ó ø¢TQc@sddlmZddlZddlZddlmZddlmZddlm Z ddl m Z ddl m Z ddlmZmZdd lmZdd lmZmZmZdd lmZd Zdadaee ƒd „ƒZd„Zddd„Z ddd„Z!dd„Z"dd„Z#d„Z$ddd„Z%de&fd„ƒYZ'de'fd„ƒYZ(de(fd„ƒYZ)de'fd„ƒYZ*d e'fd!„ƒYZ+d"e'fd#„ƒYZ,d$e'fd%„ƒYZ-d&e'fd'„ƒYZ.d(e'fd)„ƒYZ/dS(*iÿÿÿÿ(tunicode_literalsN(treceiver(tsettings(tsetting_changed(t importlib(t SortedDict(t force_bytest force_str(tImproperlyConfigured(tpbkdf2tconstant_time_comparetget_random_string(t ugettext_noopu!cKs#|ddkrdadandS(NusettinguPASSWORD_HASHERS(tNonetHASHERStPREFERRED_HASHER(tkwargs((s4../Django//lib/python/django/contrib/auth/hashers.pyt reset_hashersscCsE|dks|tkrtSyt|ƒ}Wntk r@tSXtS(N(R tUNUSABLE_PASSWORDtFalsetidentify_hashert ValueErrortTrue(tencodedthasher((s4../Django//lib/python/django/contrib/auth/hashers.pytis_password_usables udefaultcCsw| st|ƒ rtSt|ƒ}t|ƒ}|j|jk}|j||ƒ}|rs|rs|rs||ƒn|S(u½ Returns a boolean of whether the raw password matches the three part encoded digest. If setter is specified, it'll be called when you need to regenerate the password. (RRt get_hasherRt algorithmtverify(tpasswordRtsettert preferredRt must_updatet is_correct((s4../Django//lib/python/django/contrib/auth/hashers.pytcheck_password(s   cCs;|s tSt|ƒ}|s+|jƒ}n|j||ƒS(uâ Turn a plain-text password into a hash for database storage Same as encode() but generates a new random salt. If password is None or blank then UNUSABLE_PASSWORD will be returned which disallows logins. (RRtsalttencode(RR#R((s4../Django//lib/python/django/contrib/auth/hashers.pyt make_password=s  cCsþg}|stj}nx­|D]¥}y:|jddƒ\}}tj|ƒ}t||ƒ}Wn*tttfk r‹t d|ƒ‚nX|ƒ}t|dƒs·t d|ƒ‚n|j |ƒqWt g|D]}|j |f^qÒƒa |dadS(Nu.iuhasher not found: %su algorithmu,hasher doesn't specify an algorithm name: %si(RtPASSWORD_HASHERStrsplitRt import_moduletgetattrtAttributeErrort ImportErrorRRtappendtdictRRR(tpassword_hashersthasherstbackendtmod_pathtcls_nametmodt hasher_clsR((s4../Django//lib/python/django/contrib/auth/hashers.pyt load_hashersPs"    (cCszt|dƒr|S|dkr9tdkr5tƒntStdkrOtƒn|tkrntd|ƒ‚nt|SdS(uÞ Returns an instance of a loaded password hasher. If algorithm is 'default', the default hasher will be returned. This function will also lazy import hashers specified in your settings file if needed. u algorithmudefaultu\Unknown password hashing algorithm '%s'. Did you specify it in the PASSWORD_HASHERS setting?N(thasattrRR R5RR(R((s4../Django//lib/python/django/contrib/auth/hashers.pyRfs       cCs’t|ƒdkrd|ks?t|ƒdkrH|jdƒrHd}n@t|ƒdkrr|jdƒrrd}n|jdd ƒd }t|ƒS( uø Returns an instance of a loaded password hasher. Identifies hasher algorithm by examining encoded hash, and calls get_hasher() to return hasher. Raises ValueError if algorithm cannot be identified, or if hasher is not loaded. i u$i%umd5$$u