Mercurial > p > roundup > code
comparison test/test_security.py @ 7165:970cd6d2b8ea
issue2551251 - migrate pbkdf2 passwords if more rounds configured
migrate/re-encrypt PBKDF2 password if stored password used a smaller
number of rounds than set in password_pbkdf2_default_rounds.
Also increase fallback number of rounds (when not set in config) to
2,000,000.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 23 Feb 2023 19:34:39 -0500 |
| parents | 0b52ee664580 |
| children | f6b24a8524cd |
comparison
equal
deleted
inserted
replaced
| 7164:5487882ff17a | 7165:970cd6d2b8ea |
|---|---|
| 420 roundup.password.crypt = None | 420 roundup.password.crypt = None |
| 421 with self.assertRaises(roundup.password.PasswordValueError) as ctx: | 421 with self.assertRaises(roundup.password.PasswordValueError) as ctx: |
| 422 roundup.password.test_missing_crypt() | 422 roundup.password.test_missing_crypt() |
| 423 roundup.password.crypt = orig_crypt | 423 roundup.password.crypt = orig_crypt |
| 424 | 424 |
| 425 def test_pbkdf2_migrate_rounds(self): | |
| 426 self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 10000 | |
| 427 | |
| 428 p = roundup.password.Password('sekrit', 'PBKDF2', | |
| 429 config=self.db.config) | |
| 430 | |
| 431 self.db.config.PASSWORD_PBKDF2_DEFAULT_ROUNDS = 2000000 | |
| 432 | |
| 433 self.assertEqual(p.needs_migration(config=self.db.config), True) | |
| 434 | |
| 425 # vim: set filetype=python sts=4 sw=4 et si : | 435 # vim: set filetype=python sts=4 sw=4 et si : |