def make_password(self, password, salt=None, hasher="default"):
"""
Passlib replacement for make_password()
"""
if password is None:
return self._orig_make_password(None)
# NOTE: relying on hasher coming from context, and thus having
# context-specific config baked into it.
passlib_hasher = self.django_to_passlib(hasher)
if "salt" not in passlib_hasher.setting_kwds:
# ignore salt param even if preset
pass
elif hasher.startswith("unsalted_"):
# Django uses a separate 'unsalted_sha1' hasher for "sha1$$digest",
# but passlib just reuses it's "sha1" handler ("sha1$salt$digest"). To make
# this work, have to explicitly tell the sha1 handler to use an empty salt.
passlib_hasher = passlib_hasher.using(salt="")
elif salt:
# Django make_password() autogenerates a salt if salt is bool False (None / ''),
# so we only pass the keyword on if there's actually a fixed salt.
passlib_hasher = passlib_hasher.using(salt=salt)
return passlib_hasher.hash(password)
python类make_password()的实例源码
def test_91_django_generation(self):
"""test against output of Django's make_password()"""
self._require_django_support()
# XXX: esp. when it's no longer supported by django,
# should verify it's *NOT* recognized
from passlib.utils import tick
from django.contrib.auth.hashers import make_password
name = self.handler.django_name # set for all the django_* handlers
end = tick() + self.max_fuzz_time/2
generator = self.FuzzHashGenerator(self, self.getRandom())
while tick() < end:
secret, other = generator.random_password_pair()
if not secret: # django rejects empty passwords.
continue
if self.django_has_encoding_glitch and isinstance(secret, bytes):
# e.g. unsalted_md5 tried to combine salt + password before encoding to bytes,
# leading to ascii error. this works around that issue.
secret = secret.decode("utf-8")
hash = make_password(secret, hasher=name)
self.assertTrue(self.do_identify(hash))
self.assertTrue(self.do_verify(secret, hash))
self.assertFalse(self.do_verify(other, hash))
def _init_test_school_master(self):
if hasattr(self, '_school_master'):
return
self.school_master = "school_master_1LlwZyCR3"
self.school_master_pswd = "123"
user_data = {
'password': make_password(self.school_master_pswd),
'is_staff': True,
'is_superuser': True,
}
user, _ = User.objects.get_or_create(username=self.school_master, defaults=user_data)
user.groups.add(Group.objects.get(name="?????"))
school = models.School.objects.filter(opened=True).first()
_school_master, _ = models.SchoolMaster.objects.get_or_create(user=user, defaults={
"school": school, "name": "test_schoolmaster"
})
self._school_master = _school_master
def _init_test_lecturer(self):
if hasattr(self, '_lecturer'):
return
self.lecturer = "lecturer_oUP1zwTO9"
self.lecturer_pswd = "123"
user_data = {
'password': make_password(self.lecturer_pswd),
'is_staff': False,
'is_superuser': False,
}
user, _ = User.objects.get_or_create(username=self.lecturer,
defaults=user_data)
_lecturer, _ = models.Lecturer.objects.get_or_create(
user=user,
defaults={
"subject": models.Subject.get_english(),
"name": "kaoru"
})
self._lecturer = _lecturer
def new_student() -> User:
# ????
username = random_string()[:30]
salt = random_string()[:5]
password = "malalaoshi"
user = User(username=username)
user.email = ""
user.password = make_password(password, salt)
user.save()
student_group = Group.objects.get(name="??")
user.groups.add(student_group)
# ??????
profile = Profile(user=user)
profile.save()
student = Student(user=user)
student.save()
# ????
user.save()
profile.save()
student.save()
ret_user = authenticate(username=username, password=password)
return ret_user
def new_parent()->User:
# ????
username = random_string()[:30]
salt = random_string()[:5]
password = "malalaoshi"
user = User(username=username)
user.email = ""
user.password = make_password(password, salt)
user.save()
parent_group = Group.objects.get(name="??")