unsalted_md5i.usha1$$u unsalted_sha1ii(tlent startswithtsplitR(RR((s4../Django//lib/python/django/contrib/auth/hashers.pyRs ! ! iu*cCs&|| }||t||ƒ7}|S(uˆ Returns the given hash, with only the first ``show`` number shown. The rest are masked with ``char`` for security reasons. (R7(thashtshowtchartmasked((s4../Django//lib/python/django/contrib/auth/hashers.pyt mask_hash”s tBasePasswordHashercBsGeZdZdZdZd„Zd„Zd„Zd„Z d„Z RS(uÌ Abstract base class for password hashers When creating your own hasher, you need to override algorithm, verify(), encode() and safe_summary(). PasswordHasher objects are immutable. cCs˜|jdk rt|jttfƒr9|j\}}n |j}}ytj|ƒ}Wn!tk r|td|ƒ‚nX|Std|j ƒ‚dS(Nu+Couldn't load %s password algorithm libraryu/Hasher '%s' doesn't specify a library attribute( tlibraryR t isinstancettupletlistRR(R+Rt __class__(tselftnameR1tmodule((s4../Django//lib/python/django/contrib/auth/hashers.pyt _load_libraryªs  cCstƒS(uJ Generates a cryptographically secure nonce salt in ascii (R (RE((s4../Django//lib/python/django/contrib/auth/hashers.pyR#¹scCs tƒ‚dS(u9 Checks if the given password is correct N(tNotImplementedError(RERR((s4../Django//lib/python/django/contrib/auth/hashers.pyR¿scCs tƒ‚dS(u¥ Creates an encoded database value The result is normally formatted as "algorithm$salt$hash" and must be fewer than 128 characters. N(RI(RERR#((s4../Django//lib/python/django/contrib/auth/hashers.pyR$ÅscCs tƒ‚dS(uÎ Returns a summary of safe values The result is a dictionary and will be used where the password field must be displayed to construct a safe representation of the password. N(RI(RER((s4../Django//lib/python/django/contrib/auth/hashers.pyt safe_summaryÎsN( t__name__t __module__t__doc__R RR@RHR#RR$RJ(((s4../Django//lib/python/django/contrib/auth/hashers.pyR?žs    tPBKDF2PasswordHashercBsAeZdZdZdZejZdd„Z d„Z d„Z RS(u Secure password hashing using the PBKDF2 algorithm (recommended) Configured to use PBKDF2 + HMAC + SHA256 with 10000 iterations. The result is a 64 byte binary string. Iterations may be changed safely but you must rename the algorithm if you change SHA256. u pbkdf2_sha256i'cCs†|s t‚|rd|ks$t‚|s6|j}nt|||d|jƒ}tj|ƒjdƒjƒ}d|j|||fS(Nu$tdigestuasciiu %s$%d$%s$%s( tAssertionErrort iterationsR ROtbase64t b64encodetdecodetstripR(RERR#RQR:((s4../Django//lib/python/django/contrib/auth/hashers.pyR$äs  cCs[|jddƒ\}}}}||jks3t‚|j||t|ƒƒ}t||ƒS(Nu$i(R9RRPR$tintR (RERRRRQR#R:t encoded_2((s4../Django//lib/python/django/contrib/auth/hashers.pyRíscCs…|jddƒ\}}}}||jks3t‚ttdƒ|ftdƒ|ftdƒt|ƒftdƒt|ƒfgƒS(Nu$iu algorithmu iterationsusaltuhash(R9RRPRt_R>(RERRRQR#R:((s4../Django//lib/python/django/contrib/auth/hashers.pyRJósN( RKRLRMRRQthashlibtsha256ROR R$RRJ(((s4../Django//lib/python/django/contrib/auth/hashers.pyRNØs  