Mercurial Mercurial > pub > hg > cubicweb / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fixes for compatibility with passlib 1.6 (closes #2356393) stable
authorJulien Cristau <julien.cristau@logilab.fr>
Tue, 15 May 2012 17:37:49 +0200
branchstable
changeset 8414 e7243ed7bb0a
parent 8413 9ac36a6ec07e
child 8415 ae9310e4c2b3
Fixes for compatibility with passlib 1.6 (closes #2356393) Somebody missed the memo about API backwards compatibility: - calc_checksum is renamed _calc_checksum - passlib.utils.handlers.GenericHandler strict keyword removed - bytes vs str vs unicode issues
server/test/unittest_utils.py file | annotate | diff | comparison | revisions
server/utils.py file | annotate | diff | comparison | revisions 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/server/test/unittest_utils.py	Tue May 15 17:37:49 2012 +0200
@@ -0,0 +1,43 @@
+# copyright 2012 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
+# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
+#
+# This file is part of CubicWeb.
+#
+# CubicWeb is free software: you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free
+# Software Foundation, either version 2.1 of the License, or (at your option)
+# any later version.
+#
+# CubicWeb is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public License for more
+# details.
+#
+# You should have received a copy of the GNU Lesser General Public License along
+# with CubicWeb.  If not, see <http://www.gnu.org/licenses/>.
+"""
+
+"""
+from logilab.common.testlib import TestCase, unittest_main
+
+from cubicweb.server import utils
+
+class UtilsTC(TestCase):
+    def test_crypt(self):
+        for hash in (
+            utils.crypt_password('xxx'), # default sha512
+            'ab$5UsKFxRKKN.d8iBIFBnQ80', # custom md5
+            'ab4Vlm81ZUHlg', # DES
+            ):
+            self.assertEqual(utils.crypt_password('xxx', hash), hash)
+            self.assertEqual(utils.crypt_password(u'xxx', hash), hash)
+            self.assertEqual(utils.crypt_password(u'xxx', unicode(hash)), hash)
+            self.assertEqual(utils.crypt_password('yyy', hash), '')
+
+        # accept any password for empty hashes (is it a good idea?)
+        self.assertEqual(utils.crypt_password('xxx', ''), '')
+        self.assertEqual(utils.crypt_password('yyy', ''), '')
+
+
+if __name__ == '__main__':
+    unittest_main()
--- a/server/utils.py	Tue May 22 18:51:09 2012 +0200
+++ b/server/utils.py	Tue May 15 17:37:49 2012 +0200
@@ -39,19 +39,18 @@
 
     @classmethod
     def from_string(cls, hash):
-        if hash is None:
-            raise ValueError("no hash specified")
-        if hash.count('$') != 1:
-            raise ValueError("invalid cubicweb-md5 hash")
-        salt = hash.split('$', 1)[0]
-        chk = hash.split('$', 1)[1]
-        return cls(salt=salt, checksum=chk, strict=True)
+        salt, chk = uh.parse_mc2(hash, u'')
+        if chk is None:
+            raise ValueError('missing checksum')
+        return cls(salt=salt, checksum=chk)
 
     def to_string(self):
         return to_hash_str(u'%s$%s' % (self.salt, self.checksum or u''))
 
+    # passlib 1.5 wants calc_checksum, 1.6 wants _calc_checksum
     def calc_checksum(self, secret):
-        return md5crypt(secret, self.salt.encode('ascii'))
+        return md5crypt(secret, self.salt.encode('ascii')).decode('utf-8')
+    _calc_checksum = calc_checksum
 
 _CRYPTO_CTX = CryptContext(['sha512_crypt', CustomMD5Crypt, 'des_crypt'])
cubicweb