user.groups.add(parent_group)
# ??????
profile = Profile(user=user)
profile.save()
parent = Parent(user=user)
parent.save()
# ????
user.save()
profile.save()
parent.save()
ret_user = authenticate(username=username, password=password)
return ret_user
def post(self,request):
modify_form = ModifyPwdForm(request.POST)
if modify_form.is_valid():
password1 = request.POST.get('password1','')
password2 = request.POST.get('password2','')
email = request.POST.get('email','')
if password1 != password2:
return render(request,'password_reset.html',{'email':email,'msg':u'?????'})
user = UserProfile.objects.get(email=email)
user.password = make_password(password2)
user.save()
return render(request,'login.html')
else:
email = request.POST.get('email','')
return render(request,'password_reset.html',{'email': email, 'modify_form': modify_form})
def post(self,request):
register_form = RegisterForm(request.POST)
if register_form.is_valid():
user_name = request.POST.get('email','')
if UserProfile.objects.filter(email=user_name):
return render(request,'register.html',{'register_form':register_form, 'msg':'??????'})
pass_word = request.POST.get('password','')
user_profile = UserProfile()
user_profile.username = user_name
user_profile.email = user_name
user_profile.password = make_password(pass_word)
user_profile.is_active = False
user_profile.save()
send_register_email(user_name,'register')
return render(request,'login.html',{})
else:
return render(request,'register.html',{'register_form':register_form})
def edit(request, user_id):
user = Users.objects.get(id=int(user_id))
if not user:
return HttpResponseBadRequest(u"????")
if request.POST:
user.department = request.POST.get("department")
user.realname = request.POST.get("realname")
user.phone = request.POST.get("phone")
user.role = request.POST.get("role")
user.is_active = request.POST.get("is_active")
password = request.POST.get("password")
if password:
loginUser = request.session.get('login_username')
loginUserOb = Users.objects.get(username=loginUser)
# ??????????????, ????????????????
if loginUser == user.username or loginUserOb.role in (1, 2):
user.password = make_password(password, salt=None, hasher='default')
else:
context = {'errMsg': '???????????????????????????'}
return render(request, 'error.html', context)
user.save()
return HttpResponseRedirect("/account/index")
context = {'user': user, 'ROLE_DICT': ROLE_DICT, 'DEPART_DICT': DEPART_DICT}
return render(request, 'account/edit.html', context)
def test_91_django_generation(self):
"test against output of Django's make_password()"
from passlib.tests.test_ext_django import DJANGO_VERSION
# make_password() not added until 1.4
min_django_version = max(self.min_django_version, (1,4))
if DJANGO_VERSION < min_django_version:
raise self.skipTest("Django >= %s not installed" % vstr(min_django_version))
from passlib.utils import tick
from django.contrib.auth.hashers import make_password
name = self.handler.django_name # set for all the django_* handlers
end = tick() + self.max_fuzz_time/2
while tick() < end:
secret, other = self.get_fuzz_password_pair()
if not secret: # django 1.4 rejects empty passwords.
continue
if DJANGO_VERSION >= (1,5) and self.django_has_encoding_glitch and isinstance(secret, bytes):
# e.g. unsalted_md5 on 1.5 and higher try to combine
# salt + password before encoding to bytes, leading to ascii error.
# this works around that issue.
secret = secret.decode("utf-8")
hash = make_password(secret, hasher=name)
self.assertTrue(self.do_identify(hash))
self.assertTrue(self.do_verify(secret, hash))
self.assertFalse(self.do_verify(other, hash))
def setUp(self):
self.user_1 = G(
User,
is_staff=True,
is_active=True,
)
self.user_1.password = make_password('test_password123')
self.user_1.save()
self.user_2 = G(
User,
is_active=True,
)
self.user_2.password = make_password('test_password123')
self.user_2.save()
self.user_3 = G(
User,
is_active=False,
is_staff=True,
)
self.user_3.password = make_password('test_password123')
self.user_3.save()
def post(self, request):
register_form = RegisterForm(request.POST)
if register_form.is_valid():
user_name = request.POST.get("email", "")
if UserProfile.objects.filter(email=user_name):
return render(request, "register.html", {"msg": "??????", 'register_form': register_form})
pass_word = request.POST.get("password", "")
user_profile = UserProfile()
user_profile.username = user_name
user_profile.email = user_name
user_profile.is_active = False
user_profile.password = make_password(pass_word)
user_profile.save()
send_register_email(user_name, "register")
# ????????
user_message = UserMessage()
user_message.user = user_profile.id
user_message.message = "?????????"
user_message.save()
return render(request, "login.html")
else:
return render(request, "register.html", {'register_form': register_form} )
def test_91_django_generation(self):
"""test against output of Django's make_password()"""
from passlib.tests.test_ext_django import DJANGO_VERSION
# make_password() not added until 1.4
min_django_version = max(self.min_django_version, (1,4))
if DJANGO_VERSION < min_django_version:
raise self.skipTest("Django >= %s not installed" % vstr(min_django_version))
from passlib.utils import tick
from django.contrib.auth.hashers import make_password
name = self.handler.django_name # set for all the django_* handlers
end = tick() + self.max_fuzz_time/2
while tick() < end:
secret, other = self.get_fuzz_password_pair()
if not secret: # django 1.4 rejects empty passwords.