tPBKDF2SHA1PasswordHashercBseZdZdZejZRS(uË Alternate PBKDF2 hasher which uses SHA1, the default PRF recommended by PKCS #5. This is compatible with other implementations of PBKDF2, such as openssl's PKCS5_PBKDF2_HMAC_SHA1(). u pbkdf2_sha1(RKRLRMRRYtsha1RO(((s4../Django//lib/python/django/contrib/auth/hashers.pyR[þstBCryptPasswordHashercBsDeZdZdZdZdZd„Zd„Zd„Zd„Z RS( u) Secure password hashing using the bcrypt algorithm (recommended) This is considered by many to be the most secure algorithm but you must first install the py-bcrypt library. Please be warned that this library depends on native C code and might cause portability issues. ubcryptu py-bcrypti cCs|jƒ}|j|jƒS(N(RHtgensalttrounds(REtbcrypt((s4../Django//lib/python/django/contrib/auth/hashers.pyR#s cCs5|jƒ}|jt|ƒ|ƒ}d|j|fS(Nu%s$%s(RHthashpwRR(RERR#R`tdata((s4../Django//lib/python/django/contrib/auth/hashers.pyR$s cCsX|jddƒ\}}||jks-t‚|jƒ}t||jt|ƒ|ƒƒS(Nu$i(R9RRPRHR RaR(RERRRRbR`((s4../Django//lib/python/django/contrib/auth/hashers.pyR!s c Cs|jddƒ\}}}}}||jks6t‚|d |d}}ttdƒ|ftdƒ|ftdƒt|ƒftdƒt|ƒfgƒS(Nu$iiu algorithmu work factorusaltuchecksum(R9RRPRRXR>( RERRtemptytalgostrt work_factorRbR#tchecksum((s4../Django//lib/python/django/contrib/auth/hashers.pyRJ's!(u py-bcryptubcrypt( RKRLRMRR@R_R#R$RRJ(((s4../Django//lib/python/django/contrib/auth/hashers.pyR] s   tSHA1PasswordHashercBs/eZdZdZd„Zd„Zd„ZRS(u? The SHA1 password hashing algorithm (not recommended) usha1cCsW|s t‚|rd|ks$t‚tjt||ƒƒjƒ}d|j||fS(Nu$u%s$%s$%s(RPRYR\Rt hexdigestR(RERR#R:((s4../Django//lib/python/django/contrib/auth/hashers.pyR$9s cCsO|jddƒ\}}}||jks0t‚|j||ƒ}t||ƒS(Nu$i(R9RRPR$R (RERRRR#R:RW((s4../Django//lib/python/django/contrib/auth/hashers.pyR?scCsy|jddƒ\}}}||jks0t‚ttdƒ|ftdƒt|ddƒftdƒt|ƒfgƒS(Nu$iu algorithmusaltR;uhash(R9RRPRRXR>(RERRR#R:((s4../Django//lib/python/django/contrib/auth/hashers.pyRJEs (RKRLRMRR$RRJ(((s4../Django//lib/python/django/contrib/auth/hashers.pyRg3s   tMD5PasswordHashercBs/eZdZdZd„Zd„Zd„ZRS(uE The Salted MD5 password hashing algorithm (not recommended) umd5cCsW|s t‚|rd|ks$t‚tjt||ƒƒjƒ}d|j||fS(Nu$u%s$%s$%s(RPRYtmd5RRhR(RERR#R:((s4../Django//lib/python/django/contrib/auth/hashers.pyR$Us cCsO|jddƒ\}}}||jks0t‚|j||ƒ}t||ƒS(Nu$i(R9RRPR$R (RERRRR#R:RW((s4../Django//lib/python/django/contrib/auth/hashers.pyR[scCsy|jddƒ\}}}||jks0t‚ttdƒ|ftdƒt|ddƒftdƒt|ƒfgƒS(Nu$iu algorithmusaltR;uhash(R9RRPRRXR>(RERRR#R:((s4../Django//lib/python/django/contrib/auth/hashers.pyRJas (RKRLRMRR$RRJ(((s4../Django//lib/python/django/contrib/auth/hashers.pyRiOs   tUnsaltedSHA1PasswordHashercBs8eZdZdZd„Zd„Zd„Zd„ZRS(u8 Very insecure algorithm that you should *never* use; stores SHA1 hashes with an empty salt. This class