misc: adapt password storage (#36515)
This commit is contained in:
parent
191f01bd7e
commit
badde34b2e
|
@ -21,7 +21,9 @@ from django.utils.six import StringIO, BytesIO
|
|||
from django.utils.six.moves.urllib import parse as urlparse
|
||||
|
||||
from quixote.http_request import Upload as QuixoteUpload
|
||||
from django.utils.encoding import force_text
|
||||
from django.utils.encoding import force_bytes, force_text
|
||||
|
||||
from wcs.qommon import force_str
|
||||
from wcs.qommon.emails import docutils
|
||||
from wcs.qommon.form import UploadedFile
|
||||
from wcs.qommon.ident.password_accounts import PasswordAccount
|
||||
|
@ -2017,15 +2019,15 @@ def form_password_field_submit(app, password):
|
|||
data_id = formdef.data_class().select()[0].id
|
||||
data = formdef.data_class().get(data_id)
|
||||
assert data.data == {'0': {
|
||||
'sha1': hashlib.sha1(password).hexdigest(),
|
||||
'md5': hashlib.md5(password).hexdigest(),
|
||||
'cleartext': force_text(password, 'utf-8'),
|
||||
'sha1': force_str(hashlib.sha1(force_bytes(password)).hexdigest()),
|
||||
'md5': force_str(hashlib.md5(force_bytes(password)).hexdigest()),
|
||||
'cleartext': force_str(password),
|
||||
}}
|
||||
|
||||
def test_form_password_field_submit(pub):
|
||||
user = create_user(pub)
|
||||
form_password_field_submit(get_app(pub), 'foobar')
|
||||
form_password_field_submit(get_app(pub), '\xe2\x80\xa2\t83003706')
|
||||
form_password_field_submit(get_app(pub), force_str(u'• 83003706'))
|
||||
form_password_field_submit(login(get_app(pub), username='foo', password='foo'), 'foobar\u00eb')
|
||||
|
||||
def test_form_multi_page_formdef_count_condition(pub):
|
||||
|
|
|
@ -62,7 +62,7 @@ from quixote.form import *
|
|||
from quixote.html import htmltext, htmltag, htmlescape, TemplateIO
|
||||
from quixote.util import randbytes
|
||||
|
||||
from django.utils.encoding import force_text
|
||||
from django.utils.encoding import force_bytes, force_text
|
||||
from django.utils import six
|
||||
from django.utils.six.moves.html_parser import HTMLParser
|
||||
from django.utils.six import StringIO
|
||||
|
@ -74,10 +74,10 @@ from .template import render as render_template, Template, TemplateError
|
|||
from ..portfolio import has_portfolio
|
||||
from wcs.conditions import Condition, ValidationError
|
||||
|
||||
from . import _, ngettext
|
||||
from . import _, ngettext, force_str
|
||||
from . import misc
|
||||
from .humantime import humanduration2seconds, seconds2humanduration, timewords
|
||||
from .misc import strftime, C_, HAS_PDFTOPPM
|
||||
from .misc import strftime, C_, HAS_PDFTOPPM, json_loads
|
||||
from .publisher import get_cfg
|
||||
from .template_utils import render_block_to_string
|
||||
|
||||
|
@ -2076,7 +2076,7 @@ class PasswordEntryWidget(CompositeWidget):
|
|||
required=kwargs.get('required', False),
|
||||
autocomplete='off')
|
||||
else:
|
||||
encoded_value = base64.encodestring(json.dumps(value))
|
||||
encoded_value = force_text(base64.encodestring(force_bytes(json.dumps(value))))
|
||||
if value:
|
||||
fake_value = '*' * 8
|
||||
else:
|
||||
|
@ -2120,8 +2120,8 @@ $(function() {
|
|||
def _parse(self, request):
|
||||
CompositeWidget._parse(self, request)
|
||||
if request.form.get('%s$encoded' % self.name):
|
||||
self.value = json.loads(base64.decodestring(
|
||||
request.form.get('%s$encoded' % self.name)))
|
||||
self.value = json_loads(base64.decodestring(
|
||||
force_bytes(request.form.get('%s$encoded' % self.name))))
|
||||
return
|
||||
pwd1 = self.get('pwd1') or ''
|
||||
|
||||
|
@ -2177,9 +2177,9 @@ $(function() {
|
|||
pwd1 = None
|
||||
|
||||
PASSWORD_FORMATS = {
|
||||
'cleartext': lambda x: x,
|
||||
'md5': lambda x: hashlib.md5(x).hexdigest(),
|
||||
'sha1': lambda x: hashlib.sha1(x).hexdigest(),
|
||||
'cleartext': lambda x: force_str(x),
|
||||
'md5': lambda x: force_str(hashlib.md5(force_bytes(x)).hexdigest()),
|
||||
'sha1': lambda x: force_str(hashlib.sha1(force_bytes(x)).hexdigest()),
|
||||
}
|
||||
|
||||
if pwd1:
|
||||
|
|
|
@ -30,7 +30,7 @@ from django.utils.six import BytesIO
|
|||
|
||||
from quixote import get_publisher
|
||||
from . import qommon
|
||||
from wcs.qommon import PICKLE_KWARGS
|
||||
from wcs.qommon import force_str, PICKLE_KWARGS
|
||||
from .qommon.storage import _take, parse_clause as parse_storage_clause
|
||||
from .qommon.substitution import invalidate_substitution_cache
|
||||
from .qommon import get_cfg
|
||||
|
@ -1140,7 +1140,10 @@ class SqlMixin(object):
|
|||
if value is not None:
|
||||
if field.key in ('ranked-items', 'password'):
|
||||
# turn {'poire': 2, 'abricot': 1, 'pomme': 3} into an array
|
||||
value = [[x, site_unicode(y).encode('utf-8')] for x, y in value.items()]
|
||||
if six.PY2:
|
||||
value = [[x, site_unicode(y).encode('utf-8')] for x, y in value.items()]
|
||||
else:
|
||||
value = [[force_str(x), force_str(y)] for x, y in value.items()]
|
||||
elif sql_type == 'varchar':
|
||||
assert isinstance(value, six.string_types)
|
||||
elif sql_type == 'date':
|
||||
|
@ -1182,7 +1185,7 @@ class SqlMixin(object):
|
|||
elif field.key == 'password':
|
||||
d = {}
|
||||
for fmt, val in value:
|
||||
d[fmt] = force_text(val, 'utf-8')
|
||||
d[fmt] = force_str(val)
|
||||
value = d
|
||||
if sql_type == 'date':
|
||||
value = value.timetuple()
|
||||
|
|
Loading…
Reference in New Issue