cryptacular / cryptacular / bcrypt / __init__.py

# Copyright (c) 2009 Daniel Holth <dholth@fastmail.fm>
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the 'Software'), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.

__all__ = ['BCRYPTPasswordManager']


import os
import re

from cryptacular.bcrypt._bcrypt import crypt_rn, crypt_gensalt_rn
from cryptacular.core import _cmp, check_unicode


class BCRYPTPasswordManager(object):

    _scheme = 'BCRYPT'
    _prefix = '$2a$'
    _rounds = 10

    _bcrypt_syntax = re.compile('\$2a\$[0-9]{2}\$[./A-Za-z0-9]{53}')

    def encode(self, text, rounds=None):
        '''Hash a password using bcrypt.

        Note: only the first 72 characters of password are significant.
        '''
        rounds = rounds or self._rounds
        settings = crypt_gensalt_rn(self._prefix, rounds, os.urandom(16))
        if settings is None:
            raise ValueError('_bcrypt.crypt_gensalt_rn returned None')

        encoded = crypt_rn(check_unicode(text), settings)
        if encoded is None:
            raise ValueError('_bcrypt.crypt_rn returned None')

        return encoded

    def check(self, encoded, text):
        '''Check a bcrypt password hash against a password.
        '''
        if not self.match(encoded):
            return False

        encoded_text = crypt_rn(check_unicode(text), encoded)
        if encoded_text is None:
            raise ValueError('_bcrypt.crypt_rn returned None')

        return _cmp(encoded_text, check_unicode(encoded))

    def match(self, hash):
        '''Return True if hash looks like a BCRYPT password hash.
        '''
        return self._bcrypt_syntax.match(hash) is not None
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.