From 1e8ca52e3c9629e8f1998d5fc8689cb871ee0e1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= Date: Sat, 16 Nov 2019 13:47:41 +0100 Subject: [PATCH] misc: adapt password checking to py3 (#36515) --- tests/test_register.py | 7 +++++-- wcs/qommon/ident/password_accounts.py | 7 ++++--- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/tests/test_register.py b/tests/test_register.py index 880f02614..be153baad 100644 --- a/tests/test_register.py +++ b/tests/test_register.py @@ -1,9 +1,12 @@ +# -*- coding: utf-8 -*- + import pytest import hashlib import re import shutil from quixote import cleanup +from wcs.qommon import force_str from wcs.qommon.http_request import HTTPRequest from wcs.qommon.ident.password_accounts import PasswordAccount @@ -104,14 +107,14 @@ def test_user_password_hashing(pub): do_user_registration(pub) account = PasswordAccount.get('foo') - assert account.password == hashlib.sha256('bar').hexdigest() + assert account.password == hashlib.sha256(b'bar').hexdigest() def test_user_password_accents(pub): pub.user_class.wipe() PasswordAccount.wipe() pub.cfg['passwords'] = {'generate': False, 'hashing_algo': None} pub.write_cfg() - password = u'foo\u00eb'.encode('utf-8') + password = force_str(u'fooƫ') do_user_registration(pub, password=password) account = PasswordAccount.get('foo') diff --git a/wcs/qommon/ident/password_accounts.py b/wcs/qommon/ident/password_accounts.py index 6707620e0..903b25f18 100644 --- a/wcs/qommon/ident/password_accounts.py +++ b/wcs/qommon/ident/password_accounts.py @@ -16,8 +16,10 @@ import hashlib +from django.utils.encoding import force_bytes, force_text from quixote import get_publisher +from wcs.qommon import force_str from ..storage import StorableObject HASHING_ALGOS = { @@ -61,11 +63,10 @@ class PasswordAccount(StorableObject): if self.hashing_algo is None: return (self.password == password) else: - return (self.password == HASHING_ALGOS.get(self.hashing_algo)(password).hexdigest()) + return (self.password == force_str(HASHING_ALGOS.get(self.hashing_algo)(force_bytes(password)).hexdigest())) def set_password(self, password): if self.hashing_algo is None: self.password = password else: - self.password = HASHING_ALGOS.get(self.hashing_algo)(password).hexdigest() - + self.password = force_str(HASHING_ALGOS.get(self.hashing_algo)(force_bytes(password)).hexdigest())