continue
if DJANGO_VERSION >= (1,5) and self.django_has_encoding_glitch and isinstance(secret, bytes):
# e.g. unsalted_md5 on 1.5 and higher try to combine
# salt + password before encoding to bytes, leading to ascii error.
# this works around that issue.
secret = secret.decode("utf-8")
hash = make_password(secret, hasher=name)
self.assertTrue(self.do_identify(hash))
self.assertTrue(self.do_verify(secret, hash))
self.assertFalse(self.do_verify(other, hash))
def admin(request):
add_user_form = AddUser(request.POST or None)
queryset = UserProfile.objects.all()
search = request.GET.get("search")
if search:
queryset = queryset.filter(username__icontains=search)
context = {
"title": "Admin",
"add_user_form": add_user_form,
"queryset": queryset,
}
if add_user_form.is_valid():
instance = add_user_form.save(commit=False)
passwd = add_user_form.cleaned_data.get("password")
instance.password = make_password(password=passwd,
salt='salt', )
instance.save()
reverse('profile')
return render(request, "users/sysadmin_dashboard.html", context)
def post(self, request):
register_form = RegisterForm(request.POST)
if register_form.is_valid():
user_name = request.POST.get('email', '')
if UserProfile.objects.filter(email=user_name):
return render(request, 'register.html', {"register_form": register_form, "msg": "??????"})
pass_word = request.POST.get('password', '')
user_profile = UserProfile()
user_profile.username = user_name
user_profile.email = user_name
user_profile.is_active = False
user_profile.password = make_password(pass_word)
user_profile.save()
send_register_email(user_name, "register")
return render(request, 'login.html')
else:
return render(request, 'register.html', {"register_form": register_form})
# ????
def post(self, request):
modify_form = ModifyPwdForm(request.POST)
email = request.POST.get('email', '')
if modify_form.is_valid():
pwd1 = request.POST.get('password1', '')
pwd2 = request.POST.get('password2', '')
if pwd1 != pwd2:
return render(request, 'password_reset.html', {'email': email, 'msg': '??????'})
user = UserProfile.objects.get(email=email)
user.password = make_password(pwd2)
user.save()
return render(request, 'login.html')
else:
return render(request, 'password_reset.html', {'email': email, 'modify_form': modify_form})
# ????
def post(self, request):
modify_form = ModifyPwdForm(request.POST)
res = dict()
if modify_form.is_valid():
pwd1 = request.POST.get('password1', '')
pwd2 = request.POST.get('password2', '')
if pwd1 != pwd2:
res['status'] = 'fail'
res['msg'] = '???????'
return HttpResponse(json.dumps(res), content_type='application/json')
user = request.user
user.password = make_password(pwd2)
user.save()
res['status'] = 'success'
res['msg'] = '??????'
else:
res = modify_form.errors
return HttpResponse(json.dumps(res), content_type='application/json')
# ?????????????
def make_password(self, password, salt=None, hasher="default"):
"""
Passlib replacement for make_password()
"""
if password is None:
return self._orig_make_password(None)
# NOTE: relying on hasher coming from context, and thus having
# context-specific config baked into it.
passlib_hasher = self.django_to_passlib(hasher)
if "salt" not in passlib_hasher.setting_kwds:
# ignore salt param even if preset
pass
elif hasher.startswith("unsalted_"):
# Django uses a separate 'unsalted_sha1' hasher for "sha1$$digest",
# but passlib just reuses it's "sha1" handler ("sha1$salt$digest"). To make
# this work, have to explicitly tell the sha1 handler to use an empty salt.
passlib_hasher = passlib_hasher.using(salt="")
elif salt:
# Django make_password() autogenerates a salt if salt is bool False (None / ''),
# so we only pass the keyword on if there's actually a fixed salt.
passlib_hasher = passlib_hasher.using(salt=salt)
return passlib_hasher.hash(password)
def test_91_django_generation(self):
"""test against output of Django's make_password()"""
self._require_django_support()
# XXX: esp. when it's no longer supported by django,
# should verify it's *NOT* recognized
from passlib.utils import tick
from django.contrib.auth.hashers import make_password
name = self.handler.django_name # set for all the django_* handlers
end = tick() + self.max_fuzz_time/2
generator = self.FuzzHashGenerator(self, self.getRandom())
while tick() < end:
secret, other = generator.random_password_pair()
if not secret: # django rejects empty passwords.
