[Checkins] SVN: PluggableAuthService/branches/shh-authentication-caching/plugins/ Fixed double-encryption bug in ZODBUserManager.

Stefan H. Holek stefan at epy.co.at
Mon Aug 14 14:16:39 EDT 2006


Log message for revision 69489:
  Fixed double-encryption bug in ZODBUserManager.
  

Changed:
  U   PluggableAuthService/branches/shh-authentication-caching/plugins/ZODBUserManager.py
  U   PluggableAuthService/branches/shh-authentication-caching/plugins/tests/test_ZODBUserManager.py

-=-
Modified: PluggableAuthService/branches/shh-authentication-caching/plugins/ZODBUserManager.py
===================================================================
--- PluggableAuthService/branches/shh-authentication-caching/plugins/ZODBUserManager.py	2006-08-14 18:15:44 UTC (rev 69488)
+++ PluggableAuthService/branches/shh-authentication-caching/plugins/ZODBUserManager.py	2006-08-14 18:16:38 UTC (rev 69489)
@@ -279,7 +279,7 @@
         if self._login_to_userid.get( login_name ) is not None:
             raise KeyError, 'Duplicate login name: %s' % login_name
 
-        self._user_passwords[ user_id ] = AuthEncoding.pw_encrypt( password )
+        self._user_passwords[ user_id ] = self._pw_encrypt( password)
         self._login_to_userid[ login_name ] = user_id
         self._userid_to_login[ user_id ] = login_name
 
@@ -322,9 +322,19 @@
             raise KeyError, 'Invalid user ID: %s' % user_id
 
         if password:
-            digested = AuthEncoding.pw_encrypt( password )
-            self._user_passwords[ user_id ] = digested
+            self._user_passwords[ user_id ] = self._pw_encrypt( password )
 
+    security.declarePrivate( '_pw_encrypt' )
+    def _pw_encrypt( self, password ):
+        """Returns the AuthEncoding encrypted password
+
+        If 'password' is already encrypted, it is returned
+        as is and not encrypted again.
+        """
+        if AuthEncoding.is_encrypted( password ):
+            return password
+        return AuthEncoding.pw_encrypt( password )
+
     #
     #   ZMI
     #

Modified: PluggableAuthService/branches/shh-authentication-caching/plugins/tests/test_ZODBUserManager.py
===================================================================
--- PluggableAuthService/branches/shh-authentication-caching/plugins/tests/test_ZODBUserManager.py	2006-08-14 18:15:44 UTC (rev 69488)
+++ PluggableAuthService/branches/shh-authentication-caching/plugins/tests/test_ZODBUserManager.py	2006-08-14 18:16:38 UTC (rev 69489)
@@ -426,7 +426,83 @@
         info = zum.enumerateUsers(id='special__luser', exact_match=True)
         self.assertEqual(len(info), 0)
 
+    def test_addUser_with_not_yet_encrypted_password(self):
+        # See collector #1869 && #1926
+        from AccessControl.AuthEncoding import is_encrypted
 
+        USER_ID = 'not_yet_encrypted'
+        PASSWORD = 'password'
+
+        self.failIf(is_encrypted(PASSWORD))
+
+        zum = self._makeOne()
+        zum.addUser(USER_ID, USER_ID, PASSWORD)
+
+        uid_and_info = zum.authenticateCredentials(
+                                { 'login': USER_ID
+                                , 'password': PASSWORD
+                                })
+
+        self.assertEqual(uid_and_info, (USER_ID, USER_ID))
+
+    def test_addUser_with_preencrypted_password(self):
+        # See collector #1869 && #1926
+        from AccessControl.AuthEncoding import pw_encrypt
+
+        USER_ID = 'already_encrypted'
+        PASSWORD = 'password'
+
+        ENCRYPTED = pw_encrypt(PASSWORD)
+
+        zum = self._makeOne()
+        zum.addUser(USER_ID, USER_ID, ENCRYPTED)
+
+        uid_and_info = zum.authenticateCredentials(
+                                { 'login': USER_ID
+                                , 'password': PASSWORD
+                                })
+
+        self.assertEqual(uid_and_info, (USER_ID, USER_ID))
+
+    def test_updateUserPassword_with_not_yet_encrypted_password(self):
+        from AccessControl.AuthEncoding import is_encrypted
+
+        USER_ID = 'not_yet_encrypted'
+        PASSWORD = 'password'
+
+        self.failIf(is_encrypted(PASSWORD))
+
+        zum = self._makeOne()
+        zum.addUser(USER_ID, USER_ID, '')
+        zum.updateUserPassword(USER_ID, PASSWORD)
+
+        uid_and_info = zum.authenticateCredentials(
+                                { 'login': USER_ID
+                                , 'password': PASSWORD
+                                })
+
+        self.assertEqual(uid_and_info, (USER_ID, USER_ID))
+
+    def test_updateUserPassword_with_preencrypted_password(self):
+        from AccessControl.AuthEncoding import pw_encrypt
+
+        USER_ID = 'already_encrypted'
+        PASSWORD = 'password'
+
+        ENCRYPTED = pw_encrypt(PASSWORD)
+
+        zum = self._makeOne()
+        zum.addUser(USER_ID, USER_ID, '')
+        zum.updateUserPassword(USER_ID, ENCRYPTED)
+
+        uid_and_info = zum.authenticateCredentials(
+                                { 'login': USER_ID
+                                , 'password': PASSWORD
+                                })
+
+        self.assertEqual(uid_and_info, (USER_ID, USER_ID))
+
+
 if __name__ == "__main__":
     unittest.main()
 



More information about the Checkins mailing list