQ80', # custom md5 + 'ab4Vlm81ZUHlg', # DES + ): + self.assertEqual(utils.crypt_password('xxx', hash), hash) + self.assertEqual(utils.crypt_password(u'xxx', hash), hash) + self.assertEqual(utils.crypt_password(u'xxx', unicode(hash)), hash) + self.assertEqual(utils.crypt_password('yyy', hash), '') + + # accept any password for empty hashes (is it a good idea?) + self.assertEqual(utils.crypt_password('xxx', ''), '') + self.assertEqual(utils.crypt_password('yyy', ''), '') + + +if __name__ == '__main__': + unittest_main() diff -r 9ac36a6ec07e -r e7243ed7bb0a server/utils.py --- a/server/utils.py Tue May 22 18:51:09 2012 +0200 +++ b/server/utils.py Tue May 15 17:37:49 2012 +0200 @@ -39,19 +39,18 @@ @classmethod def from_string(cls, hash): - if hash is None: - raise ValueError("no hash specified") - if hash.count('$') != 1: - raise ValueError("invalid cubicweb-md5 hash") - salt = hash.split('$', 1)[0] - chk = hash.split('$', 1)[1] - return cls(salt=salt, checksum=chk, strict=True) + salt, chk = uh.parse_mc2(hash, u'') + if chk is None: + raise ValueError('missing checksum') + return cls(salt=salt, checksum=chk) def to_string(self): return to_hash_str(u'%s$%s' % (self.salt, self.checksum or u'')) + # passlib 1.5 wants calc_checksum, 1.6 wants _calc_checksum def calc_checksum(self, secret): - return md5crypt(secret, self.salt.encode('ascii')) + return md5crypt(secret, self.salt.encode('ascii')).decode('utf-8') + _calc_checksum = calc_checksum _CRYPTO_CTX = CryptContext(['sha512_crypt', CustomMD5Crypt, 'des_crypt'])