summaryrefslogtreecommitdiff
path: root/passlib/tests
Commit message (Collapse)AuthorAgeFilesLines
...
| * bugfix: django_argon2: fix some glitches related to recent argon2 "ID" supportEli Collins2019-11-111-0/+4
| | | | | | | | | | | | | | * patch django_argon2 so it only uses type "I" (to match django's behavior) * patch it's UTs so they don't try to access hasher.type_values, which is only present on base hasher.
| * passlib.crypto.scrypt: add support for hashlib.scrypt() backend (fixes issue 86)Eli Collins2019-11-112-12/+46
| |
| * passlib.apache: adjust default context to use "2y" bcrypt hashes instead of "2b"Eli Collins2019-11-112-2/+122
| | | | | | | | | | | | | | (fixes issue 95). also added UT which checks behavior against locally-installed 'htpasswd' tool (if available).
* | Merge from stableEli Collins2019-11-104-9/+210
|\ \ | |/
| * argon2 -- added support for type "ID" hashes & for generating type "D" hashes.Eli Collins2019-11-101-5/+140
| | | | | | | | | | | | | | | | | | | | * updated requirements to latest version of argon2_cffi & argon2pure; though internal code should work with older versions. * reworked argon2 module internals to handle wider range of hash types; and make default customizable via "type" kwd. * added reference vectors for "D" and "ID" hashes
| * added tests for parsehash() method; fixed argon2 error (fixes issue 97)Eli Collins2019-11-102-0/+64
| | | | | | | | | | | | * UTs now has basic tests for parsehash() method * argon2: excluded some settings kwd aliases from parsehash() call
| * bugfix: passlib.totp: always prepend issuer to URIs (fixes issue 92)Eli Collins2019-11-091-3/+3
| | | | | | | | | | | | For all prior releases of passlib, `TOTP().to_uri()` would only output an "issuer" parameter. Per the KeyURI spec, issuer should also be prepended to the label for backward compatibility.
| * Fix testsuite on LinuxAlan Pevec2019-07-111-2/+4
| | | | | | | | | | | | | | | | | | crypt support may be present in libxcrypt Author: Björn Esser <besser82@fedoraproject.org> Date: Wed Mar 13 10:02:43 2019 +0100 https://src.fedoraproject.org/rpms/python-passlib/c/29e9641462291e812d7eb50d402e1b3a74c7a95e
* | compat cleanup: removed print_() compat helper now that py25 support dropped.Eli Collins2017-02-171-3/+3
| |
* | compat cleanup: replaced all u("") instances with u""Eli Collins2017-02-1715-251/+246
| | | | | | | | | | | | | | realized can do this now that we're requiring python3 >= 3.3. had to keep u() helper around for u(r"") instances, since py3 doesn't have ur"". but switched it to use ascii decoding for py2, to make sure things are clean.
* | passlib.context: removed deprecated 'harden_verify' kwdEli Collins2017-01-301-13/+1
| |
* | Merge with stableEli Collins2017-01-308-390/+698
|\ \ | |/
| * passlib.tests: fix imports that got dropped during a patchEli Collins2017-01-301-2/+2
| |
| * bugfix: passlib.hash.cisco_pix & cisco_asa: major overhaul of internal ↵Eli Collins2017-01-301-81/+283
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | implementation, fixed a number of edge cases where we were generating the wrong thing. tests ----- * expanded test vectors, and ran them against an ASA 9.6 system. marked out all vectors that were verified on 9.6 system. found that user appending, and various size thresholds, weren't being performed correctly by cisco_pix & cisco_asa -- certain hashes generated prior to this will be "unverifiable" by a Cisco system. * consolidated shared pix & asa tests into common base class. * added test for "spoil_digest" codepath that's been added to cisco_pix _calc_digest() (see below). hashers ------- * cisco_pix & cisco_asa now reject too-large passwords, and silently return False when verifying them; to match Cisco behavior. updated truncate policy flags to match new behavior. * overhaul of _calc_checksum(), to fix identified issues, lay out guesses & reasoning, and added some citations. docs ---- * updated docs to list new algorithm, and conditions where the old code would generate a bad hash. * general cleanup of doc layout for these hashes * updated "Cisco Hashes" section to give better listing of known hash formats.
| * PasswordHash: hammered out more of password truncation policy.Eli Collins2017-01-301-60/+192
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PasswordHash ------------- * .truncate_size now used to indicate general "max password size"; * .truncate_error now defined for all hashers, indicates .hash() policy * added .truncate_verify_reject as companion, indicates corresponding .verify() policy. HandlerTestCase --------------- * expanded test functions to check all combinations of truncation policy flags * fixed fuzzer so it doesn't generate passwords which would throw PasswordSizeError.
| * passlib.tests: silence some more scrypt backend warnings,Eli Collins2017-01-302-3/+13
| | | | | | | | fix max_time_t to catch yet another utcfromtimestamp() error.
