diff options
| author | Eli Collins <elic@assurancetechnologies.com> | 2012-04-11 17:49:09 -0400 |
|---|---|---|
| committer | Eli Collins <elic@assurancetechnologies.com> | 2012-04-11 17:49:09 -0400 |
| commit | 5bd6deb8144cb24caa51e82c7682f706ecc09a6c (patch) | |
| tree | 0eca5ec7a8a145cb3e166a9a75b95b393e9d417d /passlib/handlers/ldap_digests.py | |
| parent | 157d4806512b2586c1a0fd5ee57e8c167e506f3e (diff) | |
| download | passlib-5bd6deb8144cb24caa51e82c7682f706ecc09a6c.tar.gz | |
clarify behavior for secret=None and hash=None
* passing a non-string secret or non-string hash to any
CryptContext or handler method will now reliably result
in a TypeError.
previously, passing hash=None to many handler identify() and verify()
methods would return False, while others would raise a TypeError.
other handler methods would alternately throw ValueError or TypeError
when passed a value that wasn't unicode or bytes.
the various CryptContext methods also behaved inconsistently,
depending on the behavior of the underlying handler.
all of these behaviors are gone, they should all raise the same TypeError.
* redid many of the from_string() methods to verify the hash type.
* moved secret type & size validation to GenericHandler's encrypt/genhash/verify methods.
this cheaply made the secret validation global to all hashes, and lets
_calc_digest() implementations trust that the secret is valid.
* updated the CryptContext and handler unittests to verify the above behavior is adhered to.
Diffstat (limited to 'passlib/handlers/ldap_digests.py')
| -rw-r--r-- | passlib/handlers/ldap_digests.py | 24 |
1 files changed, 7 insertions, 17 deletions
diff --git a/passlib/handlers/ldap_digests.py b/passlib/handlers/ldap_digests.py index 4acbd4c..19089ee 100644 --- a/passlib/handlers/ldap_digests.py +++ b/passlib/handlers/ldap_digests.py @@ -12,8 +12,8 @@ from warnings import warn #site #libs from passlib.handlers.misc import plaintext -from passlib.utils import to_native_str, unix_crypt_schemes, to_bytes, \ - classproperty +from passlib.utils import to_native_str, unix_crypt_schemes, \ + classproperty, to_unicode from passlib.utils.compat import b, bytes, uascii_to_str, unicode, u import passlib.utils.handlers as uh #pkg @@ -53,7 +53,8 @@ class _Base64DigestHelper(uh.StaticHandler): return cls.ident def _calc_checksum(self, secret): - secret = to_bytes(secret, "utf-8", errname="secret") + if isinstance(secret, unicode): + secret = secret.encode("utf-8") chk = self._hash_func(secret).digest() return b64encode(chk).decode("ascii") @@ -78,10 +79,7 @@ class _SaltedBase64DigestHelper(uh.HasRawSalt, uh.HasRawChecksum, uh.GenericHand @classmethod def from_string(cls, hash): - if not hash: - raise uh.exc.MissingHashError(cls) - if isinstance(hash, bytes): - hash = hash.decode('ascii') + hash = to_unicode(hash, "ascii", "hash") m = cls._hash_regex.match(hash) if not m: raise uh.exc.InvalidHashError(cls) @@ -99,8 +97,6 @@ class _SaltedBase64DigestHelper(uh.HasRawSalt, uh.HasRawChecksum, uh.GenericHand return uascii_to_str(hash) def _calc_checksum(self, secret): - if secret is None: - raise TypeError("no secret provided") if isinstance(secret, unicode): secret = secret.encode("utf-8") return self._hash_func(secret + self.salt).digest() @@ -199,15 +195,9 @@ class ldap_plaintext(plaintext): @classmethod def identify(cls, hash): - if not hash: - return False - if isinstance(hash, bytes): - try: - hash = hash.decode(cls._hash_encoding) - except UnicodeDecodeError: - return False # NOTE: identifies all strings EXCEPT those with {XXX} prefix - return cls._2307_pat.match(hash) is None + hash = uh.to_unicode_for_identify(hash) + return bool(hash) and cls._2307_pat.match(hash) is None #========================================================= #{CRYPT} wrappers |