openstack
/
keystone
Code Issues Proposed changes
keystone/keystone
History
Dmitriy Rabotyagov 6730c761d1 Properly trimm bcrypt hashed passwords 
bcrypt  hashing algorythm has a limitation on length of passwords it
can hash on 72 bytes. In [1] a password trimm to 54 symbols has been
implemented, which resulted in password being invalidated after the
keystone upgrade, since passwords are trimmed differently by bcrypt
itself, as well as len(str()) is not always equal to
len(str().encode()) as trimming should be done based on bytes and not
string itself.

With the change we return a byte object from
`verify_length_and_trunc_password`, so it does not need to
be encoded afterwards, since we need to strip based on bytes
rather then on length of the string.

[1] https://review.opendev.org/c/openstack/keystone/+/828595

Closes-Bug: #2028809
Related-Bug: #1901891
Change-Id: Iea95a3c2df041a0046647b3d3dadead1a6d054d1
 		2023-08-10 11:35:32 +00:00
..
api Merge "sql: Remove service_provider.relay_state_prefix default" 2023-07-11 18:35:55 +00:00
application_credential db: Replace use of reverse cascades 2023-02-28 17:26:39 +00:00
assignment db: Replace use of Query.get() 2023-02-28 17:26:39 +00:00
auth Add expiring user group memberships on mapped authentication 2020-04-07 19:30:57 -04:00
catalog db: Replace use of Query.get() 2023-02-28 17:26:39 +00:00
cmd Merge "Add default service role support to boostrap command" 2023-08-04 08:07:44 +00:00
common Properly trimm bcrypt hashed passwords 2023-08-10 11:35:32 +00:00
conf Properly trimm bcrypt hashed passwords 2023-08-10 11:35:32 +00:00
credential sql: Fix incorrect columns 2023-07-03 12:32:58 +01:00
endpoint_policy Remove six usage 2020-01-30 06:06:51 +00:00
federation Merge "sql: Remove service_provider.relay_state_prefix default" 2023-07-11 18:35:55 +00:00
identity Merge "sql: Fix incorrect columns" 2023-07-06 14:14:19 +00:00
limit Remove six usage 2020-01-30 06:06:51 +00:00
locale Imported Translations from Zanata 2023-07-20 04:46:01 +00:00
models OAuth 2.0 Mutual-TLS Support 2023-03-03 11:28:05 +09:00
oauth1 db: Replace use of Query.get() 2023-02-28 17:26:39 +00:00
oauth2 OAuth2.0 Client Credentials Grant Flow Support 2022-06-14 09:09:33 +00:00
policy db: Replace use of Query.get() 2023-02-28 17:26:39 +00:00
receipt Remove six usage 2020-01-30 06:06:51 +00:00
resource sql: Remove duplicate constraints 2023-04-06 11:23:03 +01:00
revoke requirements: Bump linter requirements 2022-10-26 15:14:21 +03:00
server Don't forget to check if authorization fails 2023-03-17 16:54:41 -05:00
tests Properly trimm bcrypt hashed passwords 2023-08-10 11:35:32 +00:00
token OAuth 2.0 Mutual-TLS Support 2023-03-03 11:28:05 +09:00
trust db: Replace use of Query.get() 2023-02-28 17:26:39 +00:00
__init__.py Revert "Disable eventlet monkey-patching of DNS" 2013-05-10 10:24:48 -04:00
exception.py OAuth2.0 Client Credentials Grant Flow Support 2022-06-14 09:09:33 +00:00
i18n.py Fix translated response 2019-08-19 14:49:37 +08:00
notifications.py Hide AccountLocked exception from end users 2021-04-23 13:43:42 -05:00
version.py Add expiring user group memberships on mapped authentication 2020-04-07 19:30:57 -04:00