[Checkins] SVN: zope.password/trunk/src/zope/password/password.py Correct slappasswd test to actually use the new salt, and fix urlsafe case.

Martijn Pieters mj at zopatista.com
Sun Feb 20 10:45:38 EST 2011 

Log message for revision 120472:
  Correct slappasswd test to actually use the new salt, and fix urlsafe case.
  
  The urlsafe backwards compatible mode is now covered with a test and actually works.

Changed:
  U   zope.password/trunk/src/zope/password/password.py

-=-
Modified: zope.password/trunk/src/zope/password/password.py
===================================================================
--- zope.password/trunk/src/zope/password/password.py	2011-02-20 15:37:28 UTC (rev 120471)
+++ zope.password/trunk/src/zope/password/password.py	2011-02-20 15:45:38 UTC (rev 120472)
@@ -115,11 +115,11 @@
     standard LDAP tools that also use SSHA::
 
     >>> from base64 import standard_b64decode
-    >>> salt = standard_b64decode('XkOZbw==')
+    >>> salt = standard_b64decode('ja/vZQ==')
     >>> password = 'secret'
     >>> encoded = manager.encodePassword(password, salt)
     >>> encoded
-    '{SSHA}J4mrr3NQHXzLVaT0h9TuEWoJOrxeQ5lv'
+    '{SSHA}x3HIoiF9y6YRi/I4W1fkptbzTDiNr+9l'
 
     >>> manager.checkPassword(encoded, password)
     True
@@ -143,6 +143,14 @@
     >>> manager.match('{MD5}someotherhash')
     False
 
+    An older version of this manager used the urlsafe variant of the base64
+    encoding (replacing / and + characters with _ and - respectively). Hashes
+    encoded with the old manager are still supported::
+
+    >>> encoded = '{SSHA}x3HIoiF9y6YRi_I4W1fkptbzTDiNr-9l'
+    >>> manager.checkPassword(encoded, 'secret')
+    True
+
     """
 
     def encodePassword(self, password, salt=None):
@@ -158,9 +166,11 @@
         # should not contain non-ascii characters anyway.
         encoded_password = encoded_password.encode('ascii')[6:]
         if '_' in encoded_password or '-' in encoded_password:
-            # Encoded using urlsafe_b64encode
+            # Encoded using old urlsafe_b64encode, re-encode
             byte_string = urlsafe_b64decode(encoded_password)
-        byte_string = standard_b64decode(encoded_password)
+            encoded_password = standard_b64encode(byte_string)
+        else:
+            byte_string = standard_b64decode(encoded_password)
         salt = byte_string[20:]
         return encoded_password == self.encodePassword(password, salt)[6:]

More information about the checkins mailing list