[Checkins] SVN: zope.password/trunk/src/zope/password/password.py Correct slappasswd test to actually use the new salt, and fix urlsafe case.
Martijn Pieters
mj at zopatista.com
Sun Feb 20 10:45:38 EST 2011
Log message for revision 120472:
Correct slappasswd test to actually use the new salt, and fix urlsafe case.
The urlsafe backwards compatible mode is now covered with a test and actually works.
Changed:
U zope.password/trunk/src/zope/password/password.py
-=-
Modified: zope.password/trunk/src/zope/password/password.py
===================================================================
--- zope.password/trunk/src/zope/password/password.py 2011-02-20 15:37:28 UTC (rev 120471)
+++ zope.password/trunk/src/zope/password/password.py 2011-02-20 15:45:38 UTC (rev 120472)
@@ -115,11 +115,11 @@
standard LDAP tools that also use SSHA::
>>> from base64 import standard_b64decode
- >>> salt = standard_b64decode('XkOZbw==')
+ >>> salt = standard_b64decode('ja/vZQ==')
>>> password = 'secret'
>>> encoded = manager.encodePassword(password, salt)
>>> encoded
- '{SSHA}J4mrr3NQHXzLVaT0h9TuEWoJOrxeQ5lv'
+ '{SSHA}x3HIoiF9y6YRi/I4W1fkptbzTDiNr+9l'
>>> manager.checkPassword(encoded, password)
True
@@ -143,6 +143,14 @@
>>> manager.match('{MD5}someotherhash')
False
+ An older version of this manager used the urlsafe variant of the base64
+ encoding (replacing / and + characters with _ and - respectively). Hashes
+ encoded with the old manager are still supported::
+
+ >>> encoded = '{SSHA}x3HIoiF9y6YRi_I4W1fkptbzTDiNr-9l'
+ >>> manager.checkPassword(encoded, 'secret')
+ True
+
"""
def encodePassword(self, password, salt=None):
@@ -158,9 +166,11 @@
# should not contain non-ascii characters anyway.
encoded_password = encoded_password.encode('ascii')[6:]
if '_' in encoded_password or '-' in encoded_password:
- # Encoded using urlsafe_b64encode
+ # Encoded using old urlsafe_b64encode, re-encode
byte_string = urlsafe_b64decode(encoded_password)
- byte_string = standard_b64decode(encoded_password)
+ encoded_password = standard_b64encode(byte_string)
+ else:
+ byte_string = standard_b64decode(encoded_password)
salt = byte_string[20:]
return encoded_password == self.encodePassword(password, salt)[6:]
More information about the checkins
mailing list