annotate MoinMoin/util/crypto.py @ 174:e8f61cbd661b

modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix on password change, the new password was not saved to the profile User / crypto code: minor optimizations / refactorings crypto module contents: password hashing/encryption, validation, pw hash upgrades: * pw_hash = crypt_password(password) * is_valid = valid_password(password, pw_hash) * upgraded_pw_hash = upgrade_password(password, pw_hash) password recovery: * key, token = generate_token() * is_valid = valid_token(key, token) random strings: * rs = random_string(length, chars) compute ascii cache keys: * key = cache_key(**kw)
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Thu, 07 Apr 2011 20:56:35 +0200
parents
children 316c839a6f62
rev   line source
174
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
1 # Copyright: 2000-2004 Juergen Hermann <jh@web.de>
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
2 # Copyright: 2003-2011 MoinMoin:ThomasWaldmann
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
3 # Copyright: 2007 MoinMoin:JohannesBerg
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
4 # Copyright: 2007 MoinMoin:HeinrichWendel
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
5 # Copyright: 2008 MoinMoin:ChristopherDenter
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
6 # Copyright: 2010 MoinMoin:DiogenesAugusto
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
7 # License: GNU GPL v2 (or any later version), see LICENSE.txt for details.
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
8
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
9 """
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
10 MoinMoin - Cryptographic and random functions
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
11 """
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
12
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
13 from __future__ import absolute_import, division
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
14
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
15 import base64
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
16 import hashlib
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
17 import hmac
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
18 import random
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
19
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
20 try:
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
21 import crypt
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
22 except ImportError:
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
23 crypt = None
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
24
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
25 from . import md5crypt
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
26
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
27 # random stuff
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
28
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
29 def random_string(length, allowed_chars=None):
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
30 """
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
31 Generate a random string with given length consisting of the given characters.
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
32
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
33 :param length: length of the string
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
34 :param allowed_chars: string with allowed characters or None
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
35 to indicate all 256 byte values should be used
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
36 :returns: random string
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
37 """
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
38 if allowed_chars is None:
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
39 s = ''.join([chr(random.randint(0, 255)) for dummy in xrange(length)])
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
40 else:
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
41 s = ''.join([random.choice(allowed_chars) for dummy in xrange(length)])
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
42 return s
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
43
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
44
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
45 # password stuff
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
46
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
47 def crypt_password(password, salt=None):
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
48 """
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
49 Crypt/Hash a cleartext password
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
50
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
51 :param password: cleartext password [unicode]
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
52 :param salt: salt for the password [str] or None to generate a random salt
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
53 :rtype: str
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
54 :returns: the SSHA256 password hash
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
55 """
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
56 password = password.encode('utf-8')
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
57 if salt is None:
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
58 salt = random_string(32)
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
59 assert isinstance(salt, str)
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
60 h = hashlib.new('sha256', password)
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
61 h.update(salt)
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
62 return '{SSHA256}' + base64.encodestring(h.digest() + salt).rstrip()
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
63
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
64
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
65 def upgrade_password(password, pw_hash):
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
66 """
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
67 Upgrade a password to a better hash, if needed
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
68
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
69 :param password: cleartext password [unicode]
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
70 :param pw_hash: password hash (with hash type prefix)
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
71 :rtype: str
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
72 :returns: new password hash (or None, if unchanged)
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
73 """
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
74 if not pw_hash.startswith('{SSHA256}'):
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
75 # pw_hash using some old hash method, upgrade to better method
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
76 return crypt_password(password)
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
77
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
78
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
79 def valid_password(password, pw_hash):
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
80 """
