upstream/ipython Files · IPython/lib/security.py

Throw UsageError instead of ValueError.

Stefan van der Walt - - Load All Authors

File last commit:

r5335:daaf07ea


                r5335:daaf07ea

Download file

             security.py
        
                    102 lines
            
             | 2.7 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / IPython / lib / security.py
          
                    History
                
                 |
                  Source
                 | Raw
                 |Copy content
                 |Copy permalink

        Stefan van der Walt
    
Add hashed passphrase generation and verification.

              r5320
            
      """

      Password generation for the IPython notebook.

      """

      import hashlib

      import random

        Stefan van der Walt
    
If no password is given, ask for one on the prompt.

              r5333
            
      import getpass

        Stefan van der Walt
    
Add hashed passphrase generation and verification.

              r5320
            
        Stefan van der Walt
    
Throw UsageError instead of ValueError.

              r5335
            
      from IPython.core.error import UsageError

        Stefan van der Walt
    
Use a global variable to adjust the number of bits used to generate the salt.

              r5332
            
      # Length of the salt in nr of hex chars, which implies salt_len * 4

      # bits of randomness.

      salt_len = 12

        Stefan van der Walt
    
Try to get password from user three times.

              r5334
            
      def passwd(passphrase=None, algorithm='sha1'):

        Stefan van der Walt
    
Add hashed passphrase generation and verification.

              r5320
            
          """Generate hashed password and salt for use in notebook configuration.

        Stefan van der Walt
    
In passwd, mention which variable in the notebook config to update.

              r5322
            
          In the notebook configuration, set `c.NotebookApp.password` to

          the generated string.

        Stefan van der Walt
    
Add hashed passphrase generation and verification.

              r5320
            
          Parameters

          ----------

          passphrase : str

        Stefan van der Walt
    
If no password is given, ask for one on the prompt.

              r5333
            
              Password to hash.  If unspecified, the user is asked to input

              and verify a password.

        Stefan van der Walt
    
Allow any hashing algorithm.

              r5328
            
          algorithm : str

        Stefan van der Walt
    
Update docstring to refer to hashlib.

              r5331
            
              Hashing algorithm to use (e.g, 'sha1' or any argument supported

              by :func:`hashlib.new`).

        Stefan van der Walt
    
Add hashed passphrase generation and verification.

              r5320
            
          Returns

          -------

          hashed_passphrase : str

              Hashed password, in the format 'hash_algorithm:salt:passphrase_hash'.

          Examples

          --------

          In [1]: passwd('mypassword')

          Out[1]: 'sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12'

          """

        Stefan van der Walt
    
Try to get password from user three times.

              r5334
            
          if passphrase is None:

              for i in range(3):

                  p0 = getpass.getpass('Enter password: ')

                  p1 = getpass.getpass('Verify password: ')

                  if p0 == p1:

                      passphrase = p0

                      break

                  else:

                      print('Passwords do not match.')

        Stefan van der Walt
    
If no password is given, ask for one on the prompt.

              r5333
            
              else:

        Stefan van der Walt
    
Throw UsageError instead of ValueError.

              r5335
            
                  raise UsageError('No matching passwords found. Giving up.')

        Stefan van der Walt
    
If no password is given, ask for one on the prompt.

              r5333
            
        Stefan van der Walt
    
Add hashed passphrase generation and verification.

              r5320
            
          h = hashlib.new(algorithm)

        Stefan van der Walt
    
Use a global variable to adjust the number of bits used to generate the salt.

              r5332
            
          salt = ('%0' + str(salt_len) + 'x') % random.getrandbits(4 * salt_len)

        Stefan van der Walt
    
Add hashed passphrase generation and verification.

              r5320
            
          h.update(passphrase + salt)

          return ':'.join((algorithm, salt, h.hexdigest()))

      def passwd_check(hashed_passphrase, passphrase):

          """Verify that a given passphrase matches its hashed version.

          Parameters

          ----------

          hashed_passphrase : str

              Hashed password, in the format returned by `passwd`.

          passphrase : str

              Passphrase to validate.

          Returns

          -------

          valid : bool

              True if the passphrase matches the hash.

