From e937b8c1c11a56d7e5139e6bd3991916f76188ca Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Sun, 16 Apr 2017 11:56:33 +0300 Subject: Add password encryption --- distixapi/__init__.py | 2 +- distixapi/authn.py | 6 ++++++ distixapi/authn_tests.py | 17 +++++++++++++++++ 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/distixapi/__init__.py b/distixapi/__init__.py index d860521..07d5833 100644 --- a/distixapi/__init__.py +++ b/distixapi/__init__.py @@ -1,2 +1,2 @@ from .version import __version__, __version_info__ -from .authn import AuthenticationError, get_credentials +from .authn import AuthenticationError, get_credentials, encrypt_password diff --git a/distixapi/authn.py b/distixapi/authn.py index a7fbbcf..f95f74d 100644 --- a/distixapi/authn.py +++ b/distixapi/authn.py @@ -2,6 +2,7 @@ import base64 +import scrypt def get_credentials(request): @@ -30,3 +31,8 @@ def get_credentials(request): class AuthenticationError(Exception): pass + + + +def encrypt_password(salt, password): + return scrypt.hash(password, salt) diff --git a/distixapi/authn_tests.py b/distixapi/authn_tests.py index 063b400..329eac6 100644 --- a/distixapi/authn_tests.py +++ b/distixapi/authn_tests.py @@ -40,6 +40,23 @@ class GetCredentialsTests(unittest.TestCase): self.assertEqual(password, p) +class EncryptPasswordTests(unittest.TestCase): + + def test_returns_value_not_containing_cleartext_password(self): + cleartext = 'secret' + salt = 'salt' + encrypted = distixapi.encrypt_password(salt, cleartext) + self.assertFalse(cleartext in encrypted) + + def test_returns_different_values_with_different_salt(self): + cleartext = 'secret' + salt_1 = 'salt' + salt_2 = 'salt2' + encrypted_1 = distixapi.encrypt_password(salt_1, cleartext) + encrypted_2 = distixapi.encrypt_password(salt_2, cleartext) + self.assertNotEqual(encrypted_1, encrypted_2) + + class DummyRequest(object): def __init__(self): -- cgit v1.2.1