我们从Python开源项目中,提取了以下24个代码示例,用于说明如何使用django.contrib.auth.models.check_password()。
def fuzz_verifier_django(self): from passlib.tests.test_ext_django import DJANGO_VERSION # check_password() not added until 1.0 min_django_version = max(self.min_django_version, (1,0)) if DJANGO_VERSION < min_django_version: return None from django.contrib.auth.models import check_password def verify_django(secret, hash): "django/check_password" if (1,4) <= DJANGO_VERSION < (1,6) and not secret: return "skip" if self.handler.name == "django_bcrypt" and hash.startswith("bcrypt$$2y$"): hash = hash.replace("$$2y$", "$$2a$") if DJANGO_VERSION >= (1,5) and self.django_has_encoding_glitch and isinstance(secret, bytes): # e.g. unsalted_md5 on 1.5 and higher try to combine # salt + password before encoding to bytes, leading to ascii error. # this works around that issue. secret = secret.decode("utf-8") return check_password(secret, hash) return verify_django
def test_90_django_reference(self): "run known correct hashes through Django's check_password()" from passlib.tests.test_ext_django import DJANGO_VERSION # check_password() not added until 1.0 min_django_version = max(self.min_django_version, (1,0)) if DJANGO_VERSION < min_django_version: raise self.skipTest("Django >= %s not installed" % vstr(min_django_version)) from django.contrib.auth.models import check_password assert self.known_correct_hashes for secret, hash in self.iter_known_hashes(): if (1,4) <= DJANGO_VERSION < (1,6) and not secret: # django 1.4-1.5 rejects empty passwords self.assertFalse(check_password(secret, hash), "empty string should not have verified") continue self.assertTrue(check_password(secret, hash), "secret=%r hash=%r failed to verify" % (secret, hash)) self.assertFalse(check_password('x' + secret, hash), "mangled secret=%r hash=%r incorrect verified" % (secret, hash))
def fuzz_verifier_django(self): from passlib.tests.test_ext_django import DJANGO_VERSION # check_password() not added until 1.0 min_django_version = max(self.min_django_version, (1,0)) if DJANGO_VERSION < min_django_version: return None from django.contrib.auth.models import check_password def verify_django(secret, hash): """django/check_password""" if (1,4) <= DJANGO_VERSION < (1,6) and not secret: return "skip" if self.handler.name == "django_bcrypt" and hash.startswith("bcrypt$$2y$"): hash = hash.replace("$$2y$", "$$2a$") if DJANGO_VERSION >= (1,5) and self.django_has_encoding_glitch and isinstance(secret, bytes): # e.g. unsalted_md5 on 1.5 and higher try to combine # salt + password before encoding to bytes, leading to ascii error. # this works around that issue. secret = secret.decode("utf-8") return check_password(secret, hash) return verify_django
def test_90_django_reference(self): """run known correct hashes through Django's check_password()""" from passlib.tests.test_ext_django import DJANGO_VERSION # check_password() not added until 1.0 min_django_version = max(self.min_django_version, (1,0)) if DJANGO_VERSION < min_django_version: raise self.skipTest("Django >= %s not installed" % vstr(min_django_version)) from django.contrib.auth.models import check_password assert self.known_correct_hashes for secret, hash in self.iter_known_hashes(): if (1,4) <= DJANGO_VERSION < (1,6) and not secret: # django 1.4-1.5 rejects empty passwords self.assertFalse(check_password(secret, hash), "empty string should not have verified") continue self.assertTrue(check_password(secret, hash), "secret=%r hash=%r failed to verify" % (secret, hash)) self.assertFalse(check_password('x' + secret, hash), "mangled secret=%r hash=%r incorrect verified" % (secret, hash))
def _iter_patch_candidates(cls): """helper to scan for monkeypatches. returns tuple containing: * object (module or class) * attribute of object * value of attribute * whether it should or should not be patched """ # XXX: this and assert_unpatched() could probably be refactored to use # the PatchManager class to do the heavy lifting. from django.contrib.auth import models, hashers user_attrs = ["check_password", "set_password"] model_attrs = ["check_password", "make_password"] hasher_attrs = ["check_password", "make_password", "get_hasher", "identify_hasher", "get_hashers"] objs = [(models, model_attrs), (models.User, user_attrs), (hashers, hasher_attrs), ] for obj, patched in objs: for attr in dir(obj): if attr.startswith("_"): continue value = obj.__dict__.get(attr, UNSET) # can't use getattr() due to GAE if value is UNSET and attr not in patched: continue value = get_method_function(value) source = getattr(value, "__module__", None) if source: yield obj, attr, source, (attr in patched) #=================================================================== # verify current patch state #===================================================================
def test_01_overwrite_detection(self): """test detection of foreign monkeypatching""" # NOTE: this sets things up, and spot checks two methods, # this should be enough to verify patch manager is working. # TODO: test unpatch behavior honors flag. # configure plugin to use sample context config = "[passlib]\nschemes=des_crypt\n" self.load_extension(PASSLIB_CONFIG=config) # setup helpers import django.contrib.auth.models as models from passlib.ext.django.models import adapter def dummy(): pass # mess with User.set_password, make sure it's detected orig = models.User.set_password models.User.set_password = dummy with self.assertWarningList("another library has patched.*User\.set_password"): adapter._manager.check_all() models.User.set_password = orig # mess with models.check_password, make sure it's detected orig = models.check_password models.check_password = dummy with self.assertWarningList("another library has patched.*models:check_password"): adapter._manager.check_all() models.check_password = orig
