Merge pull request #5 from mgrbyte/master

Bcrypt password manager - checkpw
zopefoundation · Oct 3, 2016 · 5d9ce31 · 5d9ce31
2 parents 01237c7 + a4e5526
commit 5d9ce31
Show file tree

Hide file tree

Showing 11 changed files with 294 additions and 66 deletions.
diff --git a/.gitignore b/.gitignore
@@ -3,7 +3,7 @@
 *.dll
 __pycache__
 src/*.egg-info
-
+.eggs
 .installed.cfg
 .tox
 bin

diff --git a/.travis.yml b/.travis.yml
@@ -10,6 +10,7 @@ python:
 #   pending 3.3-compatible release
 install:
     - pip install .
+    - if [[ $TRAVIS_PYTHON_VERSION != 'pypy'* ]]; then pip install bcrypt; fi
 script:
     - python setup.py test -q
 notifications:

diff --git a/docs/narrative.rst b/docs/narrative.rst
@@ -4,7 +4,7 @@ Using :mod:`zope.password`
 This package provides a password manager mechanism. Password manager
 is an utility object that can encode and check encoded
 passwords. Beyond the generic interface, this package also provides
-seven implementations:
+eight implementations:
 
 :class:`zope.password.password.PlainTextPasswordManager`
 
@@ -31,9 +31,9 @@ seven implementations:
 
 :class:`zope.password.password.SSHAPasswordManager`
 
-   the most secure password manager that is strong against dictionary
-   attacks. It's basically SHA1-encoding password manager which also
-   incorporates a salt into the password when encoding it.
+   A password manager that is strong against dictionary attacks. It's
+   basically SHA1-encoding password manager which also incorporates a
+   salt into the password when encoding it.
 
 :class:`zope.password.password.CryptPasswordManager`
 
@@ -48,16 +48,22 @@ seven implementations:
    PASSWORD function in MySQL versions before 4.1.  Note that this method
    results in a very weak 16-byte hash.
 
+:class:`zope.password.password.BCRYPTPasswordManager`
+
+   A manager implementing the bcrypt hashing scheme. Only available if
+   the bcrypt_ module is installed.  This manager is considered the
+   most secure.
+
 The ``Crypt``, ``MD5``, ``SMD5``, ``SHA`` and ``SSHA`` password managers
 are all compatible with RFC 2307 LDAP implementations of the same password
 encoding schemes.
 
-.. note:: 
-   It is strongly recommended to use SSHAPasswordManager, as it's the
+.. note::
+   It is strongly recommended to use the BCRYPTPasswordManager, as it's the
    most secure.
 
-The package also provides a script, :command:`zpasswd`,to generate principal
-entries in typical ``site.zcml`` files.
+The package also provides a script, :command:`zpasswd`, to generate
+principal entries in typical ``site.zcml`` files.
 
 Password Manager Interfaces
 ---------------------------
@@ -138,7 +144,7 @@ A typical :command:`zpasswd` session might look like:
 
 .. code-block:: sh
 
-   $ ./bin/zpasswd 
+   $ ./bin/zpasswd
 
    Please choose an id for the principal.
 
@@ -158,21 +164,23 @@ A typical :command:`zpasswd` session might look like:
 
     1. Plain Text
     2. MD5
-    3. SHA1
-    4. SSHA
+    3. SMD5
+    4. SHA1
+    5. SSHA
+    6. BCRYPT
 
-   Password Manager Number [4]: 
-   SSHA password manager selected
+   Password Manager Number [6]:
+   BCRYPT password manager selected
 
 
    Please provide a password for the principal.
 
-   Password: 
-   Verify password: 
+   Password:
+   Verify password:
 
    Please provide an optional description for the principal.
 