          Examples

          --------

          In [1]: from IPython.lib.security import passwd_check

          In [2]: passwd_check('sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12',

             ...:              'mypassword')

          Out[2]: True

          In [3]: passwd_check('sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12',

             ...:              'anotherpassword')

          Out[3]: False

          """

          try:

              algorithm, salt, pw_digest = hashed_passphrase.split(':', 2)

          except (ValueError, TypeError):

              return False

        Stefan van der Walt
    
Allow any hashing algorithm.

              r5328
            
          try:

              h = hashlib.new(algorithm)

          except ValueError:

              return False

        Stefan van der Walt
    
Use a global variable to adjust the number of bits used to generate the salt.

              r5332
            
          if len(pw_digest) == 0 or len(salt) != salt_len:

        Stefan van der Walt
    
Add hashed passphrase generation and verification.

              r5320
            
              return False

          h.update(passphrase + salt)

          return h.hexdigest() == pw_digest

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

Stefan van der Walt Add hashed passphrase generation and verification.	r5320	"""
		Password generation for the IPython notebook.
		"""

		import hashlib
		import random
Stefan van der Walt If no password is given, ask for one on the prompt.	r5333	import getpass
Stefan van der Walt Add hashed passphrase generation and verification.	r5320
Stefan van der Walt Throw UsageError instead of ValueError.	r5335	from IPython.core.error import UsageError

Stefan van der Walt Use a global variable to adjust the number of bits used to generate the salt.	r5332	# Length of the salt in nr of hex chars, which implies salt_len * 4
		# bits of randomness.
		salt_len = 12

Stefan van der Walt Try to get password from user three times.	r5334	def passwd(passphrase=None, algorithm='sha1'):
Stefan van der Walt Add hashed passphrase generation and verification.	r5320	"""Generate hashed password and salt for use in notebook configuration.

Stefan van der Walt In passwd, mention which variable in the notebook config to update.	r5322	In the notebook configuration, set `c.NotebookApp.password` to
		the generated string.

Stefan van der Walt Add hashed passphrase generation and verification.	r5320	Parameters
		----------
		passphrase : str
Stefan van der Walt If no password is given, ask for one on the prompt.	r5333	Password to hash. If unspecified, the user is asked to input
		and verify a password.
Stefan van der Walt Allow any hashing algorithm.	r5328	algorithm : str
Stefan van der Walt Update docstring to refer to hashlib.	r5331	Hashing algorithm to use (e.g, 'sha1' or any argument supported
		by :func:`hashlib.new`).
Stefan van der Walt Add hashed passphrase generation and verification.	r5320
		Returns
		-------
		hashed_passphrase : str
		Hashed password, in the format 'hash_algorithm:salt:passphrase_hash'.

		Examples
		--------
		In [1]: passwd('mypassword')
		Out[1]: 'sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12'

		"""
Stefan van der Walt Try to get password from user three times.	r5334	if passphrase is None:
		for i in range(3):
		p0 = getpass.getpass('Enter password: ')
		p1 = getpass.getpass('Verify password: ')
		if p0 == p1:
		passphrase = p0
		break
		else:
		print('Passwords do not match.')
Stefan van der Walt If no password is given, ask for one on the prompt.	r5333	else:
Stefan van der Walt Throw UsageError instead of ValueError.	r5335	raise UsageError('No matching passwords found. Giving up.')
Stefan van der Walt If no password is given, ask for one on the prompt.	r5333
Stefan van der Walt Add hashed passphrase generation and verification.	r5320	h = hashlib.new(algorithm)
Stefan van der Walt Use a global variable to adjust the number of bits used to generate the salt.	r5332	salt = ('%0' + str(salt_len) + 'x') % random.getrandbits(4 * salt_len)
Stefan van der Walt Add hashed passphrase generation and verification.	r5320	h.update(passphrase + salt)

		return ':'.join((algorithm, salt, h.hexdigest()))

		def passwd_check(hashed_passphrase, passphrase):
		"""Verify that a given passphrase matches its hashed version.

		Parameters
		----------
		hashed_passphrase : str
		Hashed password, in the format returned by `passwd`.
		passphrase : str
		Passphrase to validate.

		Returns
		-------
		valid : bool
		True if the passphrase matches the hash.

		Examples
		--------
		In [1]: from IPython.lib.security import passwd_check

		In [2]: passwd_check('sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12',
		...: 'mypassword')
		Out[2]: True

		In [3]: passwd_check('sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12',
		...: 'anotherpassword')
		Out[3]: False

		"""
		try:
		algorithm, salt, pw_digest = hashed_passphrase.split(':', 2)
		except (ValueError, TypeError):
		return False

Stefan van der Walt Allow any hashing algorithm.	r5328	try:
		h = hashlib.new(algorithm)
		except ValueError:
		return False

Stefan van der Walt Use a global variable to adjust the number of bits used to generate the salt.	r5332	if len(pw_digest) == 0 or len(salt) != salt_len:
Stefan van der Walt Add hashed passphrase generation and verification.	r5320	return False

		h.update(passphrase + salt)

		return h.hexdigest() == pw_digest