Permalink
Browse files

Merge pull request #158 from rmela/master.

Override hashfunc for boto.utils.Password and boto.sdb.db.property.PasswordProperty
  • Loading branch information...
2 parents fbc2025 + 89b4e08 commit d8aa4a5faf9d50f264f4ede7abd674426fd6e39e @garnaat garnaat committed May 1, 2011
Showing with 296 additions and 14 deletions.
  1. +58 −9 boto/sdb/db/property.py
  2. +9 −5 boto/utils.py
  3. +128 −0 tests/db/test_password.py
  4. +101 −0 tests/utils/test_password.py
View
@@ -142,18 +142,67 @@ def validate(self, value):
class PasswordProperty(StringProperty):
"""
- Hashed property who's original value can not be
- retrieved, but still can be compaired.
+
+ Hashed property whose original value can not be
+ retrieved, but still can be compared.
+
+ Works by storing a hash of the original value instead
+ of the original value. Once that's done all that
+ can be retrieved is the hash.
+
+ The comparison
+
+ obj.password == 'foo'
+
+ generates a hash of 'foo' and compares it to the
+ stored hash.
+
+ Underlying data type for hashing, storing, and comparing
+ is boto.utils.Password. The default hash function is
+ defined there ( currently sha512 in most cases, md5
+ where sha512 is not available )
+
+ It's unlikely you'll ever need to use a different hash
+ function, but if you do, you can control the behavior
+ in one of two ways:
+
+ 1) Specifying hashfunc in PasswordProperty constructor
+
+ import hashlib
+
+ class MyModel(model):
+ password = PasswordProperty(hashfunc=hashlib.sha224)
+
+ 2) Subclassing Password and PasswordProperty
+
+ class SHA224Password(Password):
+ hashfunc=hashlib.sha224
+
+ class SHA224PasswordProperty(PasswordProperty):
+ data_type=MyPassword
+ type_name="MyPassword"
+
+ class MyModel(Model):
+ password = SHA224PasswordProperty()
+
"""
data_type = Password
type_name = 'Password'
def __init__(self, verbose_name=None, name=None, default='', required=False,
- validator=None, choices=None, unique=False):
+ validator=None, choices=None, unique=False, hashfunc=None):
+
+ """
+ The hashfunc parameter overrides the default hashfunc in boto.utils.Password.
+
+ The remaining parameters are passed through to StringProperty.__init__"""
+
+
StringProperty.__init__(self, verbose_name, name, default, required, validator, choices, unique)
+ self.hashfunc=hashfunc
def make_value_from_datastore(self, value):
- p = Password(value)
+ p = self.data_type(value, hashfunc=self.hashfunc)
return p
def get_value_for_datastore(self, model_instance):
@@ -164,22 +213,22 @@ def get_value_for_datastore(self, model_instance):
return None
def __set__(self, obj, value):
- if not isinstance(value, Password):
- p = Password()
+ if not isinstance(value, self.data_type):
+ p = self.data_type(hashfunc=self.hashfunc)
p.set(value)
value = p
Property.__set__(self, obj, value)
def __get__(self, obj, objtype):
- return Password(StringProperty.__get__(self, obj, objtype))
+ return self.data_type(StringProperty.__get__(self, obj, objtype), hashfunc=self.hashfunc)
def validate(self, value):
value = Property.validate(self, value)
- if isinstance(value, Password):
+ if isinstance(value, self.data_type):
if len(value) > 1024:
raise ValueError, 'Length of value greater than maxlength'
else:
- raise TypeError, 'Expecting Password, got %s' % type(value)
+ raise TypeError, 'Expecting %s, got %s' % (type(self.data_type), type(value))
class BlobProperty(Property):
data_type = Blob
View
@@ -502,24 +502,28 @@ def _update_item(self, item):
class Password(object):
"""
- Password object that stores itself as SHA512 hashed.
+ Password object that stores itself as hashed.