is implemented because Django used to accept such password hashes. Some older Django installs still have these values lingering around so we need to handle and upgrade them properly. u unsalted_sha1cCsdS(Nu((RE((s4../Django//lib/python/django/contrib/auth/hashers.pyR#vscCs5|dkst‚tjt|ƒƒjƒ}d|S(Nuusha1$$%s(RPRYR\RRh(RERR#R:((s4../Django//lib/python/django/contrib/auth/hashers.pyR$yscCs|j|dƒ}t||ƒS(Nu(R$R (RERRRW((s4../Django//lib/python/django/contrib/auth/hashers.pyR~scCsP|jdƒst‚|d}ttdƒ|jftdƒt|ƒfgƒS(Nusha1$$iu algorithmuhash(R8RPRRXRR>(RERR:((s4../Django//lib/python/django/contrib/auth/hashers.pyRJ‚s  (RKRLRMRR#R$RRJ(((s4../Django//lib/python/django/contrib/auth/hashers.pyRkks    tUnsaltedMD5PasswordHashercBs8eZdZdZd„Zd„Zd„Zd„ZRS(u¤ Incredibly insecure algorithm that you should *never* use; stores unsalted MD5 hashes without the algorithm prefix, also accepts MD5 hashes with an empty salt. This class is implemented because Django used to store passwords this way and to accept such password hashes. Some older Django installs still have these values lingering around so we need to handle and upgrade them properly. u unsalted_md5cCsdS(Nu((RE((s4../Django//lib/python/django/contrib/auth/hashers.pyR#˜scCs+|dkst‚tjt|ƒƒjƒS(Nu(RPRYRjRRh(RERR#((s4../Django//lib/python/django/contrib/auth/hashers.pyR$›scCsMt|ƒdkr.|jdƒr.|d}n|j|dƒ}t||ƒS(Ni%umd5$$iu(R7R8R$R (RERRRW((s4../Django//lib/python/django/contrib/auth/hashers.pyRŸs! cCs7ttdƒ|jftdƒt|ddƒfgƒS(Nu algorithmuhashR;i(RRXRR>(RER((s4../Django//lib/python/django/contrib/auth/hashers.pyRJ¥s(RKRLRMRR#R$RRJ(((s4../Django//lib/python/django/contrib/auth/hashers.pyRl‹s     tCryptPasswordHashercBs>eZdZdZdZd„Zd„Zd„Zd„ZRS(uv Password hashing using UNIX crypt (not recommended) The crypt module is not supported on all platforms. ucryptcCs tdƒS(Ni(R (RE((s4../Django//lib/python/django/contrib/auth/hashers.pyR#µscCsP|jƒ}t|ƒdks$t‚|jt|ƒ|ƒ}d|jd|fS(Niu%s$%s$%su(RHR7RPtcryptRR(RERR#RnRb((s4../Django//lib/python/django/contrib/auth/hashers.pyR$¸s cCs[|jƒ}|jddƒ\}}}||jks<t‚t||jt|ƒ|ƒƒS(Nu$i(RHR9RRPR RnR(RERRRnRR#Rb((s4../Django//lib/python/django/contrib/auth/hashers.pyR¿s cCss|jddƒ\}}}||jks0t‚ttdƒ|ftdƒ|ftdƒt|ddƒfgƒS(Nu$iu algorithmusaltuhashR;i(R9RRPRRXR>(RERRR#Rb((s4../Django//lib/python/django/contrib/auth/hashers.pyRJÅs ( RKRLRMRR@R#R$RRJ(((s4../Django//lib/python/django/contrib/auth/hashers.pyRm¬s   (0t __future__RRRRYtdjango.dispatchRt django.confRtdjango.test.signalsRt django.utilsRtdjango.utils.datastructuresRtdjango.utils.encodingRRtdjango.core.exceptionsRtdjango.utils.cryptoR R R tdjango.utils.translationR RXRR RRRRR"R%R5RRR>tobjectR?RNR[R]RgRiRkRlRm(((s4../Django//lib/python/django/contrib/auth/hashers.pyts>       :& * !