From 5c76099efd8fa07bf6e63376abf068fc8ca518d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Nov=C3=BD?= Date: Tue, 31 May 2016 20:41:07 +0200 Subject: [PATCH] More authtypes validation checks Change-Id: I47e139dc100333e2befc362196ede1b238ee0588 --- swauth/authtypes.py | 16 ++++++++++++++++ test/unit/test_authtypes.py | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) diff --git a/swauth/authtypes.py b/swauth/authtypes.py index 3764792..7dbc175 100644 --- a/swauth/authtypes.py +++ b/swauth/authtypes.py @@ -31,6 +31,7 @@ conditions: import hashlib import os +import string import sys @@ -158,6 +159,13 @@ class Sha1(object): except ValueError: raise ValueError("Missing '$' in %s" % auth_rest) + if len(auth_salt) == 0: + raise ValueError("Salt must have non-zero length!") + if len(auth_hash) != 40: + raise ValueError("Hash must have 40 chars!") + if not all(c in string.hexdigits for c in auth_hash): + raise ValueError("Hash must be hexadecimal!") + return dict(salt=auth_salt, hash=auth_hash) @@ -219,4 +227,12 @@ class Sha512(object): auth_salt, auth_hash = auth_rest.split('$') except ValueError: raise ValueError("Missing '$' in %s" % auth_rest) + + if len(auth_salt) == 0: + raise ValueError("Salt must have non-zero length!") + if len(auth_hash) != 128: + raise ValueError("Hash must have 128 chars!") + if not all(c in string.hexdigits for c in auth_hash): + raise ValueError("Hash must be hexadecimal!") + return dict(salt=auth_salt, hash=auth_hash) diff --git a/test/unit/test_authtypes.py b/test/unit/test_authtypes.py index 3bd93d0..91d67b9 100644 --- a/test/unit/test_authtypes.py +++ b/test/unit/test_authtypes.py @@ -62,10 +62,42 @@ class TestValidation(unittest.TestCase): creds = 'sha1:saltkeystring' self.assertRaisesRegexp(ValueError, "Missing '\$' in .*", authtypes.validate_creds, creds) + # wrong sha1 format, missing salt + creds = 'sha1:$hash' + self.assertRaisesRegexp(ValueError, "Salt must have non-zero length!", + authtypes.validate_creds, creds) + # wrong sha1 format, missing hash + creds = 'sha1:salt$' + self.assertRaisesRegexp(ValueError, "Hash must have 40 chars!", + authtypes.validate_creds, creds) + # wrong sha1 format, short hash + creds = 'sha1:salt$short_hash' + self.assertRaisesRegexp(ValueError, "Hash must have 40 chars!", + authtypes.validate_creds, creds) + # wrong sha1 format, wrong format + creds = 'sha1:salt$' + "z" * 40 + self.assertRaisesRegexp(ValueError, "Hash must be hexadecimal!", + authtypes.validate_creds, creds) # wrong sha512 format, missing `$` creds = 'sha512:saltkeystring' self.assertRaisesRegexp(ValueError, "Missing '\$' in .*", authtypes.validate_creds, creds) + # wrong sha512 format, missing salt + creds = 'sha512:$hash' + self.assertRaisesRegexp(ValueError, "Salt must have non-zero length!", + authtypes.validate_creds, creds) + # wrong sha512 format, missing hash + creds = 'sha512:salt$' + self.assertRaisesRegexp(ValueError, "Hash must have 128 chars!", + authtypes.validate_creds, creds) + # wrong sha512 format, short hash + creds = 'sha512:salt$short_hash' + self.assertRaisesRegexp(ValueError, "Hash must have 128 chars!", + authtypes.validate_creds, creds) + # wrong sha1 format, wrong format + creds = 'sha512:salt$' + "z" * 128 + self.assertRaisesRegexp(ValueError, "Hash must be hexadecimal!", + authtypes.validate_creds, creds) class TestPlaintext(unittest.TestCase):