-   Description: The main foo 
+   Description: The main foo
 
    ============================================
    Principal information for inclusion in ZCML:
@@ -181,7 +189,9 @@ A typical :command:`zpasswd` session might look like:
        id="foo"
        title="The Foo"
        login="foo"
-       password="{SSHA}Zi_Lsz7Na3bS5rz4Aer-9TbqomXD2f3T"
+       password="{BCRYPT}$2b$12$ez4eHl6W1PfAWix5bPIbe.drdnyqjpuT1Cp0N.xcdxkAEbA7K6AHK"
        description="The main foo"
-       password_manager="SSHA"
+       password_manager="BCRYPT"
        />
+
+.. _bcrypt: https://pypi.python.org/pypi/bcrypt
diff --git a/setup.py b/setup.py
@@ -41,10 +41,10 @@ def alltests():
       author_email='zope-dev@zope.org',
       description='Password encoding and checking utilities',
       long_description=(
-        read('README.rst')
-        + '\n\n' +
-        read('CHANGES.rst')
-        ),
+          read('README.rst')
+          + '\n\n' +
+          read('CHANGES.rst')
+          ),
       url='http://pypi.python.org/pypi/zope.password',
       license='ZPL 2.1',
       classifiers = [
@@ -67,24 +67,25 @@ def alltests():
           'Framework :: Zope3'],
       keywords='zope authentication password zpasswd',
       packages=find_packages('src'),
-      package_dir = {'': 'src'},
+      package_dir={'': 'src'},
       extras_require=dict(vocabulary=['zope.schema'],
                           test=['zope.schema', 'zope.testing'],
+                          bcrypt=['bcrypt'],
                           ),
       namespace_packages=['zope'],
       install_requires=['setuptools',
                         'zope.component',
                         'zope.configuration',
                         'zope.interface',
                         ],
-      tests_require = [
+      tests_require=[
           'zope.schema',
           'zope.testing',
           'zope.testrunner',
           ],
-      test_suite = '__main__.alltests',
-      include_package_data = True,
-      zip_safe = False,
+      test_suite='__main__.alltests',
+      include_package_data=True,
+      zip_safe=False,
       entry_points="""
       [console_scripts]
       zpasswd = zope.password.zpasswd:main

diff --git a/src/zope/password/compat.py b/src/zope/password/compat.py
@@ -0,0 +1,10 @@
+import sys
+
+PY3 = sys.version_info[0] == 3
+
+if PY3:
+    text_type = str
+    bytes_type = bytes
+else:
+    text_type = unicode
+    bytes_type = str
diff --git a/src/zope/password/configure.zcml b/src/zope/password/configure.zcml
@@ -39,12 +39,20 @@
       factory=".legacy.MySQLPasswordManager"
       />
 
+  <configure zcml:condition="installed bcrypt">
+    <utility
+       name="BCRYPT"
+       provides=".interfaces.IMatchingPasswordManager"
+       factory=".password.BCRYPTPasswordManager"
+       />
+  </configure>
+
   <configure zcml:condition="installed crypt">
-  <utility
-      name="Crypt"
-      provides=".interfaces.IMatchingPasswordManager"
-      factory=".legacy.CryptPasswordManager"
-      />
+    <utility
+        name="Crypt"
+        provides=".interfaces.IMatchingPasswordManager"
+        factory=".legacy.CryptPasswordManager"
+        />
   </configure>
 
   <utility
@@ -58,19 +66,19 @@
     <class class=".password.PlainTextPasswordManager">
       <allow interface=".interfaces.IMatchingPasswordManager" />
     </class>
-  
+
     <class class=".password.MD5PasswordManager">
       <allow interface=".interfaces.IMatchingPasswordManager" />
     </class>
-  
+
     <class class=".password.SMD5PasswordManager">
       <allow interface=".interfaces.IMatchingPasswordManager" />
     </class>
-  
+
     <class class=".password.SHA1PasswordManager">
       <allow interface=".interfaces.IMatchingPasswordManager" />
     </class>
-  
+
     <class class=".password.SSHAPasswordManager">
       <allow interface=".interfaces.IMatchingPasswordManager" />
     </class>
@@ -79,6 +87,12 @@
       <allow interface=".interfaces.IMatchingPasswordManager" />
     </class>
 
+    <configure zcml:condition="installed bcrypt">
+      <class class=".password.BCRYPTPasswordManager">
+        <allow interface=".interfaces.IMatchingPasswordManager" />
+      </class>
+    </configure>
+
     <configure zcml:condition="installed crypt">
       <class class=".legacy.CryptPasswordManager">
         <allow interface=".interfaces.IMatchingPasswordManager" />