| * passlib.tests: split cisco hasher tests into separate fileEli Collins2017-01-302-229/+267
| |
| * Per issue 83, all "harden_verify" code is now deprecated & a noop.Eli Collins2017-01-292-94/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | will be removed completely in 1.8. Rationale: Aside from the arguments in issue 83, performed a timing analysis, and decided harden_verify framework wasn't going to be easily workable to prevent a timing attack anyways (see attached admin/plot_verify_timing.py script). Changes: * dummy_verify() has been kept around, but now uses .verify() against a dummy hash, which is guaranteed to have correct timing (though wastes cpu cycles). * Removed most harden_verify code, treating it as NOOP just like min_verify_time. Similarly, removed most documentation references to.
| * passlib.tests: silence some scrypt-backend warnings that slipped throughEli Collins2017-01-291-3/+4
| |
| * passlib.crypto.scrypt: reworked backend loader internalsEli Collins2017-01-231-1/+1
| | | | | | | | | | | | | | | | | | | | * reworked backends so they're more pluggable. * added _has_backend() helper for UTs to use, instead of _load_backend() hack, which wasn't respecting dryrun flag. this is mainly in preparation for issue 86: adding backend to support stdlib's hashlib.scrypt().
* | Merge with stableEli Collins2017-01-222-13/+43
|\ \ | |/
| * passlib.tests: up default 'bestof' for time_call(), to lower odds of failuresEli Collins2017-01-221-1/+1
| | | | | | | | due to system jitter.
| * added r"" prefix to some strings, to fix some python 3.6 deprecation warningsEli Collins2017-01-221-3/+3
| | | | | | | | about invalid escape sequences (e.g. "\s")
| * passlib.tests.test_totp: fixed max_time_t calculation to trap some errorsEli Collins2017-01-221-9/+39
| | | | | | | | it was errorneously letting through; also workaround for python 3.6 issue 29346.
* | Merge from stableEli Collins2016-12-192-7/+20
|\ \ | |/
| * tests: added code to patch some RNGs for duration of tests,Eli Collins2016-12-192-7/+20
| | | | | | | | | | | | | | so RNG-dependant test failures are reproducible. also upped # of samples for salt-generation test so they aren't likely to *ever* fail (1/1000 was too low).
* | general: went ahead and removed a bunch of deprecated features that were ↵Eli Collins2016-11-287-989/+11
|/ | | | | | | | | scheduled for removal in v1.8. this removes CryptPolicy, unix_fallback, some old HtpasswdFile methods, and more. tests were updated as well. see history/1.8 for a complete list.
* bugfix: utils: GenericHandler wasn't issuing deprecation warning if callerEli Collins2016-11-273-17/+29
| | | | | | | | | passed settings keywords to .encrypt() / .hash(). * Enabled warn() call, made it a DeprecationWarning * Audited test suite to - remove any (unintended) calls to .hash(**settings) - do assert check on warnings that *should* be there
* docs: minor wording corrections, replaced 'encrypt' with 'hash' in a bunch ↵Eli Collins2016-11-254-14/+14
| | | | of places.
* tests: cleanup stray .encrypt() callEli Collins2016-11-221-1/+1
|
* bugfix: tests.test_ext_django: handle no argon2 backends availableEli Collins2016-11-221-1/+2
|
* bugfix: tests / test_handlers_bcrypt: bad unpacking of tupleEli Collins2016-11-221-1/+1
|
* bugfix: tests: fix import issue when django not presentEli Collins2016-11-221-1/+3
|
* bugfix: tests / test_15_salt_type: respect min_salt_size to remove spurious ↵Eli Collins2016-11-221-3/+4
| | | | | | ValueErrors, modify PrefixWrapper to proxy _salt_is_bytes flag.
* passlib.utils: relocated a bunch of binary encoding helpers to .utils.binary ↵Eli Collins2016-11-222-7/+7
| | | | submodule
* passlib.utils: relocated a bunch of properties & decorators to .utils.decorEli Collins2016-11-224-6/+8
|
* passlib.context: formalized how CryptContext stores deprecation info.Eli Collins2016-11-222-5/+5
| | | | | | now stored in public Hash.deprecated attr of returned hashers, instead of monkeypatching Hash.needs_update(). this removes some cruft from a bunch of places.
* passlib.ext.django: large refactor to make things more isolated & testable.Eli Collins2016-11-223-193/+287
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | passlib.ext.django ------------------ * everything in .models relocated to the DjangoContextAdapter() class in .utils. all that's left in models is a couple of hooks. This consolidates all the model state into a single object, making it a lot easier to inspect and optimize. * consolidated a bunch of (undocumented) helper functions into DjangoTranslator() class, which now acts as based for DjangoContextAdapter. Translator instances handle converted passlib <-> django hashers, including caching speed-critical bits. * wrapper class now has guards against wrong type of hasher being passed in * wrapper class uses .using() instead of deprecated .hash(**kwds) format. * updated and confirmed passing tests w/ django 1.10.3 passlib.ext.django tests ------------------------ * split test wrapper for django's internal tests (HashersTest) into separate file, test_ext_django_source.py, to make it easier to run independantly. reworked to use patchAttr(wraps=True) rather than less flexible ContextHook() hack * tries to clean up HashersTest - adapts to django settings, fixed code syncing .iteration settings back to passlib hashers, * blocked out some django tests that we can't / won't pass, documented reasons why. other ----- * CryptContext: added temporary hack to access unpatched Hasher.needs_update() method. * PrefixWrapper: now proxies attr writes if it owns the wrapped hasher. * test utils: added wrap=True support to patchAttr(), for wrapping arbitrary functions.
