entrouvert/wcs
entrouvert
/
wcs
14
1
Fork 0
Code Issues Pull Requests 39 Releases Activity

misc: adapt password checking to py3 (#36515)

This commit is contained in:
Frédéric Péters 2019-11-16 13:47:41 +01:00
parent 00fc3deef0
commit 1e8ca52e3c
2 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
tests/test_register.py
View File

@ -1,9 +1,12 @@
# -*- coding: utf-8 -*-
import pytest
import hashlib
import re
import shutil
from quixote import cleanup
from wcs.qommon import force_str
from wcs.qommon.http_request import HTTPRequest
from wcs.qommon.ident.password_accounts import PasswordAccount
@ -104,14 +107,14 @@ def test_user_password_hashing(pub):
do_user_registration(pub)
account = PasswordAccount.get('foo')
assert account.password == hashlib.sha256('bar').hexdigest()
assert account.password == hashlib.sha256(b'bar').hexdigest()
def test_user_password_accents(pub):
pub.user_class.wipe()
PasswordAccount.wipe()
pub.cfg['passwords'] = {'generate': False, 'hashing_algo': None}
pub.write_cfg()
password = u'foo\u00eb'.encode('utf-8')
password = force_str(u'fooë')
do_user_registration(pub, password=password)
account = PasswordAccount.get('foo')

7
wcs/qommon/ident/password_accounts.py
View File

@ -16,8 +16,10 @@
import hashlib
from django.utils.encoding import force_bytes, force_text
from quixote import get_publisher
from wcs.qommon import force_str
from ..storage import StorableObject
HASHING_ALGOS = {
@ -61,11 +63,10 @@ class PasswordAccount(StorableObject):
if self.hashing_algo is None:
return (self.password == password)
else:
return (self.password == HASHING_ALGOS.get(self.hashing_algo)(password).hexdigest())
return (self.password == force_str(HASHING_ALGOS.get(self.hashing_algo)(force_bytes(password)).hexdigest()))
def set_password(self, password):
if self.hashing_algo is None:
self.password = password
else:
self.password = HASHING_ALGOS.get(self.hashing_algo)(password).hexdigest()
self.password = force_str(HASHING_ALGOS.get(self.hashing_algo)(force_bytes(password)).hexdigest())