+ Hash defaults to SHA512 if available, MD5 otherwise.
"""
- def __init__(self, str=None):
+ hashfunc=_hashfn
+ def __init__(self, str=None, hashfunc=None):
"""
- Load the string from an initial value, this should be the raw SHA512 hashed password
+ Load the string from an initial value, this should be the raw hashed password.
"""
self.str = str
+ if hashfunc:
+ self.hashfunc = hashfunc
def set(self, value):
- self.str = _hashfn(value).hexdigest()
+ self.str = self.hashfunc(value).hexdigest()
def __str__(self):
return str(self.str)
def __eq__(self, other):
if other == None:
return False
- return str(_hashfn(other).hexdigest()) == str(self.str)
+ return str(self.hashfunc(other).hexdigest()) == str(self.str)
def __len__(self):
if self.str:
View
@@ -0,0 +1,128 @@
+# Copyright (c) 2010 Robert Mela
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish, dis-
+# tribute, sublicense, and/or sell copies of the Software, and to permit
+# persons to whom the Software is furnished to do so, subject to the fol-
+# lowing conditions:
+#
+# The above copyright notice and this permission notice shall be included
+# in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL-
+# ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+# SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+
+
+import unittest
+import logging
+import time
+
+log= logging.getLogger('password_property_test')
+log.setLevel(logging.DEBUG)
+
+class PasswordPropertyTest(unittest.TestCase):
+ """Test the PasswordProperty"""
+
+ def tearDown(self):
+ cls=self.test_model()
+ for obj in cls.all(): obj.delete()
+
+ def hmac_hashfunc(self):
+ import hmac
+ def hashfunc(msg):
+ return hmac.new('mysecret', msg)
+ return hashfunc
+
+ def test_model(self,hashfunc=None):
+ from boto.utils import Password
+ from boto.sdb.db.model import Model
+ from boto.sdb.db.property import PasswordProperty
+ import hashlib
+ class MyModel(Model):
+ password=PasswordProperty(hashfunc=hashfunc)
+ return MyModel
+
+ def test_custom_password_class(self):
+ from boto.utils import Password
+ from boto.sdb.db.model import Model
+ from boto.sdb.db.property import PasswordProperty
+ import hmac, hashlib
+
+
+ myhashfunc = hashlib.md5
+ ## Define a new Password class
+ class MyPassword(Password):
+ hashfunc = myhashfunc #hashlib.md5 #lambda cls,msg: hmac.new('mysecret',msg)
+
+ ## Define a custom password property using the new Password class
+
+ class MyPasswordProperty(PasswordProperty):
+ data_type=MyPassword
+ type_name=MyPassword.__name__
+
+ ## Define a model using the new password property
+
+ class MyModel(Model):
+ password=MyPasswordProperty()#hashfunc=hashlib.md5)
+
+ obj = MyModel()
+ obj.password = 'bar'
+ expected = myhashfunc('bar').hexdigest() #hmac.new('mysecret','bar').hexdigest()
+ log.debug("\npassword=%s\nexpected=%s" % (obj.password, expected))
+ self.assertTrue(obj.password == 'bar' )
+ obj.save()
+ id= obj.id
+ time.sleep(5)
+ obj = MyModel.get_by_id(id)
+ self.assertEquals(obj.password,'bar')
+ self.assertEquals(str(obj.password), expected)
+ #hmac.new('mysecret','bar').hexdigest())
+
+
+ def test_aaa_default_password_property(self):
+ cls = self.test_model()
+ obj = cls(id='passwordtest')
+ obj.password = 'foo'
+ self.assertEquals('foo', obj.password)
+ obj.save()
+ time.sleep(5)
+ obj = cls.get_by_id('passwordtest')
+ self.assertEquals('foo', obj.password)
+
+ def test_password_constructor_hashfunc(self):
+ import hmac
+ myhashfunc=lambda msg: hmac.new('mysecret',msg)
+ cls = self.test_model(hashfunc=myhashfunc)
+ obj = cls()
+ obj.password='hello'
+ expected = myhashfunc('hello').hexdigest()
+ self.assertEquals(obj.password, 'hello')
+ self.assertEquals(str(obj.password), expected)
+ obj.save()
+ id = obj.id
+ time.sleep(5)
+ obj = cls.get_by_id(id)
+ log.debug("\npassword=%s" % obj.password)
+ self.assertTrue(obj.password == 'hello')
+
+
+
+if __name__ == '__main__':
+ import sys, os
+ curdir = os.path.dirname( os.path.abspath(__file__) )
+ srcroot = curdir + "/../.."
