Merge "Cope with unicode passwords or None" into redux
This commit is contained in:
commit
d1c2e85777
|
@ -2,7 +2,7 @@
|
|||
|
||||
# Copyright 2010 United States Government as represented by the
|
||||
# Administrator of the National Aeronautics and Space Administration.
|
||||
# Copyright 2011 Justin Santa Barbara
|
||||
# Copyright 2011 - 2012 Justin Santa Barbara
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
|
@ -144,7 +144,8 @@ class Ec2Signer(object):
|
|||
def hash_password(password):
|
||||
"""Hash a password. Hard."""
|
||||
salt = bcrypt.gensalt(CONF.bcrypt_strength)
|
||||
return bcrypt.hashpw(password, salt)
|
||||
password_utf8 = password.encode('utf-8')
|
||||
return bcrypt.hashpw(password_utf8, salt)
|
||||
|
||||
|
||||
def check_password(password, hashed):
|
||||
|
@ -155,7 +156,10 @@ def check_password(password, hashed):
|
|||
of that password (mostly). Neat!
|
||||
|
||||
"""
|
||||
check = bcrypt.hashpw(password, hashed[:29])
|
||||
if password is None:
|
||||
return False
|
||||
password_utf8 = password.encode('utf-8')
|
||||
check = bcrypt.hashpw(password_utf8, hashed[:29])
|
||||
return check == hashed
|
||||
|
||||
|
||||
|
|
|
@ -0,0 +1,40 @@
|
|||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||
|
||||
# Copyright 2012 Justin Santa Barbara
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from keystone import test
|
||||
from keystone.common import utils
|
||||
|
||||
|
||||
class UtilsTestCase(test.TestCase):
|
||||
def test_hash(self):
|
||||
password = 'right'
|
||||
wrong = 'wrongwrong' # Two wrongs don't make a right
|
||||
hashed = utils.hash_password(password)
|
||||
self.assertTrue(utils.check_password(password, hashed))
|
||||
self.assertFalse(utils.check_password(wrong, hashed))
|
||||
|
||||
def test_hash_edge_cases(self):
|
||||
hashed = utils.hash_password('secret')
|
||||
self.assertFalse(utils.check_password('', hashed))
|
||||
self.assertFalse(utils.check_password(None, hashed))
|
||||
|
||||
def test_hash_unicode(self):
|
||||
password = u'Comment \xe7a va'
|
||||
wrong = 'Comment ?a va'
|
||||
hashed = utils.hash_password(password)
|
||||
self.assertTrue(utils.check_password(password, hashed))
|
||||
self.assertFalse(utils.check_password(wrong, hashed))
|
Loading…
Reference in New Issue