Merge "Cope with unicode passwords or None" into redux

2012-02-08 21:44:20 +00:00 · 2012-02-08 21:44:20 +00:00 · d1c2e85777
parent e968acee4b 95280608fc
commit d1c2e85777
2 changed files with 47 additions and 3 deletions
--- a/keystone/common/utils.py
+++ b/keystone/common/utils.py
@ -2,7 +2,7 @@

 # Copyright 2010 United States Government as represented by the
 # Administrator of the National Aeronautics and Space Administration.
-# Copyright 2011 Justin Santa Barbara
+# Copyright 2011 - 2012 Justin Santa Barbara
 # All Rights Reserved.
 #
 #    Licensed under the Apache License, Version 2.0 (the "License"); you may
@ -144,7 +144,8 @@ class Ec2Signer(object):
 def hash_password(password):
    """Hash a password. Hard."""
    salt = bcrypt.gensalt(CONF.bcrypt_strength)
-    return bcrypt.hashpw(password, salt)
+    password_utf8 = password.encode('utf-8')
+    return bcrypt.hashpw(password_utf8, salt)


 def check_password(password, hashed):
@ -155,7 +156,10 @@ def check_password(password, hashed):
    of that password (mostly). Neat!

    """
-    check = bcrypt.hashpw(password, hashed[:29])
+    if password is None:
+        return False
+    password_utf8 = password.encode('utf-8')
+    check = bcrypt.hashpw(password_utf8, hashed[:29])
    return check == hashed


--- a/tests/test_utils.py
+++ b/tests/test_utils.py
@ -0,0 +1,40 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright 2012 Justin Santa Barbara
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from keystone import test
+from keystone.common import utils
+
+
+class UtilsTestCase(test.TestCase):
+    def test_hash(self):
+        password = 'right'
+        wrong = 'wrongwrong'  # Two wrongs don't make a right
+        hashed = utils.hash_password(password)
+        self.assertTrue(utils.check_password(password, hashed))
+        self.assertFalse(utils.check_password(wrong, hashed))
+
+    def test_hash_edge_cases(self):
+        hashed = utils.hash_password('secret')
+        self.assertFalse(utils.check_password('', hashed))
+        self.assertFalse(utils.check_password(None, hashed))
+
+    def test_hash_unicode(self):
+        password = u'Comment \xe7a va'
+        wrong = 'Comment ?a va'
+        hashed = utils.hash_password(password)
+        self.assertTrue(utils.check_password(password, hashed))
+        self.assertFalse(utils.check_password(wrong, hashed))