diff options
author | Eli Collins <elic@assurancetechnologies.com> | 2020-05-12 10:39:25 -0400 |
---|---|---|
committer | Eli Collins <elic@assurancetechnologies.com> | 2020-05-12 10:39:25 -0400 |
commit | 6bba63a8d801f413154f523cc2c3e899af243cc8 (patch) | |
tree | 678791bcfe0e363092faebed9794469acde35e38 | |
parent | a81474193a4c28a3ecd2c0e028de16454bb32913 (diff) | |
download | passlib-6bba63a8d801f413154f523cc2c3e899af243cc8.tar.gz |
passlib.tests.utils: simplified OsCryptMixin's "alt hasher" test harness code.
removed two config flags (alt_safe_crypt_handler, has_os_crypt_fallback)
in favor of making the exceptions just subclass & override the base methods.
did this for bcrypt (retaining old functionality),
and for bcrypt_sha256 (which fixes spurious errors when running tests
on systems w/ os_crypt support, like OpenBSD).
-rw-r--r-- | passlib/tests/test_handlers_bcrypt.py | 22 | ||||
-rw-r--r-- | passlib/tests/utils.py | 20 |
2 files changed, 27 insertions, 15 deletions
diff --git a/passlib/tests/test_handlers_bcrypt.py b/passlib/tests/test_handlers_bcrypt.py index 699b2d7..c493ca9 100644 --- a/passlib/tests/test_handlers_bcrypt.py +++ b/passlib/tests/test_handlers_bcrypt.py @@ -25,7 +25,6 @@ class _bcrypt_test(HandlerCase): handler = hash.bcrypt reduce_default_rounds = True fuzz_salts_need_bcrypt_repair = True - has_os_crypt_fallback = False known_correct_hashes = [ # @@ -173,6 +172,8 @@ class _bcrypt_test(HandlerCase): self.addCleanup(os.environ.__delitem__, key) os.environ[key] = "true" super(_bcrypt_test, self).setUp() + + # silence this warning, will come up a bunch during testing of old 2a hashes. warnings.filterwarnings("ignore", ".*backend is vulnerable to the bsd wraparound bug.*") def populate_settings(self, kwds): @@ -418,7 +419,12 @@ class _bcrypt_test(HandlerCase): bcrypt_bcrypt_test = _bcrypt_test.create_backend_case("bcrypt") bcrypt_pybcrypt_test = _bcrypt_test.create_backend_case("pybcrypt") bcrypt_bcryptor_test = _bcrypt_test.create_backend_case("bcryptor") -bcrypt_os_crypt_test = _bcrypt_test.create_backend_case("os_crypt") + +class bcrypt_os_crypt_test(_bcrypt_test.create_backend_case("os_crypt")): + + # os crypt backend doesn't currently implement a per-call fallback if it fails + has_os_crypt_fallback = False + bcrypt_builtin_test = _bcrypt_test.create_backend_case("builtin") #============================================================================= @@ -430,8 +436,6 @@ class _bcrypt_sha256_test(HandlerCase): reduce_default_rounds = True forbidden_characters = None fuzz_salts_need_bcrypt_repair = True - alt_safe_crypt_handler = hash.bcrypt - has_os_crypt_fallback = True known_correct_hashes = [ #------------------------------------------------------------------- @@ -656,7 +660,15 @@ class _bcrypt_sha256_test(HandlerCase): bcrypt_sha256_bcrypt_test = _bcrypt_sha256_test.create_backend_case("bcrypt") bcrypt_sha256_pybcrypt_test = _bcrypt_sha256_test.create_backend_case("pybcrypt") bcrypt_sha256_bcryptor_test = _bcrypt_sha256_test.create_backend_case("bcryptor") -bcrypt_sha256_os_crypt_test = _bcrypt_sha256_test.create_backend_case("os_crypt") + +class bcrypt_sha256_os_crypt_test(_bcrypt_sha256_test.create_backend_case("os_crypt")): + + @classmethod + def _get_safe_crypt_handler_backend(cls): + return bcrypt_os_crypt_test._get_safe_crypt_handler_backend() + + has_os_crypt_fallback = False + bcrypt_sha256_builtin_test = _bcrypt_sha256_test.create_backend_case("builtin") #============================================================================= diff --git a/passlib/tests/utils.py b/passlib/tests/utils.py index 8ef9a63..e204dd5 100644 --- a/passlib/tests/utils.py +++ b/passlib/tests/utils.py @@ -2872,7 +2872,6 @@ class HandlerCase(TestCase): def gendict(map): out = {} for key, meth in map.items(): - func = getattr(self, meth) value = getattr(self, meth)() if value is not None: out[key] = value @@ -3102,12 +3101,6 @@ class OsCryptMixin(HandlerCase): # list of (platform_regex, True|False|None) entries. platform_crypt_support = [] - #: flag indicating backend provides a fallback when safe_crypt() can't handle password - has_os_crypt_fallback = True - - #: alternate handler to use when searching for backend to fake safe_crypt() support. - alt_safe_crypt_handler = None - #=================================================================== # instance attrs #=================================================================== @@ -3125,6 +3118,7 @@ class OsCryptMixin(HandlerCase): def setUp(self): assert self.backend == "os_crypt" if not self.handler.has_backend("os_crypt"): + # XXX: currently, any tests that use this are skipped entirely! (see issue 120) self._patch_safe_crypt() super(OsCryptMixin, self).setUp() @@ -3135,9 +3129,7 @@ class OsCryptMixin(HandlerCase): backend will be None if none availabe. """ # find handler that generates safe_crypt() compatible hash - handler = cls.alt_safe_crypt_handler - if not handler: - handler = unwrap_handler(cls.handler) + handler = unwrap_handler(cls.handler) # hack to prevent recursion issue when .has_backend() is called handler.get_backend() @@ -3146,6 +3138,14 @@ class OsCryptMixin(HandlerCase): alt_backend = get_alt_backend(handler, "os_crypt") return handler, alt_backend + @property + def has_os_crypt_fallback(self): + """ + test if there's a fallback handler to test against if os_crypt can't support + a specified secret (may be explicitly set to False for some subclasses) + """ + return self._get_safe_crypt_handler_backend()[0] is not None + def _patch_safe_crypt(self): """if crypt() doesn't support current hash alg, this patches safe_crypt() so that it transparently uses another one of the handler's |