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
81 Validate a user password.
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
82
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
83 :param password: cleartext password to verify [unicode]
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
84 :param pw_hash: password hash (with hash type prefix)
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
85 :rtype: bool
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
86 :returns: password is valid
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
87 """
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
88 # encode password
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
89 pw_utf8 = password.encode('utf-8')
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
90
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
91 methods = ['{SSHA256}', '{SSHA}', '{SHA}', '{APR1}', '{MD5}', ]
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
92 if crypt:
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
93 # we have the crypt module
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
94 methods.append('{DES}')
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
95
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
96 for method in methods:
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
97 if pw_hash.startswith(method):
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
98 d = pw_hash[len(method):]
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
99 if method == '{SSHA256}':
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
100 ph = base64.decodestring(d)
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
101 # ph is of the form "<hash><salt>"
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
102 salt = ph[32:]
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
103 h = hashlib.new('sha256', pw_utf8)
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
104 h.update(salt)
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
105 enc = base64.encodestring(h.digest() + salt).rstrip()
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
106 elif method == '{SSHA}':
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
107 ph = base64.decodestring(d)
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
108 # ph is of the form "<hash><salt>"
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
109 salt = ph[20:]
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
110 h = hashlib.new('sha1', pw_utf8)
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
111 h.update(salt)
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
112 enc = base64.encodestring(h.digest() + salt).rstrip()
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
113 elif method == '{SHA}':
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
114 h = hashlib.new('sha1', pw_utf8)
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
115 enc = base64.encodestring(h.digest()).rstrip()
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
116 elif method == '{APR1}':
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
117 # d is of the form "$apr1$<salt>$<hash>"
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
118 salt = d.split('$')[2]
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
119 enc = md5crypt.apache_md5_crypt(pw_utf8, salt.encode('ascii'))
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
120 elif method == '{MD5}':
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
121 # d is of the form "$1$<salt>$<hash>"
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
122 salt = d.split('$')[2]
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
123 enc = md5crypt.unix_md5_crypt(pw_utf8, salt.encode('ascii'))
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
124 elif method == '{DES}':
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
125 # d is 2 characters salt + 11 characters hash
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
126 salt = d[:2]
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
127 enc = crypt.crypt(pw_utf8, salt.encode('ascii'))
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
128 else:
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
129 raise ValueError("missing password hash method %s handler" % method)
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
130
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
131 return pw_hash == method + enc
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
132 else:
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
133 idx = pw_hash.index('}') + 1
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
134 raise ValueError("unsupported password hash method %r" % pw_hash[:idx])
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
135
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
136
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
137 # password recovery token
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
138
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
139 def generate_token(key=None, stamp=None):
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
140 """
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
141 generate a pair of a secret key and a crypto token.
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
142
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
143 you can use this to implement a password recovery functionality by
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
144 calling generate_token() and transmitting the returned token to the
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
145 (correct) user (e.g. by email) and storing the returned (secret) key
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
146 into the user's profile on the server side.
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
147
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
148 after the user received the token, he returns to the wiki, gives his
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
149 user name or email address and the token he received. read the (secret)
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
150 key from the user profile and call valid_token(key, token) to verify
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
151 if the token is valid. if it is, consider the user authenticated, remove
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
152 the secret key from his profile and let him reset his password.
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
153
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
154 :param key: give it to recompute some specific token for verification
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
155 :param stamp: give it to recompute some specific token for verification
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
156 :rtype: 2-tuple
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
157 :returns: key, token
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
158 """
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
159 if key is None:
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
160 key = random_string(64, "abcdefghijklmnopqrstuvwxyz0123456789")
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
161 if stamp is None:
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
162 stamp = int(time.time())
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
163 h = hmac.new(str(key), str(stamp), digestmod=hashlib.sha1).hexdigest()
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
164 token = stamp + '-' + h
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
165 return key, token
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
166
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
167
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
168 def valid_token(key, token, timeout=12*60*60):
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
169 """
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
170 check if token is valid with respect to the secret key,
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
171 the token must not be older than timeout seconds.
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
172
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
173 :param key: give the secret key to verify the token
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
174 :param token: the token to verify
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
175 :rtype: bool
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
176 :returns: token is valid and not timed out
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
177 """
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
178 parts = token.split('-')
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
179 if len(parts) != 2:
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
180 return False
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
181 try:
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
182 stamp = int(parts[0])
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
183 except ValueError:
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
184 return False
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
185 if stamp + timeout < time.time():
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
186 return False
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
187 expected_token = generate_token(key, stamp)[1]
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
188 return token == expected_token
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
189
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
190
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
191 # miscellaneous
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
192
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
193 def cache_key(**kw):
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
194 """
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
195 Calculate a cache key (ascii only)
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
196
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
197 Important key properties:
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
198
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
199 * The key must be different for different <kw>.
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
200 * Key is pure ascii
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
201
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
202 :param kw: keys/values to compute cache key from
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
203 """
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
204 return hashlib.md5(repr(kw)).hexdigest()
e8f61cbd661b modularize crypto/random stuff, move it to MoinMoin.util.crypto, pw change bugfix
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents:
diff changeset
205