fixed wart - CryptContext now searches schemes in order, instead of reverse order (and default is now first option)

author: Eli Collins <elic@assurancetechnologies.com> 2011-03-05 12:26:12 -0500
committer: Eli Collins <elic@assurancetechnologies.com> 2011-03-05 12:26:12 -0500
commit: e69cdbd7d5927befa0cb708e787c730c73c032e2 (patch)
tree: efaef09e93ecb271ff57f797610da48d70eb0a84
parent: ebcfd341a99584504e34ea66dbeaef0b1e503307 (diff)
download: passlib-e69cdbd7d5927befa0cb708e787c730c73c032e2.tar.gz
6 files changed, 50 insertions, 22 deletions
diff --git a/docs/lib/passlib.base.rst b/docs/lib/passlib.base.rst
index 1c32c0a..a458e0f 100644
--- a/docs/lib/passlib.base.rst
+++ b/docs/lib/passlib.base.rst
@@ -44,7 +44,7 @@ The remaining options -
 ``context.schemes``
     comma separated list of the schemes this context should recognize, specified by name.
     when a context is identifying hashes, it will check each scheme in this list
-    in reverse order. if this value is being specified programmatically,
+    in order. if this value is being specified programmatically,
     it may also be a python list containing a mixture of names
     and password hash handler objects.
 
@@ -56,7 +56,7 @@ The remaining options -
 
 ``context.default``
     the default scheme context should use for generating new hashes.
-    if not specified, the last entry in ``context/schemes`` is used.
+    if not specified, the first entry in ``context.schemes`` is used.
 
 ``context.min_verify_time``
     if specified, all ``context.verify()`` calls will take at least this many seconds.
diff --git a/passlib/apache.py b/passlib/apache.py
index 9348f7f..9888210 100644
--- a/passlib/apache.py
+++ b/passlib/apache.py
@@ -14,7 +14,7 @@ from __future__ import with_statement
 import logging; log = logging.getLogger(__name__)
 #site
 #libs
-from passlib.drivers.import postgres_md5
+from passlib.hash import postgres_md5
 from passlib.base import CryptContext
 #pkg
 #local
diff --git a/passlib/base.py b/passlib/base.py
index dece565..db76da7 100644
--- a/passlib/base.py
+++ b/passlib/base.py
@@ -412,7 +412,7 @@ class CryptPolicy(object):
         handlers = self._handlers = []
         seen = set()
         schemes = options[None]['context'].get("schemes") or []
-        for scheme in reversed(schemes): #NOTE: reversed() just so last entry is used as default, and is checked first.
+        for scheme in schemes:
             #resolve & validate handler
             if is_crypt_handler(scheme):
                 handler = scheme
@@ -631,7 +631,7 @@ class CryptPolicy(object):
         #
         value = self._handlers
         if value:
-            yield format_key(None, None, "schemes"), encode_hlist(reversed(value))
+            yield format_key(None, None, "schemes"), encode_hlist(value)
 
         for cat, value in self._deprecated.iteritems():
             yield format_key(cat, None, "deprecated"), encode_hlist(value)
@@ -709,7 +709,7 @@ class CryptContext(object):
 
         >>> from passlib import hash
         >>> #create a new context that only understands Md5Crypt & BCrypt
-        >>> myctx = hash.CryptContext([ hash.Md5Crypt, hash.BCrypt ])
+        >>> myctx = hash.CryptContext([ hash.BCrypt, hash.Md5Crypt,  ])
 
         >>> #the last one in the list will be used as the default for encrypting...
         >>> hash1 = myctx.encrypt("too many secrets")
diff --git a/passlib/sqldb.py b/passlib/sqldb.py
index 6ed165a..9208dad 100644
--- a/passlib/sqldb.py
+++ b/passlib/sqldb.py
@@ -33,7 +33,7 @@ postgres_context = CryptContext([postgres_plaintext, postgres_md5])
 #=========================================================
 from passlib.drivers.mysql import mysql323, mysql41
 mysql3_context = CryptContext([mysql323])
-mysql_context = CryptContext([mysql323, mysql41])
+mysql_context = CryptContext([mysql41, mysql323])
 
