rhodecode-enterprise-ce Commit - r2836:66997538

tests: don't use md5 for testing crypto for compliance reasons.

marcink -

r2836:66997538 default

parent child

rhodecode/lib/auth.py

0 +6 -6

                  User, Repository, Permission, UserToPerm, UserGroupToPerm, UserGroupMember,
                  UserIpMap, UserApiKeys, RepoGroup, UserGroup)
              from rhodecode.lib import caches
-             from rhodecode.lib.utils2 import safe_unicode, aslist, safe_str, md5, safe_int
+             from rhodecode.lib.utils2 import safe_unicode, aslist, safe_str, md5, safe_int, sha1
              from rhodecode.lib.utils import (
                  get_repo_slug, get_repo_group_slug, get_user_group_slug)
              from rhodecode.lib.caching_query import FromCache
                      return hashlib.sha256(password).hexdigest() == hashed
-             class _RhodeCodeCryptoMd5(_RhodeCodeCryptoBase):
+             class _RhodeCodeCryptoTest(_RhodeCodeCryptoBase):
                  ENC_PREF = '_'
                  def hash_create(self, str_):
                      self._assert_bytes(str_)
-                     return hashlib.md5(str_).hexdigest()
+                     return sha1(str_)
                  def hash_check(self, password, hashed):
                      """
                      :param hashed: password in hashed form
                      """
                      self._assert_bytes(password)
-                     return hashlib.md5(password).hexdigest() == hashed
+                     return sha1(password) == hashed
              def crypto_backend():
                  """
                  Return the matching crypto backend.
-                 Selection is based on if we run tests or not, we pick md5 backend to run
+                 Selection is based on if we run tests or not, we pick sha1-test backend to run
                  tests faster since BCRYPT is expensive to calculate
                  """
                  if rhodecode.is_test:
-                     RhodeCodeCrypto = _RhodeCodeCryptoMd5()
+                     RhodeCodeCrypto = _RhodeCodeCryptoTest()
                  else:
                      RhodeCodeCrypto = _RhodeCodeCryptoBCrypt()

rhodecode/tests/lib/test_auth_crypto_backend.py

0 +1 -1

              @pytest.fixture(params=[
-                 auth._RhodeCodeCryptoMd5,
+                 auth._RhodeCodeCryptoTest,
                  auth._RhodeCodeCryptoBCrypt,
                  auth._RhodeCodeCryptoSha256,
              ])

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages