XR_NddZddlmZddlmZddlmZmZmZddl Z e j e Z ddl mZddlmZmZmZmZddlmZmZmZdd lmZdd lmZmZmZmZdd lm Z ddl!m"cm#Z$gd Z%da&d Z'dZ(Gdde$j)e$j*Z+Gdde$j,e+Z-Gdde+Z.Gdde+Z/e$j0deededdZ1de1_2e1xj3dz c_3GddeZ4Gdd e-Z5Gd!d"e5Z6e$j0d#ej7d$%ed&ed'd()Z8d&e8_2e8xj3dz c_3Gd*d+e$j9e$j)e$j*Z:Gd,d-e$j;j<e$j=Z>dS).z5passlib.handlers.django- Django password hash support) b64encode)hexlify)md5sha1sha256N)_wrapped_bcrypt)argon2bcrypt pbkdf2_sha1 pbkdf2_sha256) to_unicoderng getrandstr) BASE64_CHARS) str_to_uascii uascii_to_strunicodeu) pbkdf2_hmac)django_salted_sha1django_salted_md5 django_bcryptdjango_pbkdf2_sha1django_pbkdf2_sha256 django_argon2django_des_cryptdjango_disabledc*tddlmatS)Nr) des_crypt)r passlib.hash9/usr/lib/python3/dist-packages/passlib/handlers/django.py_import_des_cryptr$&s ****** r">abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789cLeZdZdZdZdZdZeZe j Z e dZ dZdS)DjangoSaltedHashz2base class providing common code for django hashes)salt salt_size NcZtj||j|\}}|||S)Nhandlerr(checksum)uh parse_mc2identclshashr(chks r# from_stringzDjangoSaltedHash.from_stringBs3Lsy#>>> css++++r"cLtj|j|j|jSN)r0 render_mc2r2r(r/selfs r# to_stringzDjangoSaltedHash.to_stringGs}TZDMBBBr")__name__ __module__ __qualname____doc__ setting_kwdsdefault_salt_size max_salt_size SALT_CHARS salt_charsr0LOWER_HEX_CHARSchecksum_chars classmethodr7r=r!r"r#r'r'2sh<<)L MJ'N,,[,CCCCCr"r'cFeZdZdZejdzZdZedZdZ dS)DjangoVariableHashzEbase class providing common code for django hashes w/ variable rounds)roundsc^tj||j|\}}}||||S)Nr,)rLr(r/)r0 parse_mc3r2)r4r5rLr(r6s r#r7zDjangoVariableHash.from_stringQs8Lsy#FFFcs&tc::::r"cXtj|j|j|j|jSr9)r0 render_mc3r2rLr(r/r;s r#r=zDjangoVariableHash.to_stringVs }TZdiOOOr"N) r>r?r@rAr'rB min_roundsrIr7r=r!r"r#rKrKKsYOO#0;>LJ;;[;PPPPPr"rKc:eZdZdZdZdZedZdZdZ dS)raThis class implements Django's Salted SHA1 hash, and follows the :ref:`password-hash-api`. It supports a variable-length salt, and uses a single round of SHA1. The :meth:`~passlib.ifc.PasswordHash.hash` and :meth:`~passlib.ifc.PasswordHash.genconfig` methods accept the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, a 12 character one will be autogenerated (this is recommended). If specified, may be any series of characters drawn from the regexp range ``[0-9a-zA-Z]``. :type salt_size: int :param salt_size: Optional number of characters to use when autogenerating new salts. Defaults to 12, but can be any positive value. This should be compatible with Django 1.4's :class:`!SHA1PasswordHasher` class. .. versionchanged: 1.6 This class now generates 12-character salts instead of 5, and generated salts uses the character range ``[0-9a-zA-Z]`` instead of the ``[0-9a-f]``. This is to be compatible with how Django >= 1.4 generates these hashes; but hashes generated in this manner will still be correctly interpreted by earlier versions of Django. rzsha1$(ct|tr|d}tt |jd|zSNutf-8ascii) isinstancerencoderrr( hexdigestr<secrets r#_calc_checksumz!django_salted_sha1._calc_checksumys\ fg & & ,]]7++FT$)"2"27";";f"DEEOOQQRRRr"N r>r?r@rAname django_namerr2 checksum_sizer^r!r"r#rrYsP4 DK AgJJEMSSSSSr"rc:eZdZdZdZdZedZdZdZ dS)raThis class implements Django's Salted MD5 hash, and follows the :ref:`password-hash-api`. It supports a variable-length salt, and uses a single round of MD5. The :meth:`~passlib.ifc.PasswordHash.hash` and :meth:`~passlib.ifc.PasswordHash.genconfig` methods accept the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, a 12 character one will be autogenerated (this is recommended). If specified, may be any series of characters drawn from the regexp range ``[0-9a-zA-Z]``. :type salt_size: int :param salt_size: Optional number of characters to use when autogenerating new salts. Defaults to 12, but can be any positive value. This should be compatible with the hashes generated by Django 1.4's :class:`!MD5PasswordHasher` class. .. versionchanged: 1.6 This class now generates 12-character salts instead of 5, and generated salts uses the character range ``[0-9a-zA-Z]`` instead of the ``[0-9a-f]``. This is to be compatible