continue
if self.django_has_encoding_glitch and isinstance(secret, bytes):
# e.g. unsalted_md5 tried to combine salt + password before encoding to bytes,
# leading to ascii error. this works around that issue.
secret = secret.decode("utf-8")
hash = make_password(secret, hasher=name)
self.assertTrue(self.do_identify(hash))
self.assertTrue(self.do_verify(secret, hash))
self.assertFalse(self.do_verify(other, hash))
def test_91_django_generation(self):
"test against output of Django's make_password()"
from passlib.tests.test_ext_django import DJANGO_VERSION
# make_password() not added until 1.4
min_django_version = max(self.min_django_version, (1,4))
if DJANGO_VERSION < min_django_version:
raise self.skipTest("Django >= %s not installed" % vstr(min_django_version))
from passlib.utils import tick
from django.contrib.auth.hashers import make_password
name = self.handler.django_name # set for all the django_* handlers
end = tick() + self.max_fuzz_time/2
while tick() < end:
secret, other = self.get_fuzz_password_pair()
if not secret: # django 1.4 rejects empty passwords.
continue
if DJANGO_VERSION >= (1,5) and self.django_has_encoding_glitch and isinstance(secret, bytes):
# e.g. unsalted_md5 on 1.5 and higher try to combine
# salt + password before encoding to bytes, leading to ascii error.
# this works around that issue.
secret = secret.decode("utf-8")
hash = make_password(secret, hasher=name)
self.assertTrue(self.do_identify(hash))
self.assertTrue(self.do_verify(secret, hash))
self.assertFalse(self.do_verify(other, hash))
def post(self, request):
register_form = RegisterForm(request.POST)
if register_form.is_valid():
user_name = request.POST.get("email", "")
if UserProfile.objects.filter(email=user_name):
return render(request, "register.html", {"register_form": register_form, "message": "??????,???\r\n"
"????????"})
pass_word = request.POST.get("password", "")
user_profile = UserProfile()
user_profile.username = user_name
user_profile.email = user_name
user_profile.is_active = False
user_profile.password = pass_word
user_profile.password = make_password(pass_word)
user_profile.save()
send_register_email(user_name, "register")
return render(request, "login.html")
else:
return render(request, "register.html", {"register_form": register_form})
def post(self, request):
modify_form = ModifyPwdForm(request.POST)
if modify_form.is_valid():
pwd1 = request.POST.get("password1", "")
pwd2 = request.POST.get("password2", "")
email = request.POST.get("email", "")
if pwd1 != pwd2:
return render(request, "password_reset.html", {"email": email, "message": "???????????,?????!"})
user = UserProfile.objects.get(email=email)
user.password = make_password(pwd2)
user.save()
return render(request, "login.html")
else:
email = request.POST.get("email", "")
return render(request, "password_reset.html", {"email": email, "modify_form": modify_form})
def create(self, request, *args, **kwargs):
data = dict()
data['phone'] = request.data['phone']
if User.objects.filter(phone=data['phone']).exists():
return Response({'error': "account exist"}, status=status.HTTP_400_BAD_REQUEST)
data['name'] = request.data.get('name')
data['Email'] = request.data.get('Email')
password1 = request.data.get('password1')
password2 = request.data.get('password2')
if password1 != password2:
return Response({'error': "passwords inconsistent"}, status=status.HTTP_400_BAD_REQUEST)
if password1 is not None and password2 is not None:
serializer = UserSerializer(data=data)
if serializer.is_valid():
serializer.save()
user = User.objects.get(id=serializer.data['id'])
user.password = make_password(password1, "a", 'pbkdf2_sha256')[22:54]
user.save()
return Response({'error': 0, 'data': serializer.data}, status=status.HTTP_201_CREATED)
return Response({'error': "data invalid"}, status=status.HTTP_400_BAD_REQUEST)
def post(self, request):
register_form = RegisterForm(request.POST)
if register_form.is_valid():
user_name = request.POST.get("email", "")
if UserProfile.objects.filter(email=user_name):
return render(request, "register.html", {"msg": u"?????", "register_form": register_form})
pass_word = request.POST.get("password", "")
user_profile = UserProfile()
user_profile.username = user_name
user_profile.email = user_name
user_profile.is_active = False
user_profile.password = make_password(pass_word)
user_profile.save()
send_register_email(user_name, "register")
return render(request, "login.html")
else:
return render(request, "register.html",{"register_form": register_form})
test_handlers_django.py 文件源码
项目:python-flask-security
作者: weinbergdavid
项目源码
文件源码
阅读 28
收藏 0
点赞 0
评论 0
def test_91_django_generation(self):
"""test against output of Django's make_password()"""
from passlib.tests.test_ext_django import DJANGO_VERSION
# make_password() not added until 1.4
min_django_version = max(self.min_django_version, (1,4))
if DJANGO_VERSION < min_django_version:
raise self.skipTest("Django >= %s not installed" % vstr(min_django_version))
from passlib.utils import tick
from django.contrib.auth.hashers import make_password
name = self.handler.django_name # set for all the django_* handlers
end = tick() + self.max_fuzz_time/2
while tick() < end:
secret, other = self.get_fuzz_password_pair()
if not secret: # django 1.4 rejects empty passwords.
