[Zope3-checkins] SVN: Zope3/trunk/ Password managers now accept full Unicode characters range for passwords

Dmitry Vasiliev dima at hlabs.spb.ru
Tue Apr 24 06:27:03 EDT 2007


Log message for revision 74699:
  Password managers now accept full Unicode characters range for passwords

Changed:
  U   Zope3/trunk/doc/CHANGES.txt
  U   Zope3/trunk/src/zope/app/authentication/password.py

-=-
Modified: Zope3/trunk/doc/CHANGES.txt
===================================================================
--- Zope3/trunk/doc/CHANGES.txt	2007-04-24 09:05:21 UTC (rev 74698)
+++ Zope3/trunk/doc/CHANGES.txt	2007-04-24 10:27:02 UTC (rev 74699)
@@ -15,6 +15,9 @@
 
     Bugs fixed
 
+      - Password managers now accept full Unicode characters range for
+        passwords
+
       - #98535: Deprecation warning was broken for
         zope.app.site.tests.placefulsetup
 

Modified: Zope3/trunk/src/zope/app/authentication/password.py
===================================================================
--- Zope3/trunk/src/zope/app/authentication/password.py	2007-04-24 09:05:21 UTC (rev 74698)
+++ Zope3/trunk/src/zope/app/authentication/password.py	2007-04-24 10:27:02 UTC (rev 74699)
@@ -19,6 +19,7 @@
 
 import md5
 import sha
+from codecs import getencoder
 
 from zope.interface import implements, classProvides
 from zope.schema.interfaces import IVocabularyFactory
@@ -27,6 +28,9 @@
 from zope.app.authentication.interfaces import IPasswordManager
 
 
+_encoder = getencoder("utf-8")
+
+
 class PlainTextPasswordManager(object):
     """Plain text password manager.
 
@@ -36,12 +40,13 @@
     >>> verifyObject(IPasswordManager, manager)
     True
 
-    >>> encoded = manager.encodePassword("password")
+    >>> password = u"right \N{CYRILLIC CAPITAL LETTER A}"
+    >>> encoded = manager.encodePassword(password)
     >>> encoded
-    'password'
-    >>> manager.checkPassword(encoded, "password")
+    u'right \u0410'
+    >>> manager.checkPassword(encoded, password)
     True
-    >>> manager.checkPassword(encoded, "bad")
+    >>> manager.checkPassword(encoded, password + u"wrong")
     False
     """
 
@@ -53,6 +58,7 @@
     def checkPassword(self, storedPassword, password):
         return storedPassword == self.encodePassword(password)
 
+
 class MD5PasswordManager(PlainTextPasswordManager):
     """MD5 password manager.
 
@@ -62,20 +68,22 @@
     >>> verifyObject(IPasswordManager, manager)
     True
 
-    >>> encoded = manager.encodePassword("password")
+    >>> password = u"right \N{CYRILLIC CAPITAL LETTER A}"
+    >>> encoded = manager.encodePassword(password)
     >>> encoded
-    '5f4dcc3b5aa765d61d8327deb882cf99'
-    >>> manager.checkPassword(encoded, "password")
+    '86dddccec45db4599f1ac00018e54139'
+    >>> manager.checkPassword(encoded, password)
     True
-    >>> manager.checkPassword(encoded, "bad")
+    >>> manager.checkPassword(encoded, password + u"wrong")
     False
     """
 
     implements(IPasswordManager)
 
     def encodePassword(self, password):
-        return md5.new(password).hexdigest()
+        return md5.new(_encoder(password)[0]).hexdigest()
 
+
 class SHA1PasswordManager(PlainTextPasswordManager):
     """SHA1 password manager.
 
@@ -85,20 +93,22 @@
     >>> verifyObject(IPasswordManager, manager)
     True
 
-    >>> encoded = manager.encodePassword("password")
+    >>> password = u"right \N{CYRILLIC CAPITAL LETTER A}"
+    >>> encoded = manager.encodePassword(password)
     >>> encoded
-    '5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'
-    >>> manager.checkPassword(encoded, "password")
+    '04b4eec7154c5f3a2ec6d2956fb80b80dc737402'
+    >>> manager.checkPassword(encoded, password)
     True
-    >>> manager.checkPassword(encoded, "bad")
+    >>> manager.checkPassword(encoded, password + u"wrong")
     False
     """
 
     implements(IPasswordManager)
 
     def encodePassword(self, password):
-        return sha.new(password).hexdigest()
+        return sha.new(_encoder(password)[0]).hexdigest()
 
+
 # Simple registry used by mkzopeinstance script
 managers = [
     ("Plain Text", PlainTextPasswordManager()), # default
@@ -106,7 +116,10 @@
     ("SHA1", SHA1PasswordManager()),
 ]
 
+
 class PasswordManagerNamesVocabulary(UtilityVocabulary):
+    """Vocabulary of password managers."""
+
     classProvides(IVocabularyFactory)
     interface = IPasswordManager
     nameOnly = True



More information about the Zope3-Checkins mailing list