Fixes for compatibility with passlib 1.6 (closes #2356393)
Somebody missed the memo about API backwards compatibility:
- calc_checksum is renamed _calc_checksum
- passlib.utils.handlers.GenericHandler strict keyword removed
- bytes vs str vs unicode issues
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/server/test/unittest_utils.py Tue May 15 17:37:49 2012 +0200
@@ -0,0 +1,43 @@
+# copyright 2012 LOGILAB S.A. (Paris, FRANCE), all rights reserved.
+# contact http://www.logilab.fr/ -- mailto:contact@logilab.fr
+#
+# This file is part of CubicWeb.
+#
+# CubicWeb is free software: you can redistribute it and/or modify it under the
+# terms of the GNU Lesser General Public License as published by the Free
+# Software Foundation, either version 2.1 of the License, or (at your option)
+# any later version.
+#
+# CubicWeb is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+# details.
+#
+# You should have received a copy of the GNU Lesser General Public License along
+# with CubicWeb. If not, see <http://www.gnu.org/licenses/>.
+"""
+
+"""
+from logilab.common.testlib import TestCase, unittest_main
+
+from cubicweb.server import utils
+
+class UtilsTC(TestCase):
+ def test_crypt(self):
+ for hash in (
+ utils.crypt_password('xxx'), # default sha512
+ 'ab$5UsKFxRKKN.d8iBIFBnQ80', # custom md5
+ 'ab4Vlm81ZUHlg', # DES
+ ):
+ self.assertEqual(utils.crypt_password('xxx', hash), hash)
+ self.assertEqual(utils.crypt_password(u'xxx', hash), hash)
+ self.assertEqual(utils.crypt_password(u'xxx', unicode(hash)), hash)
+ self.assertEqual(utils.crypt_password('yyy', hash), '')
+
+ # accept any password for empty hashes (is it a good idea?)
+ self.assertEqual(utils.crypt_password('xxx', ''), '')
+ self.assertEqual(utils.crypt_password('yyy', ''), '')
+
+
+if __name__ == '__main__':
+ unittest_main()
--- a/server/utils.py Tue May 22 18:51:09 2012 +0200
+++ b/server/utils.py Tue May 15 17:37:49 2012 +0200
@@ -39,19 +39,18 @@
@classmethod
def from_string(cls, hash):
- if hash is None:
- raise ValueError("no hash specified")
- if hash.count('$') != 1:
- raise ValueError("invalid cubicweb-md5 hash")
- salt = hash.split('$', 1)[0]
- chk = hash.split('$', 1)[1]
- return cls(salt=salt, checksum=chk, strict=True)
+ salt, chk = uh.parse_mc2(hash, u'')
+ if chk is None:
+ raise ValueError('missing checksum')
+ return cls(salt=salt, checksum=chk)
def to_string(self):
return to_hash_str(u'%s$%s' % (self.salt, self.checksum or u''))
+ # passlib 1.5 wants calc_checksum, 1.6 wants _calc_checksum
def calc_checksum(self, secret):
- return md5crypt(secret, self.salt.encode('ascii'))
+ return md5crypt(secret, self.salt.encode('ascii')).decode('utf-8')
+ _calc_checksum = calc_checksum
_CRYPTO_CTX = CryptContext(['sha512_crypt', CustomMD5Crypt, 'des_crypt'])