clarify behavior for secret=None and hash=None

* passing a non-string secret or non-string hash to any CryptContext or handler method will now reliably result in a TypeError. previously, passing hash=None to many handler identify() and verify() methods would return False, while others would raise a TypeError. other handler methods would alternately throw ValueError or TypeError when passed a value that wasn't unicode or bytes. the various CryptContext methods also behaved inconsistently, depending on the behavior of the underlying handler. all of these behaviors are gone, they should all raise the same TypeError. * redid many of the from_string() methods to verify the hash type. * moved secret type & size validation to GenericHandler's encrypt/genhash/verify methods. this cheaply made the secret validation global to all hashes, and lets _calc_digest() implementations trust that the secret is valid. * updated the CryptContext and handler unittests to verify the above behavior is adhered to.
author: Eli Collins <elic@assurancetechnologies.com> 2012-04-11 17:49:09 -0400
committer: Eli Collins <elic@assurancetechnologies.com> 2012-04-11 17:49:09 -0400
commit: 5bd6deb8144cb24caa51e82c7682f706ecc09a6c (patch)
tree: 0eca5ec7a8a145cb3e166a9a75b95b393e9d417d /passlib/handlers/mssql.py
parent: 157d4806512b2586c1a0fd5ee57e8c167e506f3e (diff)
download: passlib-5bd6deb8144cb24caa51e82c7682f706ecc09a6c.tar.gz
1 files changed, 14 insertions, 13 deletions
diff --git a/passlib/handlers/mssql.py b/passlib/handlers/mssql.py
index eafd44a..e46c665 100644
--- a/passlib/handlers/mssql.py
+++ b/passlib/handlers/mssql.py
@@ -43,7 +43,7 @@ from warnings import warn
 #site
 #libs
 #pkg
-from passlib.utils import to_unicode, consteq
+from passlib.utils import consteq
 from passlib.utils.compat import b, bytes, bascii_to_str, unicode, u
 import passlib.utils.handlers as uh
 #local
@@ -66,30 +66,27 @@ UIDENT = u("0x0100")
 
 def _ident_mssql(hash, csize, bsize):
     "common identify for mssql 2000/2005"
-    if not hash:
-        return False
     if isinstance(hash, unicode):
         if len(hash) == csize and hash.startswith(UIDENT):
             return True
-    else:
-        assert isinstance(hash, bytes)
+    elif isinstance(hash, bytes):
         if len(hash) == csize and hash.startswith(BIDENT):
             return True
         ##elif len(hash) == bsize and hash.startswith(BIDENT2): # raw bytes
         ##    return True
+    else:
+        raise uh.exc.ExpectedStringError(hash, "hash")
     return False
 
 def _parse_mssql(hash, csize, bsize, handler):
     "common parser for mssql 2000/2005; returns 4 byte salt + checksum"
-    if not hash:
-        raise uh.exc.MissingHashError(handler)
     if isinstance(hash, unicode):
         if len(hash) == csize and hash.startswith(UIDENT):
             try:
                 return unhexlify(hash[6:].encode("utf-8"))
             except TypeError: # throw when bad char found
                 pass
-    else:
+    elif isinstance(hash, bytes):
         # assumes ascii-compat encoding
         assert isinstance(hash, bytes)
         if len(hash) == csize and hash.startswith(BIDENT):
@@ -99,6 +96,8 @@ def _parse_mssql(hash, csize, bsize, handler):
                 pass
         ##elif len(hash) == bsize and hash.startswith(BIDENT2): # raw bytes
         ##    return hash[2:]
+    else:
+        raise uh.exc.ExpectedStringError(hash, "hash")
     raise uh.exc.InvalidHashError(handler)
 
 class mssql2000(uh.HasRawSalt, uh.HasRawChecksum, uh.GenericHandler):
@@ -148,7 +147,8 @@ class mssql2000(uh.HasRawSalt, uh.HasRawChecksum, uh.GenericHandler):
         return "0x0100" + bascii_to_str(hexlify(raw).upper())
 
     def _calc_checksum(self, secret):
-        secret = to_unicode(secret, 'utf-8', errname='secret')
+        if isinstance(secret, bytes):
+            secret = secret.decode("utf-8")
         salt = self.salt
         return _raw_mssql(secret, salt) + _raw_mssql(secret.upper(), salt)
 
@@ -156,13 +156,13 @@ class mssql2000(uh.HasRawSalt, uh.HasRawChecksum, uh.GenericHandler):
     def verify(cls, secret, hash):
         # NOTE: we only compare against the upper-case hash
         # XXX: add 'full' just to verify both checksums?
+        uh.validate_secret(secret)
         self = cls.from_string(hash)
         chk = self.checksum
         if chk is None:
             raise uh.exc.MissingDigestError(cls)
-        if secret and len(secret) > uh.MAX_PASSWORD_SIZE:
-            raise uh.exc.PasswordSizeError()
-        secret = to_unicode(secret, 'utf-8', errname='secret')
+        if isinstance(secret, bytes):
+            secret = secret.decode("utf-8")
         result = _raw_mssql(secret.upper(), self.salt)
         return consteq(result, chk[20:])
 
@@ -216,7 +216,8 @@ class mssql2005(uh.HasRawSalt, uh.HasRawChecksum, uh.GenericHandler):
         return "0x0100" + bascii_to_str(hexlify(raw)).upper()
 
     def _calc_checksum(self, secret):
-        secret = to_unicode(secret, 'utf-8', errname='secret')
+        if isinstance(secret, bytes):
+            secret = secret.decode("utf-8")
         return _raw_mssql(secret, self.salt)
 
     #=========================================================
author	Eli Collins <elic@assurancetechnologies.com>	2012-04-11 17:49:09 -0400
committer	Eli Collins <elic@assurancetechnologies.com>	2012-04-11 17:49:09 -0400
commit	5bd6deb8144cb24caa51e82c7682f706ecc09a6c (patch)
tree	0eca5ec7a8a145cb3e166a9a75b95b393e9d417d /passlib/handlers/mssql.py
parent	157d4806512b2586c1a0fd5ee57e8c167e506f3e (diff)
download	passlib-5bd6deb8144cb24caa51e82c7682f706ecc09a6c.tar.gz