with how Django >= 1.4 generates these hashes; but hashes generated in this manner will still be correctly interpreted by earlier versions of Django. rzmd5$ ct|tr|d}tt |jd|zSrV)rYrrZrrr(r[r\s r#r^z django_salted_md5._calc_checksums\ fg & & ,]]7++FS!1!1'!:!:V!CDDNNPPQQQr"Nr_r!r"r#rr~sP6 DK AfIIEMRRRRRr"rrzbcrypt$aThis class implements Django 1.4's BCrypt wrapper, and follows the :ref:`password-hash-api`. This is identical to :class:`!bcrypt` itself, but with the Django-specific prefix ``"bcrypt$"`` prepended. See :doc:`/lib/passlib.hash.bcrypt` for more details, the usage and behavior is identical. This should be compatible with the hashes generated by Django 1.4's :class:`!BCryptPasswordHasher` class. .. versionadded:: 1.6 )prefixr2docr )rac~eZdZdZdZdZeZedZ e dZ e fdZ fdZ fdZxZS)django_bcrypt_sha256aThis class implements Django 1.6's Bcrypt+SHA256 hash, and follows the :ref:`password-hash-api`. It supports a variable-length salt, and a variable number of rounds. While the algorithm and format is somewhat different, the api and options for this hash are identical to :class:`!bcrypt` itself, see :doc:`bcrypt ` for more details. .. versionadded:: 1.6.2 bcrypt_sha256zbcrypt_sha256$cftj|}|sdS||jSNF)r0to_unicode_for_identify startswith django_prefixr4r5s r#identifyzdjango_bcrypt_sha256.identifys4)$// 5s0111r"ct|dd}||jstj||t |jd}|dstj|tt| |S)NrXr5z$2) r rnror0excInvalidHashErrorlenMalformedHashErrorsuperrir7)r4r5bhash __class__s r#r7z django_bcrypt_sha256.from_strings$00s011 /&))#.. .S*++,,-%% 1&++C00 0)3//;;EBBBr"ctt|}t|j|zSr9)rwrir=rro)r<rxrys r#r=zdjango_bcrypt_sha256.to_strings5*D11;;==T/00588r"ct|tr|d}t||}t t||S)NrW) rYrrZr_digestdigestrwrir^)r<r]rys r#r^z#django_bcrypt_sha256._calc_checksumsj fg & & ,]]7++Ff--446677)400??GGGr")r>r?r@rAr`rarr|rrorIrqr7r=r^ __classcell__)rys@r#riris   "D!KGA&''M22[2 CCCC[C99999HHHHHHHHHr"ricbeZdZdZdZdZedZdZdZ e j Z dZ ejZdZdZd S) raThis class implements Django's PBKDF2-HMAC-SHA256 hash, and follows the :ref:`password-hash-api`. It supports a variable-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, a 12 character one will be autogenerated (this is recommended). If specified, may be any series of characters drawn from the regexp range ``[0-9a-zA-Z]``. :type salt_size: int :param salt_size: Optional number of characters to use when autogenerating new salts. Defaults to 12, but can be any positive value. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 29000, but must be within ``range(1,1<<32)``. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. This should be compatible with the hashes generated by Django 1.4's :class:`!PBKDF2PasswordHasher` class. .. versionadded:: 1.6 r zpbkdf2_sha256$rMl,rct|j||j|j}t |dS)NrX)rr|r(rLrrstripdecode)r<r]r5s r#r^z#django_pbkdf2_sha256._calc_checksum#sA4<DKHH%%''..w777r"N)r>r?r@rAr`rarr2 min_salt_size max_roundsr0PADDED_BASE64_CHARSrHrbr default_roundsr|r^r!r"r#rrsn""F "D!K A  EMJ+NM"1NG88888r"rcFeZdZdZdZdZedZdZe j Z dZ dS)raThis class implements Django's PBKDF2-HMAC-SHA1 hash, and follows the :ref:`password-hash-api`. It supports a variable-length salt, and a variable number of rounds. The :meth:`~passlib.ifc.PasswordHash.using` method accepts the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, a 12 character one will be autogenerated (this is recommended). If specified, may be any series of characters drawn from the regexp range ``[0-9a-zA-Z]``. :type salt_size: int :param salt_size: Optional number of characters to use when autogenerating new salts. Defaults to 12, but can be any positive value. :type rounds: int :param rounds: Optional number of rounds to use. Defaults to 131000, but must be within ``range(1,1<<32)``. :type relaxed: bool :param relaxed: By default, providing an invalid value for one of the other keywords will result in a :exc:`ValueError`. If ``relaxed=True``, and the error can be corrected, a :exc:`~passlib.exc.PasslibHashWarning` will be issued instead. Correctable errors include ``rounds`` that are too small or too large, and ``salt`` strings that are