[Checkins] SVN: zope.app.authentication/branches/ulif-saltfix/src/zope/app/authentication/password.py Add an SSHA password manager.

Uli Fouquet uli at gnufix.de
Wed Jan 21 06:58:57 EST 2009 

Log message for revision 94896:
  Add an SSHA password manager.

Changed:
  U   zope.app.authentication/branches/ulif-saltfix/src/zope/app/authentication/password.py

-=-
Modified: zope.app.authentication/branches/ulif-saltfix/src/zope/app/authentication/password.py
===================================================================
--- zope.app.authentication/branches/ulif-saltfix/src/zope/app/authentication/password.py	2009-01-21 11:14:47 UTC (rev 94895)
+++ zope.app.authentication/branches/ulif-saltfix/src/zope/app/authentication/password.py	2009-01-21 11:58:57 UTC (rev 94896)
@@ -24,6 +24,9 @@
     from md5 import new as md5
     from sha import new as sha1
 
+from base64 import urlsafe_b64encode
+from base64 import urlsafe_b64decode
+from os import urandom
 from random import randint
 from codecs import getencoder
 
@@ -148,12 +151,56 @@
         salt = storedPassword[:-40]
         return storedPassword == self.encodePassword(password, salt)
 
+class SSHAPasswordManager(PlainTextPasswordManager):
+    """SSHA password manager.
 
+    >>> from zope.interface.verify import verifyObject
+
+    >>> manager = SSHAPasswordManager()
+    >>> verifyObject(IPasswordManager, manager)
+    True
+
+    >>> password = u"right \N{CYRILLIC CAPITAL LETTER A}"
+    >>> encoded = manager.encodePassword(password, salt="")
+    >>> encoded
+    '{SSHA}BLTuxxVMXzouxtKVb7gLgNxzdAI='
+
+    >>> manager.checkPassword(encoded, password)
+    True
+    >>> manager.checkPassword(encoded, password + u"wrong")
+    False
+
+    >>> encoded = manager.encodePassword(password)
+    >>> manager.checkPassword(encoded, password)
+    True
+    >>> manager.checkPassword(encoded, password + u"wrong")
+    False
+
+    >>> manager.encodePassword(password) != manager.encodePassword(password)
+    True
+    """
+
+    implements(IPasswordManager)
+
+    def encodePassword(self, password, salt=None):
+        if salt is None:
+            salt = urandom(4)
+        hash = sha1(_encoder(password)[0])
+        hash.update(salt)
+        return '{SSHA}' + urlsafe_b64encode(
+            hash.digest() + salt)
+
+    def checkPassword(self, storedPassword, password):
+        byte_string = urlsafe_b64decode(storedPassword[6:])
+        salt = byte_string[20:]
+        return storedPassword == self.encodePassword(password, salt)
+
 # Simple registry used by mkzopeinstance script
 managers = [
     ("Plain Text", PlainTextPasswordManager()), # default
     ("MD5", MD5PasswordManager()),
     ("SHA1", SHA1PasswordManager()),
+    ("SSHA", SSHAPasswordManager()),
 ]

More information about the Checkins mailing list