* passlib.handlers.django: added support for django_argon2Eli Collins2016-11-223-1/+46
| | | | | | | * added django_argon2 wrapper & docs * added method for PrefixWrapper to generically preserve custom attrs when creating variants, so .django_name attr is persisted across .using() calls.
* passlib.tests: large refactor to make all tests that depend on RNG behaveEli Collins2016-11-2110-249/+445
| | | | | | | | | | | | | | | | | | | | | | in reproducible manner. * added TestCase.getRandom() helper, which creates RNG initialized from ${RANDOM_TEST_SEED} or ${PYTHONHASHSEED} when possible, and logs the seed so that exact test can be reproduced in future. * replaced all test references to 'passlib.utils.rng' or other random source with TestCase().getRandom() call. * once remaining bit was all the hash fuzz tests. since these are called over multiple threads, would either have to pass around a per-thread RNG to every call, or refactor fuzz generator into separate class, so we could make a separate instance per thread. latter choice seemed generally cleaner anyways, so... * Refactored fuzz generator methods into FuzzHashGeneator class. - Uses separate RNG per thread, seeded from .getRandom() using thread name. - removed class-scanning magic, now uses explicit lists of verifiers & parameter generation helpers.
* bugfix: passlib.tests: fix non-deterministic getrandbytes() testEli Collins2016-11-212-15/+38
| | | | | | To resolve issue #82, getrandbytes() UT reworked to use fixed set of random set values. This removes change of errant false positives, but makes sure it still gets checked across a few different inputs.
* bugfix: test_handlers_django: don't check django for formats removed in ↵Eli Collins2016-11-201-6/+23
| | | | django 1.10
* bugfix: tests_bcrypt: update fuzz backend to use new pybcrypt backend locationEli Collins2016-11-201-8/+12
|
* bugfix: tests: fixed bcrypt tests to handle '2b' as the defaultEli Collins2016-11-201-2/+3
|
* passlib.handlers.argon2: argon2_cffi 16.2 compat fixesEli Collins2016-11-191-4/+8
|
* passlib.tests: django 1.10 compat fixesEli Collins2016-11-193-9/+28
|
* passlib.handlers.bcrypt: now defaulting to "2b" format, doc updatesEli Collins2016-11-191-3/+9
|
* passlib.apache: updated htpasswd_context to support apache 2.4 & native os ↵Eli Collins2016-11-191-4/+6
| | | | | | | | | schemes. Expanded preset aliases to make it easier to pick desired behavior for htpasswd_context; picks strongest available hash for various different purposes: whether using apache 2.2 / 2.4, and whether output should be host-specific or portable.
* passlib.registry: consolidated some internal helpers from various placesEli Collins2016-11-192-13/+3
| | | | | * moved has_active_backend() from UTs to .registry * moved os_crypt backend support helper from .hosts to .registry
* utils.handlers: tried to greatly simplify how BackendMixin & subclasses operateEli Collins2016-11-101-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Still not happy with how this is structured -- would like to use simple if/elif/else blocks within source to determine which backend to load; but being able to switch backends on the fly is too useful in development, and cross-fuzz-testing the various backends. In any case, this tries to rebalance things a little -- loaders should now be more explicit about what they're doing, at the expense of a little more boilerplate. passlib.utils.handlers ---------------------- * BackendMixin: - added global thread lock to eliminate chance of changing backends in multiple threads, and getting things scrambled. - factored out some of set_backend()'s internals into (threadsafe) _set_backend() helper, which invokes the loaders. - removed _finalize_backend() entirely -- all the grunt work is now pushed explicitly into the loaders, instead of getting something back and then running additional code. a little more boilerplate, but a LOT clearer. - loaders now passed optional 'name' keyword as well, just have to return True/False. * SubclassBackendMixin: - moved '_backend_owner' attr from BackendMixin to here, renamed to '_backend_mixin_target', and made a required attr. - _finalize_backend_mixin() methods now an implementation detail of the particular hasher, and invoked explicitly from the loaders. so removed base implementation of this & _finalize_backend(). - now invokes mixin_cls._load_backend_mixin() * HasManyBackends: - loaders now have to explicitly call ._set_calc_checksum_backend() helper, which takes care of dryrun, etc. HasManyBackends classes (sha256_crypt, etc) ------------------------------------------- * loaders now invoke _set_calc_checksum_backend(), and return bool success. SubclassMixin classes (argon2 & bcrypt) --------------------------------------- * _finalize_backend_mixin() is now an internal detail of class, and is called explicitly by the mixin class loaders. * loaders renamed to _load_backend_mixin(), take in 'name' and 'dryrun'
View Lorry Controller Status