[Checkins]
SVN: PluggableAuthService/branches/shh-authentication-caching/plugins/
Fixed double-encryption bug in ZODBUserManager.
Stefan H. Holek
stefan at epy.co.at
Mon Aug 14 14:16:39 EDT 2006
Log message for revision 69489:
Fixed double-encryption bug in ZODBUserManager.
Changed:
U PluggableAuthService/branches/shh-authentication-caching/plugins/ZODBUserManager.py
U PluggableAuthService/branches/shh-authentication-caching/plugins/tests/test_ZODBUserManager.py
-=-
Modified: PluggableAuthService/branches/shh-authentication-caching/plugins/ZODBUserManager.py
===================================================================
--- PluggableAuthService/branches/shh-authentication-caching/plugins/ZODBUserManager.py 2006-08-14 18:15:44 UTC (rev 69488)
+++ PluggableAuthService/branches/shh-authentication-caching/plugins/ZODBUserManager.py 2006-08-14 18:16:38 UTC (rev 69489)
@@ -279,7 +279,7 @@
if self._login_to_userid.get( login_name ) is not None:
raise KeyError, 'Duplicate login name: %s' % login_name
- self._user_passwords[ user_id ] = AuthEncoding.pw_encrypt( password )
+ self._user_passwords[ user_id ] = self._pw_encrypt( password)
self._login_to_userid[ login_name ] = user_id
self._userid_to_login[ user_id ] = login_name
@@ -322,9 +322,19 @@
raise KeyError, 'Invalid user ID: %s' % user_id
if password:
- digested = AuthEncoding.pw_encrypt( password )
- self._user_passwords[ user_id ] = digested
+ self._user_passwords[ user_id ] = self._pw_encrypt( password )
+ security.declarePrivate( '_pw_encrypt' )
+ def _pw_encrypt( self, password ):
+ """Returns the AuthEncoding encrypted password
+
+ If 'password' is already encrypted, it is returned
+ as is and not encrypted again.
+ """
+ if AuthEncoding.is_encrypted( password ):
+ return password
+ return AuthEncoding.pw_encrypt( password )
+
#
# ZMI
#
Modified: PluggableAuthService/branches/shh-authentication-caching/plugins/tests/test_ZODBUserManager.py
===================================================================
--- PluggableAuthService/branches/shh-authentication-caching/plugins/tests/test_ZODBUserManager.py 2006-08-14 18:15:44 UTC (rev 69488)
+++ PluggableAuthService/branches/shh-authentication-caching/plugins/tests/test_ZODBUserManager.py 2006-08-14 18:16:38 UTC (rev 69489)
@@ -426,7 +426,83 @@
info = zum.enumerateUsers(id='special__luser', exact_match=True)
self.assertEqual(len(info), 0)
+ def test_addUser_with_not_yet_encrypted_password(self):
+ # See collector #1869 && #1926
+ from AccessControl.AuthEncoding import is_encrypted
+ USER_ID = 'not_yet_encrypted'
+ PASSWORD = 'password'
+
+ self.failIf(is_encrypted(PASSWORD))
+
+ zum = self._makeOne()
+ zum.addUser(USER_ID, USER_ID, PASSWORD)
+
+ uid_and_info = zum.authenticateCredentials(
+ { 'login': USER_ID
+ , 'password': PASSWORD
+ })
+
+ self.assertEqual(uid_and_info, (USER_ID, USER_ID))
+
+ def test_addUser_with_preencrypted_password(self):
+ # See collector #1869 && #1926
+ from AccessControl.AuthEncoding import pw_encrypt
+
+ USER_ID = 'already_encrypted'
+ PASSWORD = 'password'
+
+ ENCRYPTED = pw_encrypt(PASSWORD)
+
+ zum = self._makeOne()
+ zum.addUser(USER_ID, USER_ID, ENCRYPTED)
+
+ uid_and_info = zum.authenticateCredentials(
+ { 'login': USER_ID
+ , 'password': PASSWORD
+ })
+
+ self.assertEqual(uid_and_info, (USER_ID, USER_ID))
+
+ def test_updateUserPassword_with_not_yet_encrypted_password(self):
+ from AccessControl.AuthEncoding import is_encrypted
+
+ USER_ID = 'not_yet_encrypted'
+ PASSWORD = 'password'
+
+ self.failIf(is_encrypted(PASSWORD))
+
+ zum = self._makeOne()
+ zum.addUser(USER_ID, USER_ID, '')
+ zum.updateUserPassword(USER_ID, PASSWORD)
+
+ uid_and_info = zum.authenticateCredentials(
+ { 'login': USER_ID
+ , 'password': PASSWORD
+ })
+
+ self.assertEqual(uid_and_info, (USER_ID, USER_ID))
+
+ def test_updateUserPassword_with_preencrypted_password(self):
+ from AccessControl.AuthEncoding import pw_encrypt
+
+ USER_ID = 'already_encrypted'
+ PASSWORD = 'password'
+
+ ENCRYPTED = pw_encrypt(PASSWORD)
+
+ zum = self._makeOne()
+ zum.addUser(USER_ID, USER_ID, '')
+ zum.updateUserPassword(USER_ID, ENCRYPTED)
+
+ uid_and_info = zum.authenticateCredentials(
+ { 'login': USER_ID
+ , 'password': PASSWORD
+ })
+
+ self.assertEqual(uid_and_info, (USER_ID, USER_ID))
+
+
if __name__ == "__main__":
unittest.main()
More information about the Checkins
mailing list