def test_upgrade_from_pbkdf2_with_less_rounds(self):
'''set up a pbkdf key with less than the default rounds
If the number of default_rounds is increased in a later version of
passlib, ckan should upgrade the password hashes for people without
involvement from users'''
user = factories.User()
password = u'testpassword'
user_obj = model.User.by_name(user['name'])
# setup hash with salt/rounds less than the default
old_hash = pbkdf2_sha512.encrypt(password, salt_size=2, rounds=10)
user_obj._password = old_hash
user_obj.save()
nt.assert_true(user_obj.validate_password(password.encode('utf-8')))
# check that the hash has been updated
nt.assert_not_equals(old_hash, user_obj.password)
new_hash = pbkdf2_sha512.from_string(user_obj.password)
nt.assert_true(pbkdf2_sha512.default_rounds > 10)
nt.assert_equals(pbkdf2_sha512.default_rounds, new_hash.rounds)
nt.assert_true(pbkdf2_sha512.default_salt_size, 2)
nt.assert_equals(pbkdf2_sha512.default_salt_size,
len(new_hash.salt))
nt.assert_true(pbkdf2_sha512.verify(password, user_obj.password))
评论列表
文章目录
