rhodecode-enterprise-ce Commit - r4958:8dd2ba8f

28

import time

28

import time

29

import collections

29

import collections

30

import fnmatch

30

import fnmatch

31

import hashlib

32

import itertools

31

import itertools

33

import logging

32

import logging

34

import random

33

import random

50

false, User, Repository, Permission, UserToPerm, UserGroupToPerm, UserGroupMember,

49

false, User, Repository, Permission, UserToPerm, UserGroupToPerm, UserGroupMember,

51

UserIpMap, UserApiKeys, RepoGroup, UserGroup, UserNotice)

50

UserIpMap, UserApiKeys, RepoGroup, UserGroup, UserNotice)

52

from rhodecode.lib import rc_cache

51

from rhodecode.lib import rc_cache

53

from rhodecode.lib.utils2 import safe_unicode, aslist, safe_str, md5, safe_int, sha1

54

from rhodecode.lib.utils import (

52

from rhodecode.lib.utils import (

55

get_repo_slug, get_repo_group_slug, get_user_group_slug)

53

get_repo_slug, get_repo_group_slug, get_user_group_slug)

54

from rhodecode.lib.type_utils import aslist

55

from rhodecode.lib.hash_utils import sha1, sha256, md5

56

from rhodecode.lib.str_utils import ascii_bytes, safe_str, safe_int, safe_bytes

56

from rhodecode.lib.caching_query import FromCache

57

from rhodecode.lib.caching_query import FromCache

57

58

59

58

if rhodecode.is_unix:

60

if rhodecode.is_unix:

59

import bcrypt

61

import bcrypt

60

62

196

198

197

def hash_create(self, str_):

199

def hash_create(self, str_):

198

self._assert_bytes(str_)

200

self._assert_bytes(str_)

199

return ~~hashlib~~.sha256(str_).~~hexdigest~~()

201

return sha256(str_)

200

202

201

def hash_check(self, password, hashed):

203

def hash_check(self, password, hashed):

202

"""

204

"""

206

:param hashed: password in hashed form

208

:param hashed: password in hashed form

207

"""

209

"""

208

self._assert_bytes(password)

210

self._assert_bytes(password)

209

return ~~hashlib~~.sha256(password).~~hexdigest~~() == hashed

211

return sha256(password) == hashed

210

212

211

213

212

class _RhodeCodeCryptoTest(_RhodeCodeCryptoBase):

214

class _RhodeCodeCryptoTest(_RhodeCodeCryptoBase):

274

276

275

if salt is None:

277

if salt is None:

276

salt = os.urandom(16)

278

salt = os.urandom(16)

277

return ~~hashlib~~.sha1(~~safe_str~~(data) + salt).~~hexdigest~~()

279

return sha1(data + salt)

278

280

279

281

280

def get_came_from(request):

282

def get_came_from(request):

1576

def get_cookie_store(self):

1578

def get_cookie_store(self):

1577

return {

1579

return {

1578

'username': self.username,

1580

'username': self.username,

1579

'password': md5(self.password or ''),

1581

'password': md5(safe_bytes(self.password or '')),

1580

'user_id': self.user_id,

1582

'user_id': self.user_id,

1581

'is_authenticated': self.is_authenticated

1583

'is_authenticated': self.is_authenticated

1582

}

1584

}

1675

# from pyramid.csrf import get_csrf_token

1677

# from pyramid.csrf import get_csrf_token

1676

1678

1677

if (csrf_token_key not in session and save_if_missing) or force_new:

1679

if (csrf_token_key not in session and save_if_missing) or force_new:

1678

token = ~~hashlib~~.sha1(str(random.getrandbits(128))).~~hexdigest~~()

1680

token = sha1(ascii_bytes(str(random.getrandbits(128))))

1679

session[csrf_token_key] = token

1681

session[csrf_token_key] = token

1680

if hasattr(session, 'save'):

1682

if hasattr(session, 'save'):

1681

session.save()

1683

session.save()

@@ -36,3 +36,11 b' def sha1(s):'
36		36
37	def sha1_safe(s):	37	def sha1_safe(s):
38	return sha1(safe_bytes(s))	38	return sha1(safe_bytes(s))
		39
		40
		41	def sha256(s):
		42	return hashlib.sha256(s).hexdigest()
		43
		44
		45	def sha256_safe(s):
		46	return sha256(safe_bytes(s))

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             import time
             import collections
             import fnmatch
-            import hashlib
             import itertools
             import logging
             import random
                 false, User, Repository, Permission, UserToPerm, UserGroupToPerm, UserGroupMember,
                 UserIpMap, UserApiKeys, RepoGroup, UserGroup, UserNotice)
             from rhodecode.lib import rc_cache
-            from rhodecode.lib.utils2 import safe_unicode, aslist, safe_str, md5, safe_int, sha1
             from rhodecode.lib.utils import (
                 get_repo_slug, get_repo_group_slug, get_user_group_slug)
+            from rhodecode.lib.type_utils import aslist
+            from rhodecode.lib.hash_utils import sha1, sha256, md5
+            from rhodecode.lib.str_utils import ascii_bytes, safe_str, safe_int, safe_bytes
             from rhodecode.lib.caching_query import FromCache
             if rhodecode.is_unix:
                 import bcrypt
                 def hash_create(self, str_):
                     self._assert_bytes(str_)
-                    return hashlib.sha256(str_).hexdigest()
+                    return sha256(str_)
                 def hash_check(self, password, hashed):
                     """
                     :param hashed: password in hashed form
                     """
                     self._assert_bytes(password)
-                    return hashlib.sha256(password).hexdigest() == hashed
+                    return sha256(password) == hashed
             class _RhodeCodeCryptoTest(_RhodeCodeCryptoBase):
                 if salt is None:
                     salt = os.urandom(16)
-                return hashlib.sha1(safe_str(data) + salt).hexdigest()
+                return sha1(data + salt)
             def get_came_from(request):
                 def get_cookie_store(self):
                     return {
                         'username': self.username,
-                        'password': md5(self.password or ''),
+                        'password': md5(safe_bytes(self.password or '')),
                         'user_id': self.user_id,
                         'is_authenticated': self.is_authenticated
                     }
                 # from pyramid.csrf import get_csrf_token
                 if (csrf_token_key not in session and save_if_missing) or force_new:
-                    token = hashlib.sha1(str(random.getrandbits(128))).hexdigest()
+                    token = sha1(ascii_bytes(str(random.getrandbits(128))))
                     session[csrf_token_key] = token
                     if hasattr(session, 'save'):
                         session.save()