upstream/ipython Files · IPython/lib/security.py

DEV: Refactor checkpoint logic from FileContentsManager....

DEV: Refactor checkpoint logic from FileContentsManager. - Add a `CheckpointManager` base class and infrastructure for creating a `checkpoint_manager` instance attribute on `ContentsManager`. - Provide default implementations of `delete` and `rename` in the base `ContentsManager` class. `ContentsManager` subclasses are now required to implement `delete_file` and `rename_file`. These methods no longer need to manage checkpoints. - Move checkpoint-related functionality from `FileContentsManager` to a dedicated `FileCheckpointManager` subclass. - Move shared filesystem interaction logic into `FileManagerMixin` used by both `FileContentsManager` and `FileCheckpointManager`. - Minor tweaks to ContentsManager tests to get methods from the right object. The purpose of this change is to provide an API for users to replace just the checkpoint logic associated with a particular `ContentsManager`. In particular, this change makes it possible to easily support remote storage of checkpoints while otherwise retaining normal filesystem interactions.

Thomas Kluyver - - Load All Authors

File last commit:

r13597:db0ba1df


                r19727:974ebd4a

Download file

             security.py
        
                    116 lines
            
             | 3.3 KiB
            
                | text/x-python
            
             |
                PythonLexer
            
             / IPython / lib / security.py
          
                    History
                
                 |
                  Annotation
                 | Raw
                 |Copy content
                 |Copy permalink

      """

      Password generation for the IPython notebook.

      """

      #-----------------------------------------------------------------------------

      # Imports

      #-----------------------------------------------------------------------------

      # Stdlib

      import getpass

      import hashlib

      import random

      # Our own

      from IPython.core.error import UsageError

      from IPython.testing.skipdoctest import skip_doctest

      from IPython.utils.py3compat import cast_bytes, str_to_bytes

      #-----------------------------------------------------------------------------

      # Globals

      #-----------------------------------------------------------------------------

      # Length of the salt in nr of hex chars, which implies salt_len * 4

      # bits of randomness.

      salt_len = 12

      #-----------------------------------------------------------------------------

      # Functions

      #-----------------------------------------------------------------------------

      @skip_doctest

      def passwd(passphrase=None, algorithm='sha1'):

          """Generate hashed password and salt for use in notebook configuration.

          In the notebook configuration, set `c.NotebookApp.password` to

          the generated string.

          Parameters

          ----------

          passphrase : str

              Password to hash.  If unspecified, the user is asked to input

              and verify a password.

          algorithm : str

              Hashing algorithm to use (e.g, 'sha1' or any argument supported

              by :func:`hashlib.new`).

          Returns

          -------

          hashed_passphrase : str

              Hashed password, in the format 'hash_algorithm:salt:passphrase_hash'.

          Examples

          --------

          >>> passwd('mypassword')

          'sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12'

          """

          if passphrase is None:

              for i in range(3):

                  p0 = getpass.getpass('Enter password: ')

                  p1 = getpass.getpass('Verify password: ')

                  if p0 == p1:

                      passphrase = p0

                      break

                  else:

                      print('Passwords do not match.')

              else:

                  raise UsageError('No matching passwords found. Giving up.')

          h = hashlib.new(algorithm)

          salt = ('%0' + str(salt_len) + 'x') % random.getrandbits(4 * salt_len)

          h.update(cast_bytes(passphrase, 'utf-8') + str_to_bytes(salt, 'ascii'))

          return ':'.join((algorithm, salt, h.hexdigest()))

      def passwd_check(hashed_passphrase, passphrase):

          """Verify that a given passphrase matches its hashed version.

          Parameters

          ----------

          hashed_passphrase : str

              Hashed password, in the format returned by `passwd`.

          passphrase : str

              Passphrase to validate.

          Returns

          -------

          valid : bool

              True if the passphrase matches the hash.

