More authtypes validation checks

Change-Id: I47e139dc100333e2befc362196ede1b238ee0588
2016-05-31 20:41:07 +02:00 · 2016-05-31 20:41:07 +02:00 · 5c76099efd
parent 07d1c0a3d0
commit 5c76099efd
2 changed files with 48 additions and 0 deletions
--- a/swauth/authtypes.py
+++ b/swauth/authtypes.py
@ -31,6 +31,7 @@ conditions:

 import hashlib
 import os
+import string
 import sys


@ -158,6 +159,13 @@ class Sha1(object):
        except ValueError:
            raise ValueError("Missing '$' in %s" % auth_rest)

+        if len(auth_salt) == 0:
+            raise ValueError("Salt must have non-zero length!")
+        if len(auth_hash) != 40:
+            raise ValueError("Hash must have 40 chars!")
+        if not all(c in string.hexdigits for c in auth_hash):
+            raise ValueError("Hash must be hexadecimal!")
+
        return dict(salt=auth_salt, hash=auth_hash)


@ -219,4 +227,12 @@ class Sha512(object):
            auth_salt, auth_hash = auth_rest.split('$')
        except ValueError:
            raise ValueError("Missing '$' in %s" % auth_rest)
+
+        if len(auth_salt) == 0:
+            raise ValueError("Salt must have non-zero length!")
+        if len(auth_hash) != 128:
+            raise ValueError("Hash must have 128 chars!")
+        if not all(c in string.hexdigits for c in auth_hash):
+            raise ValueError("Hash must be hexadecimal!")
+
        return dict(salt=auth_salt, hash=auth_hash)
--- a/test/unit/test_authtypes.py
+++ b/test/unit/test_authtypes.py
@ -62,10 +62,42 @@ class TestValidation(unittest.TestCase):
        creds = 'sha1:saltkeystring'
        self.assertRaisesRegexp(ValueError, "Missing '\$' in .*",
                                authtypes.validate_creds, creds)
+        # wrong sha1 format, missing salt
+        creds = 'sha1:$hash'
+        self.assertRaisesRegexp(ValueError, "Salt must have non-zero length!",
+                                authtypes.validate_creds, creds)
+        # wrong sha1 format, missing hash
+        creds = 'sha1:salt$'
+        self.assertRaisesRegexp(ValueError, "Hash must have 40 chars!",
+                                authtypes.validate_creds, creds)
+        # wrong sha1 format, short hash
+        creds = 'sha1:salt$short_hash'
+        self.assertRaisesRegexp(ValueError, "Hash must have 40 chars!",
+                                authtypes.validate_creds, creds)
+        # wrong sha1 format, wrong format
+        creds = 'sha1:salt$' + "z" * 40
+        self.assertRaisesRegexp(ValueError, "Hash must be hexadecimal!",
+                                authtypes.validate_creds, creds)
        # wrong sha512 format, missing `$`
        creds = 'sha512:saltkeystring'
        self.assertRaisesRegexp(ValueError, "Missing '\$' in .*",
                                authtypes.validate_creds, creds)
+        # wrong sha512 format, missing salt
+        creds = 'sha512:$hash'
+        self.assertRaisesRegexp(ValueError, "Salt must have non-zero length!",
+                                authtypes.validate_creds, creds)
+        # wrong sha512 format, missing hash
+        creds = 'sha512:salt$'
+        self.assertRaisesRegexp(ValueError, "Hash must have 128 chars!",
+                                authtypes.validate_creds, creds)
+        # wrong sha512 format, short hash
+        creds = 'sha512:salt$short_hash'
+        self.assertRaisesRegexp(ValueError, "Hash must have 128 chars!",
+                                authtypes.validate_creds, creds)
+        # wrong sha1 format, wrong format
+        creds = 'sha512:salt$' + "z" * 128
+        self.assertRaisesRegexp(ValueError, "Hash must be hexadecimal!",
+                                authtypes.validate_creds, creds)


 class TestPlaintext(unittest.TestCase):