 #=========================================================
 #TODO:
diff --git a/passlib/tests/test_base.py b/passlib/tests/test_base.py
index 54c07df..7523a98 100644
--- a/passlib/tests/test_base.py
+++ b/passlib/tests/test_base.py
@@ -245,7 +245,7 @@ sha512_crypt.min_rounds = 45000
         "test iter_handlers() method"
 
         p1 = CryptPolicy(**self.sample_config_1pd)
-        s = self.sample_config_1prd['schemes'][::-1]
+        s = self.sample_config_1prd['schemes']
         self.assertEquals(list(p1.iter_handlers()), s)
 
         p3 = CryptPolicy(**self.sample_config_3pd)
@@ -341,15 +341,15 @@ class CryptContextTest(TestCase):
     def test_00_constructor(self):
         "test CryptContext simple constructor"
         #create crypt context using handlers
-        cc = CryptContext([UnsaltedHash, SaltedHash, hash.md5_crypt])
-        c, b, a = cc.policy.iter_handlers()
+        cc = CryptContext(["md5_crypt", SaltedHash, UnsaltedHash])
+        c,b,a = cc.policy.iter_handlers()
         self.assertIs(a, UnsaltedHash)
         self.assertIs(b, SaltedHash)
         self.assertIs(c, hash.md5_crypt)
 
         #create context using names
-        cc = CryptContext([UnsaltedHash, SaltedHash, "md5_crypt"])
-        c, b, a = cc.policy.iter_handlers()
+        cc = CryptContext(["md5_crypt", SaltedHash, UnsaltedHash])
+        c,b,a = cc.policy.iter_handlers()
         self.assertIs(a, UnsaltedHash)
         self.assertIs(b, SaltedHash)
         self.assertIs(c, hash.md5_crypt)
@@ -507,7 +507,7 @@ class CryptContextTest(TestCase):
     #=========================================================
     def test_20_basic(self):
         "test basic encrypt/identify/verify functionality"
-        handlers = [UnsaltedHash, SaltedHash, AnotherHash]
+        handlers = [AnotherHash, UnsaltedHash, SaltedHash]
         cc = CryptContext(handlers, policy=None)
 
         #run through handlers
@@ -524,7 +524,7 @@ class CryptContextTest(TestCase):
 
     def test_21_identify(self):
         "test identify() border cases"
-        handlers = [UnsaltedHash, SaltedHash, AnotherHash]
+        handlers = [AnotherHash, UnsaltedHash, SaltedHash]
         cc = CryptContext(handlers, policy=None)
 
         #check unknown hash
@@ -537,7 +537,7 @@ class CryptContextTest(TestCase):
 
     def test_22_verify(self):
         "test verify() scheme kwd"
-        handlers = [UnsaltedHash, SaltedHash, AnotherHash]
+        handlers = [AnotherHash, UnsaltedHash, SaltedHash]
         cc = CryptContext(handlers, policy=None)
 
         h = AnotherHash.encrypt("test")
@@ -555,7 +555,7 @@ class CryptContextTest(TestCase):
 
     def test_23_verify_empty_hash(self):
         "test verify() allows hash=None"
-        handlers = [UnsaltedHash, SaltedHash, AnotherHash]
+        handlers = [AnotherHash, UnsaltedHash, SaltedHash]
         cc = CryptContext(handlers, policy=None)
         self.assert_(not cc.verify("test", None))
         for handler in handlers:
diff --git a/passlib/unix.py b/passlib/unix.py
index 319f9cc..e837af1 100644
--- a/passlib/unix.py
+++ b/passlib/unix.py
@@ -20,6 +20,9 @@ __all__ = [
 #=========================================================
 #helpers
 #=========================================================
+
+#TODO: replace this with a "generic-reject" (also add a "generic-allow")
+
 class UnixDisabledHandler(CryptHandler):
     """fake crypt handler which handles special (non-hash) strings found in /etc/shadow
 