          Examples

          --------

          >>> from IPython.lib.security import passwd_check

          >>> passwd_check('sha1:0e112c3ddfce:a68df677475c2b47b6e86d0467eec97ac5f4b85a',

          ...              'mypassword')

          True

          >>> passwd_check('sha1:0e112c3ddfce:a68df677475c2b47b6e86d0467eec97ac5f4b85a',

          ...              'anotherpassword')

          False

          """

          try:

              algorithm, salt, pw_digest = hashed_passphrase.split(':', 2)

          except (ValueError, TypeError):

              return False

          try:

              h = hashlib.new(algorithm)

          except ValueError:

              return False

          if len(pw_digest) == 0:

              return False

          h.update(cast_bytes(passphrase, 'utf-8') + cast_bytes(salt, 'ascii'))

          return h.hexdigest() == pw_digest

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

				"""
				Password generation for the IPython notebook.
				"""
				#-----------------------------------------------------------------------------
				# Imports
				#-----------------------------------------------------------------------------
				# Stdlib
				import getpass
				import hashlib
				import random

				# Our own
				from IPython.core.error import UsageError
				from IPython.testing.skipdoctest import skip_doctest
				from IPython.utils.py3compat import cast_bytes, str_to_bytes

				#-----------------------------------------------------------------------------
				# Globals
				#-----------------------------------------------------------------------------

				# Length of the salt in nr of hex chars, which implies salt_len * 4
				# bits of randomness.
				salt_len = 12

				#-----------------------------------------------------------------------------
				# Functions
				#-----------------------------------------------------------------------------

				@skip_doctest
				def passwd(passphrase=None, algorithm='sha1'):
				"""Generate hashed password and salt for use in notebook configuration.

				In the notebook configuration, set `c.NotebookApp.password` to
				the generated string.

				Parameters
				----------
				passphrase : str
				Password to hash. If unspecified, the user is asked to input
				and verify a password.
				algorithm : str
				Hashing algorithm to use (e.g, 'sha1' or any argument supported
				by :func:`hashlib.new`).

				Returns
				-------
				hashed_passphrase : str
				Hashed password, in the format 'hash_algorithm:salt:passphrase_hash'.

				Examples
				--------
				>>> passwd('mypassword')
				'sha1:7cf3:b7d6da294ea9592a9480c8f52e63cd42cfb9dd12'

				"""
				if passphrase is None:
				for i in range(3):
				p0 = getpass.getpass('Enter password: ')
				p1 = getpass.getpass('Verify password: ')
				if p0 == p1:
				passphrase = p0
				break
				else:
				print('Passwords do not match.')
				else:
				raise UsageError('No matching passwords found. Giving up.')

				h = hashlib.new(algorithm)
				salt = ('%0' + str(salt_len) + 'x') % random.getrandbits(4 * salt_len)
				h.update(cast_bytes(passphrase, 'utf-8') + str_to_bytes(salt, 'ascii'))

				return ':'.join((algorithm, salt, h.hexdigest()))


				def passwd_check(hashed_passphrase, passphrase):
				"""Verify that a given passphrase matches its hashed version.

				Parameters
				----------
				hashed_passphrase : str
				Hashed password, in the format returned by `passwd`.
				passphrase : str
				Passphrase to validate.

				Returns
				-------
				valid : bool
				True if the passphrase matches the hash.

				Examples
				--------
				>>> from IPython.lib.security import passwd_check
				>>> passwd_check('sha1:0e112c3ddfce:a68df677475c2b47b6e86d0467eec97ac5f4b85a',
				... 'mypassword')
				True

				>>> passwd_check('sha1:0e112c3ddfce:a68df677475c2b47b6e86d0467eec97ac5f4b85a',
				... 'anotherpassword')
				False
				"""
				try:
				algorithm, salt, pw_digest = hashed_passphrase.split(':', 2)
				except (ValueError, TypeError):
				return False

				try:
				h = hashlib.new(algorithm)
				except ValueError:
				return False

				if len(pw_digest) == 0:
				return False

				h.update(cast_bytes(passphrase, 'utf-8') + cast_bytes(salt, 'ascii'))

				return h.hexdigest() == pw_digest