mirror of
https://github.com/GAM-team/GAM.git
synced 2025-07-07 21:23:34 +00:00
add passlib for sha-512 salted hash generation
This commit is contained in:
Jay Lee
192
passlib/apps.py
Normal file
192
passlib/apps.py
Normal file
@ -0,0 +1,192 @@
|
||||
"""passlib.apps"""
|
||||
#=============================================================================
|
||||
# imports
|
||||
#=============================================================================
|
||||
# core
|
||||
import logging; log = logging.getLogger(__name__)
|
||||
from itertools import chain
|
||||
# site
|
||||
# pkg
|
||||
from passlib import hash
|
||||
from passlib.context import LazyCryptContext
|
||||
from passlib.utils import sys_bits
|
||||
# local
|
||||
__all__ = [
|
||||
'custom_app_context',
|
||||
'django_context',
|
||||
'ldap_context', 'ldap_nocrypt_context',
|
||||
'mysql_context', 'mysql4_context', 'mysql3_context',
|
||||
'phpass_context',
|
||||
'phpbb3_context',
|
||||
'postgres_context',
|
||||
]
|
||||
|
||||
#=============================================================================
|
||||
# master containing all identifiable hashes
|
||||
#=============================================================================
|
||||
def _load_master_config():
|
||||
from passlib.registry import list_crypt_handlers
|
||||
|
||||
# get master list
|
||||
schemes = list_crypt_handlers()
|
||||
|
||||
# exclude the ones we know have ambiguous or greedy identify() methods.
|
||||
excluded = [
|
||||
# frequently confused for eachother
|
||||
'bigcrypt',
|
||||
'crypt16',
|
||||
|
||||
# no good identifiers
|
||||
'cisco_pix',
|
||||
'cisco_type7',
|
||||
'htdigest',
|
||||
'mysql323',
|
||||
'oracle10',
|
||||
|
||||
# all have same size
|
||||
'lmhash',
|
||||
'msdcc',
|
||||
'msdcc2',
|
||||
'nthash',
|
||||
|
||||
# plaintext handlers
|
||||
'plaintext',
|
||||
'ldap_plaintext',
|
||||
|
||||
# disabled handlers
|
||||
'django_disabled',
|
||||
'unix_disabled',
|
||||
'unix_fallback',
|
||||
]
|
||||
for name in excluded:
|
||||
schemes.remove(name)
|
||||
|
||||
# return config
|
||||
return dict(schemes=schemes, default="sha256_crypt")
|
||||
master_context = LazyCryptContext(onload=_load_master_config)
|
||||
|
||||
#=============================================================================
|
||||
# for quickly bootstrapping new custom applications
|
||||
#=============================================================================
|
||||
custom_app_context = LazyCryptContext(
|
||||
# choose some reasonbly strong schemes
|
||||
schemes=["sha512_crypt", "sha256_crypt"],
|
||||
|
||||
# set some useful global options
|
||||
default="sha256_crypt" if sys_bits < 64 else "sha512_crypt",
|
||||
all__vary_rounds = 0.1,
|
||||
|
||||
# set a good starting point for rounds selection
|
||||
sha512_crypt__min_rounds = 60000,
|
||||
sha256_crypt__min_rounds = 80000,
|
||||
|
||||
# if the admin user category is selected, make a much stronger hash,
|
||||
admin__sha512_crypt__min_rounds = 120000,
|
||||
admin__sha256_crypt__min_rounds = 160000,
|
||||
)
|
||||
|
||||
#=============================================================================
|
||||
# django
|
||||
#=============================================================================
|
||||
_django10_schemes = [
|
||||
"django_salted_sha1", "django_salted_md5", "django_des_crypt",
|
||||
"hex_md5", "django_disabled",
|
||||
]
|
||||
|
||||
django10_context = LazyCryptContext(
|
||||
schemes=_django10_schemes,
|
||||
default="django_salted_sha1",
|
||||
deprecated=["hex_md5"],
|
||||
)
|
||||
|
||||
_django14_schemes = ["django_pbkdf2_sha256", "django_pbkdf2_sha1",
|
||||
"django_bcrypt"] + _django10_schemes
|
||||
django14_context = LazyCryptContext(
|
||||
schemes=_django14_schemes,
|
||||
deprecated=_django10_schemes,
|
||||
)
|
||||
|
||||
_django16_schemes = _django14_schemes[:]
|
||||