def _iter_patch_candidates(cls): """helper to scan for monkeypatches. returns tuple containing: * object (module or class) * attribute of object * value of attribute * whether it should or should not be patched """ # XXX: this and assert_unpatched() could probably be refactored to use # the PatchManager class to do the heavy lifting. from django.contrib.auth import models user_attrs = ["check_password", "set_password"] model_attrs = ["check_password"] objs = [(models, model_attrs), (models.User, user_attrs)] if has_django14: from django.contrib.auth import hashers model_attrs.append("make_password") objs.append((hashers, ["check_password", "make_password", "get_hasher", "identify_hasher"])) if has_django0: user_attrs.extend(["has_usable_password", "set_unusable_password"]) for obj, patched in objs: for attr in dir(obj): if attr.startswith("_"): continue value = obj.__dict__.get(attr, UNSET) # can't use getattr() due to GAE if value is UNSET and attr not in patched: continue value = get_method_function(value) source = getattr(value, "__module__", None) if source: yield obj, attr, source, (attr in patched) #=================================================================== # verify current patch state #===================================================================
def test_01_overwrite_detection(self): "test detection of foreign monkeypatching" # NOTE: this sets things up, and spot checks two methods, # this should be enough to verify patch manager is working. # TODO: test unpatch behavior honors flag. # configure plugin to use sample context config = "[passlib]\nschemes=des_crypt\n" self.load_extension(PASSLIB_CONFIG=config) # setup helpers import django.contrib.auth.models as models from passlib.ext.django.models import _manager def dummy(): pass # mess with User.set_password, make sure it's detected orig = models.User.set_password models.User.set_password = dummy with self.assertWarningList("another library has patched.*User\.set_password"): _manager.check_all() models.User.set_password = orig # mess with models.check_password, make sure it's detected orig = models.check_password models.check_password = dummy with self.assertWarningList("another library has patched.*models:check_password"): _manager.check_all() models.check_password = orig
def setUp(self): # NOTE: omitted orig setup, want to install our extension, # and load hashers through it instead. self.load_extension(PASSLIB_CONTEXT=stock_config, check=False) from passlib.ext.django.models import password_context # update test module to use our versions of some hasher funcs from django.contrib.auth import hashers for attr in ["make_password", "check_password", "identify_hasher", "get_hasher"]: patchAttr(self, _thmod, attr, getattr(hashers, attr)) # django 1.5 tests expect empty django_des_crypt salt field if DJANGO_VERSION > (1,4): from passlib.hash import django_des_crypt patchAttr(self, django_des_crypt, "use_duplicate_salt", False) # hack: need password_context to keep up to date with hasher.iterations if DJANGO_VERSION >= (1,6): def update_hook(self): rounds = _thmod.get_hasher("pbkdf2_sha256").iterations self.update( django_pbkdf2_sha256__min_rounds=rounds, django_pbkdf2_sha256__default_rounds=rounds, django_pbkdf2_sha256__max_rounds=rounds, ) patchAttr(self, password_context, "__class__", ContextWithHook) patchAttr(self, password_context, "update_hook", update_hook) # omitting this test, since it depends on updated to django hasher settings
def test_01_overwrite_detection(self): """test detection of foreign monkeypatching""" # NOTE: this sets things up, and spot checks two methods, # this should be enough to verify patch manager is working. # TODO: test unpatch behavior honors flag. # configure plugin to use sample context config = "[passlib]\nschemes=des_crypt\n" self.load_extension(PASSLIB_CONFIG=config) # setup helpers import django.contrib.auth.models as models from passlib.ext.django.models import _manager def dummy(): pass # mess with User.set_password, make sure it's detected orig = models.User.set_password models.User.set_password = dummy with self.assertWarningList("another library has patched.*User\.set_password"): _manager.check_all() models.User.set_password = orig # mess with models.check_password, make sure it's detected orig = models.check_password models.check_password = dummy with self.assertWarningList("another library has patched.*models:check_password"): _manager.check_all() models.check_password = orig
def setUp(self): # NOTE: omitted orig setup, want to install our extension, # and load hashers through it instead. self.load_extension(PASSLIB_CONTEXT=stock_config, check=False) from passlib.ext.django.models import password_context # update test module to use our versions of some hasher funcs from django.contrib.auth import hashers for attr in ["make_password", "check_password", "identify_hasher", "get_hasher"]: patchAttr(self, test_hashers_mod, attr, getattr(hashers, attr)) # django 1.4 tests expect empty django_des_crypt salt field if DJANGO_VERSION >= (1,4): from passlib.hash import django_des_crypt patchAttr(self, django_des_crypt, "use_duplicate_salt", False) # hack: need password_context to keep up to date with hasher.iterations if DJANGO_VERSION >= (1,6): def update_hook(self): rounds = test_hashers_mod.get_hasher("pbkdf2_sha256").iterations self.update( django_pbkdf2_sha256__min_rounds=rounds, django_pbkdf2_sha256__default_rounds=rounds, django_pbkdf2_sha256__max_rounds=rounds, ) patchAttr(self, password_context, "__class__", ContextWithHook) patchAttr(self, password_context, "update_hook", update_hook) # omitting this test, since it depends on updated to django hasher settings