@@ -60,7 +63,7 @@ register_crypt_handler(UnixDisabledHandler)
 
 #default context for quick use.. recognizes common algorithms, uses SHA-512 as default
 #er... should we promote bcrypt as default?
-default_context = CryptContext(["unix_disabled", "des_crypt", "md5_crypt", "bcrypt", "sha256_crypt", "sha512_crypt"])
+##default_context = CryptContext(["sha512_crypt",  "sha256_crypt", "bcrypt", "md5_crypt", "des_crypt", "unix_disabled" ])
 
 #=========================================================
 #some general os-context helpers (these may not match your os policy exactly, but are generally useful)
@@ -70,16 +73,41 @@ default_context = CryptContext(["unix_disabled", "des_crypt", "md5_crypt", "bcry
 #referencing linux shadow...
 # linux - des,md5, sha256, sha512
 
-linux_context = CryptContext([ "unix_disabled", "des_crypt", "md5_crypt", "sha256_crypt", "sha512_crypt" ])
+linux_context = CryptContext([ "sha512_crypt", "sha256_crypt", "md5_crypt", "des_crypt", "unix_disabled" ])
 
 #referencing source via -http://fxr.googlebit.com
 # freebsd 6,7,8 - des, md5, bcrypt, nthash
 # netbsd - des, ext, md5, bcrypt, sha1
 # openbsd - des, ext, md5, bcrypt
-bsd_context = CryptContext(["unix_disabled",  "nthash", "des_crypt", "ext_des_crypt", "md5_crypt", "bcrypt"])
-freebsd_context = CryptContext([ "unix_disabled",  "des_crypt", "nthash", "md5_crypt", "bcrypt"])
-openbsd_context = CryptContext([ "unix_disabled",  "des_crypt", "ext_des_crypt", "md5_crypt", "bcrypt"])
-netbsd_context = CryptContext([ "unix_disabled",  "des_crypt", "ext_des_crypt", "md5_crypt", "bcrypt", "sha1_crypt"])
+bsd_context = CryptContext(["bcrypt",  "md5_crypt", "bsdi_crypt", "des_crypt", "nthash", "unix_disabled" ])
+freebsd_context = CryptContext([  "bcrypt", "md5_crypt", "nthash", "des_crypt", "unix_disabled" ])
+openbsd_context = CryptContext([ "bcrypt", "md5_crypt", "bsdi_crypt", "des_crypt", "unix_disabled" ])
+netbsd_context = CryptContext([  "bcrypt", "sha1_crypt", "md5_crypt", "bsdi_crypt", "des_crypt", "unix_disabled" ])
+
+
+#aix3
+#aix4
+#atheos
+#beos5
+#darwin
+#freebsd2
+#freebsd3
+#freebsd4
+#freebsd5
+#freebsd6
+#freebsd7
+#generic
+#hp-ux11
+#irix5
+#irix6
+#linux2
+#mac
+#netbsd1
+#next3
+#os2emx
+#riscos
+#sunos5
+#unixware7
 
 #=========================================================
 #eof
author	Eli Collins <elic@assurancetechnologies.com>	2011-03-05 12:26:12 -0500
committer	Eli Collins <elic@assurancetechnologies.com>	2011-03-05 12:26:12 -0500
commit	e69cdbd7d5927befa0cb708e787c730c73c032e2 (patch)
tree	efaef09e93ecb271ff57f797610da48d70eb0a84
parent	ebcfd341a99584504e34ea66dbeaef0b1e503307 (diff)
download	passlib-e69cdbd7d5927befa0cb708e787c730c73c032e2.tar.gz