+ sys.path = [ srcroot ] + sys.path
+ logging.basicConfig()
+ log.setLevel(logging.INFO)
+ suite = unittest.TestLoader().loadTestsFromTestCase(PasswordPropertyTest)
+ unittest.TextTestRunner(verbosity=2).run(suite)
+
+ import boto
+
@@ -0,0 +1,101 @@
+# Copyright (c) 2010 Robert Mela
+#
+# Permission is hereby granted, free of charge, to any person obtaining a
+# copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish, dis-
+# tribute, sublicense, and/or sell copies of the Software, and to permit
+# persons to whom the Software is furnished to do so, subject to the fol-
+# lowing conditions:
+#
+# The above copyright notice and this permission notice shall be included
+# in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL-
+# ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+# SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+#
+import unittest
+
+
+import logging
+log = logging.getLogger(__file__)
+
+class TestPassword(unittest.TestCase):
+ """Test basic password functionality"""
+
+ def clstest(self,cls):
+
+ """Insure that password.__eq__ hashes test value before compare"""
+
+ password=cls('foo')
+ log.debug( "Password %s" % password )
+ self.assertNotEquals(password , 'foo')
+
+ password.set('foo')
+ hashed = str(password)
+ self.assertEquals(password , 'foo')
+ self.assertEquals(password.str, hashed)
+
+ password = cls(hashed)
+ self.assertNotEquals(password.str , 'foo')
+ self.assertEquals(password , 'foo')
+ self.assertEquals(password.str , hashed)
+
+
+ def test_aaa_version_1_9_default_behavior(self):
+ from boto.utils import Password
+ self.clstest(Password)
+
+ def test_custom_hashclass(self):
+
+ from boto.utils import Password
+ import hashlib
+
+ class SHA224Password(Password):
+ hashfunc=hashlib.sha224
+
+ password=SHA224Password()
+ password.set('foo')
+ self.assertEquals( hashlib.sha224('foo').hexdigest(), str(password))
+
+ def test_hmac(self):
+ from boto.utils import Password
+ import hmac
+
+ def hmac_hashfunc(cls,msg):
+ log.debug("\n%s %s" % (cls.__class__, cls) )
+ return hmac.new('mysecretkey', msg)
+
+ class HMACPassword(Password):
+ hashfunc=hmac_hashfunc
+
+ self.clstest(HMACPassword)
+ password=HMACPassword()
+ password.set('foo')
+
+ self.assertEquals(str(password), hmac.new('mysecretkey','foo').hexdigest())
+
+ def test_constructor(self):
+ from boto.utils import Password
+ import hmac
+
+ hmac_hashfunc = lambda msg: hmac.new('mysecretkey', msg )
+
+ password = Password(hashfunc=hmac_hashfunc)
+ password.set('foo')
+ self.assertEquals(password.str, hmac.new('mysecretkey','foo').hexdigest())
+
+
+
+if __name__ == '__main__':
+ import sys
+ sys.path = [ '../../' ] + sys.path
+ #logging.basicConfig()
+ #log.setLevel(logging.DEBUG)
+ suite = unittest.TestLoader().loadTestsFromTestCase(TestPassword)
+ unittest.TextTestRunner(verbosity=2).run(suite)

0 comments on commit d8aa4a5

Please sign in to comment.