continue
if DJANGO_VERSION >= (1,5) and self.django_has_encoding_glitch and isinstance(secret, bytes):
# e.g. unsalted_md5 on 1.5 and higher try to combine
# salt + password before encoding to bytes, leading to ascii error.
# this works around that issue.
secret = secret.decode("utf-8")
hash = make_password(secret, hasher=name)
self.assertTrue(self.do_identify(hash))
self.assertTrue(self.do_verify(secret, hash))
self.assertFalse(self.do_verify(other, hash))
def save(self, master_key=None, *args, **kwargs):
if master_key is None:
raise Exception("The master key must be provided to save a session key.")
# Generate a random 256-bit session key if one is not already defined
if self.key is None:
self.key = generate_random_key()
# Generate SHA256 hash using Django's built-in password hashing mechanism
self.hash = make_password(self.key)
# Encrypt master key using the session key
self.cipher = strxor.strxor(self.key, master_key)
super(SessionKey, self).save(*args, **kwargs)
def encrypt(self, secret_key):
"""
Generate a random initialization vector (IV) for AES. Pad the plaintext to the AES block size (16 bytes) and
encrypt. Prepend the IV for use in decryption. Finally, record the SHA256 hash of the plaintext for validation
upon decryption.
"""
if self.plaintext is None:
raise Exception("Must unlock or set plaintext before locking.")
# Pad and encrypt plaintext
iv = os.urandom(16)
aes = AES.new(secret_key, AES.MODE_CFB, iv)
self.ciphertext = iv + aes.encrypt(self._pad(self.plaintext))
# Generate SHA256 using Django's built-in password hashing mechanism
self.hash = make_password(self.plaintext, hasher=SecretValidationHasher())
self.plaintext = None
def post(self,request):
modify_form=ModifyPwdForm(request.POST)
if modify_form.is_valid():
pwd1=request.POST.get("password1","")
pwd2= request.POST.get("password2", "")
email=request.POST.get("email","")
if pwd1 !=pwd2 :
return render(request, "password_reset.html", {"email": "email","msg":"?????"})
user = UserProfile.objects.get(email=email)
user.password=make_password(pwd2)
user.save()
return render(request,"login.html")
else:
email = request.POST.get("email", "")
return render(request, "password_reset.html", {"email": "email","modify_form":modify_form})
# ????
def post(self,request):
register_form=RegisterForm(request.POST)
if register_form.is_valid():
user_name = request.POST.get("email","")
if UserProfile.objects.filter(email=user_name):
return render(request,"register.html",{"register_form":register_form,"msg":"?????"})
pass_word = request.POST.get("password", "")
user_profile=UserProfile()
user_profile.username=user_name
user_profile.email=user_name
user_profile.is_active=False
user_profile.password=make_password(pass_word)
user_profile.save()
# ????????
user_message=UserMessage()
user_message.user=user_profile.id
user_message.message="?????????"
user_message.save()
send_register_email(user_name,"register")
return render(request, "login.html")
else:
return render(request, "register.html",{'register_form':register_form})
# ????
def new_users(request):
if request.method == 'POST':
user_name = request.REQUEST.get('user_name')
user_passwd = request.REQUEST.get('user_passwd')
if user_name is not None and user_passwd is not None:
pwd = make_password(user_passwd, None, 'pbkdf2_sha256')
if request.META.has_key('HTTP_X_FORWARDED_FOR'):
ip = request.META['HTTP_X_FORWARDED_FOR']
else:
ip = request.META['REMOTE_ADDR']
insert = {"user_name": user_name, 'user_passwd': pwd, 'client_ip': ip, 'auth_group': 1}
u = usermodel()
uid = u.insert(insert)
if uid:
return HttpResponseRedirect("/users/")
return render(request, 'users/new_users.html', {})