_django16_schemes.insert(1, "django_bcrypt_sha256")
|
||||
django16_context = LazyCryptContext(
|
||||
schemes=_django16_schemes,
|
||||
deprecated=_django10_schemes,
|
||||
)
|
||||
|
||||
# this will always point to latest version
|
||||
django_context = django16_context
|
||||
|
||||
#=============================================================================
|
||||
# ldap
|
||||
#=============================================================================
|
||||
std_ldap_schemes = ["ldap_salted_sha1", "ldap_salted_md5",
|
||||
"ldap_sha1", "ldap_md5",
|
||||
"ldap_plaintext" ]
|
||||
|
||||
# create context with all std ldap schemes EXCEPT crypt
|
||||
ldap_nocrypt_context = LazyCryptContext(std_ldap_schemes)
|
||||
|
||||
# create context with all possible std ldap + ldap crypt schemes
|
||||
def _iter_ldap_crypt_schemes():
|
||||
from passlib.utils import unix_crypt_schemes
|
||||
return ('ldap_' + name for name in unix_crypt_schemes)
|
||||
|
||||
def _iter_ldap_schemes():
|
||||
"helper which iterates over supported std ldap schemes"
|
||||
return chain(std_ldap_schemes, _iter_ldap_crypt_schemes())
|
||||
ldap_context = LazyCryptContext(_iter_ldap_schemes())
|
||||
|
||||
### create context with all std ldap schemes + crypt schemes for localhost
|
||||
##def _iter_host_ldap_schemes():
|
||||
## "helper which iterates over supported std ldap schemes"
|
||||
## from passlib.handlers.ldap_digests import get_host_ldap_crypt_schemes
|
||||
## return chain(std_ldap_schemes, get_host_ldap_crypt_schemes())
|
||||
##ldap_host_context = LazyCryptContext(_iter_host_ldap_schemes())
|
||||
|
||||
#=============================================================================
|
||||
# mysql
|
||||
#=============================================================================
|
||||
mysql3_context = LazyCryptContext(["mysql323"])
|
||||
mysql4_context = LazyCryptContext(["mysql41", "mysql323"], deprecated="mysql323")
|
||||
mysql_context = mysql4_context # tracks latest mysql version supported
|
||||
|
||||
#=============================================================================
|
||||
# postgres
|
||||
#=============================================================================
|
||||
postgres_context = LazyCryptContext(["postgres_md5"])
|
||||
|
||||
#=============================================================================
|
||||
# phpass & variants
|
||||
#=============================================================================
|
||||
def _create_phpass_policy(**kwds):
|
||||
"helper to choose default alg based on bcrypt availability"
|
||||
kwds['default'] = 'bcrypt' if hash.bcrypt.has_backend() else 'phpass'
|
||||
return kwds
|
||||
|
||||
phpass_context = LazyCryptContext(
|
||||
schemes=["bcrypt", "phpass", "bsdi_crypt"],
|
||||
onload=_create_phpass_policy,
|
||||
)
|
||||
|
||||
phpbb3_context = LazyCryptContext(["phpass"], phpass__ident="H")
|
||||
|
||||
# TODO: support the drupal phpass variants (see phpass homepage)
|
||||
|
||||
#=============================================================================
|
||||
# roundup
|
||||
#=============================================================================
|
||||
|
||||
_std_roundup_schemes = [ "ldap_hex_sha1", "ldap_hex_md5", "ldap_des_crypt", "roundup_plaintext" ]
|
||||
roundup10_context = LazyCryptContext(_std_roundup_schemes)
|
||||
|
||||
# NOTE: 'roundup15' really applies to roundup 1.4.17+
|
||||
roundup_context = roundup15_context = LazyCryptContext(
|
||||
schemes=_std_roundup_schemes + [ "ldap_pbkdf2_sha1" ],
|
||||
deprecated=_std_roundup_schemes,
|
||||
default = "ldap_pbkdf2_sha1",
|
||||
ldap_pbkdf2_sha1__default_rounds = 10000,
|
||||
)
|
||||
|
||||
#=============================================================================
|
||||
# eof
|
||||
#=============================================================================
|
||||
Reference in New Issue
Block a user