too long. This should be compatible with the hashes generated by Django 1.4's :class:`!PBKDF2SHA1PasswordHasher` class. .. versionadded:: 1.6 r z pbkdf2_sha1$rN) r>r?r@rAr`rarr2rbr rr|r!r"r#rr(sF""F DK An  EM /NGGGr"rrI)typer zargon2$argon2i$aThis class implements Django 1.10's Argon2 wrapper, and follows the :ref:`password-hash-api`. This is identical to :class:`!argon2` itself, but with the Django-specific prefix ``"argon2$"`` prepended. See :doc:`argon2 ` for more details, the usage and behavior is identical. This should be compatible with the hashes generated by Django 1.10's :class:`!Argon2PasswordHasher` class. .. versionadded:: 1.7 )r`wrappedrfr2rgc|eZdZdZdZdZdZedZe j xZ Z dZ dxZZdZdZed Zd Zd Zd S) raThis class implements Django's :class:`des_crypt` wrapper, and follows the :ref:`password-hash-api`. It supports a fixed-length salt. The :meth:`~passlib.ifc.PasswordHash.hash` and :meth:`~passlib.ifc.PasswordHash.genconfig` methods accept the following optional keywords: :type salt: str :param salt: Optional salt string. If not specified, one will be autogenerated (this is recommended). If specified, it must be 2 characters, drawn from the regexp range ``[./0-9A-Za-z]``. :param bool truncate_error: By default, django_des_crypt will silently truncate passwords larger than 8 bytes. Setting ``truncate_error=True`` will cause :meth:`~passlib.ifc.PasswordHash.hash` to raise a :exc:`~passlib.exc.PasswordTruncateError` instead. .. versionadded:: 1.7 This should be compatible with the hashes generated by Django 1.4's :class:`!CryptPasswordHasher` class. Note that Django only supports this hash on Unix systems (though :class:`!django_des_crypt` is available cross-platform under Passlib). .. versionchanged:: 1.6 This class will now accept hashes with empty salt strings, since Django 1.4 generates them this way. crypt)r(r)truncate_errorzcrypt$ Tctj||j|\}}|rM|s |dd}n6|dd|ddkr tj|d|dd}|||S)Nr,rz0first two digits of salt and checksum must matchr.)r0r1r2rsrvr3s r#r7zdjango_des_crypt.from_stringsLsy#>>> c   H2A2wbqbS!W$$f//FHHHabb'Css++++r"c|j}|dd|jz}|jrtj|j||Stj|jd|S)Nr)r(r/use_duplicate_saltr0r:r2)r<r(r6s r#r=zdjango_des_crypt.to_stringsVy2A2h&  " 6=T377 7=R55 5r"ctt|jr||t|jdd|S)Nr)r()rr$ use_defaults_check_truncate_policyr(r^r\s r#r^zdjango_des_crypt._calc_checksums^         0  ' ' / / /dim,,,;;FCCCr"N)r>r?r@rAr`rarBrr2r0 HASH64_CHARSrHrFrbrrC truncate_sizerrIr7r=r^r!r"r#rrts: DK:L AhKKE"$/1NZM())M%M,,[,$666 D D D D Dr"rcbeZdZdZdZedZdZedZ dZ edZ dS)raFThis class provides disabled password behavior for Django, and follows the :ref:`password-hash-api`. This class does not implement a hash, but instead claims the special hash string ``"!"`` which Django uses to indicate an account's password has been disabled. * newly encrypted passwords will hash to ``"!"``. * it rejects all passwords. .. note:: Django 1.6 prepends a randomly generated 40-char alphanumeric string to each unusuable password. This class recognizes such strings, but for backwards compatibility, still returns ``"!"``. See ``_ for why Django appends an alphanumeric string. .. versionchanged:: 1.6.2 added Django 1.6 support .. versionchanged:: 1.7 started appending an alphanumeric string. !rTc^tj|}||jSr9)r0rmrn _hash_prefixrps r#rqzdjango_disabled.identifys')$//s/000r"cRtttdd|jS)N)rrr suffix_lengthr\s r#r^zdjango_disabled._calc_checksums #|CRC0$2DEEEr"ctj|||stj|dSrl)r0validate_secretrqrsrt)r4r]r5s r#verifyzdjango_disabled.verifysB 6"""||D!! /&))#.. .ur"N) r>r?r@rAr`rrrrIrqr^rr!r"r#rrs, D1S66LM11[1FFF[r"r)?rAbase64rbinasciirhashlibrrrlogging getLoggerr>logpasslib.handlers.bcryptrr r r r r passlib.utilsr rrpasslib.utils.binaryrpasslib.utils.compatrrrrpasslib.crypto.digestrpasslib.utils.handlersutilshandlersr0__all__rr$rEHasSaltGenericHandlerr' HasRoundsrKrr PrefixWrapperrra_using_clone_attrsrirrusingr TruncateMixinrifc DisabledHash StaticHandlerrr!r"r#rs;; %%%%%%%%%%'g'11433333CCCCCCCCCCCC5555555555------IIIIIIIIIIII------#########     N CCCCCrz2#4CCC2 P P P P P'7 P P P#S#S#S#S#S)#S#S#SJ$R$R$R$R$R($R$R$RT! & 1Y<