a fWc}'@sdZddlZddlZeeZddlmZddlm Z m Z ddl m Z m Z mZddlmmZgdZGdddejjejZe d Zd ZGd d d ejjejZGd ddejZdS)z.passlib.handlers.misc - misc generic handlers N)warn) to_native_str str_consteq)unicodeuunicode_or_bytes_types) unix_disabled unix_fallback plaintextcsLeZdZdZdZdZeddZd fdd Zdd Z ed d d Z Z S)r aThis class provides the fallback behavior for unix shadow files, and follows the :ref:`password-hash-api`. This class does not implement a hash, but instead provides fallback behavior as found in /etc/shadow on most unix variants. If used, should be the last scheme in the context. * this class will positively identify all hash strings. * for security, passwords will always hash to ``!``. * it rejects all passwords if the hash is NOT an empty string (``!`` or ``*`` are frequently used). * by default it rejects all passwords if the hash is an empty string, but if ``enable_wildcard=True`` is passed to verify(), all passwords will be allowed through if the hash is an empty string. .. deprecated:: 1.6 This has been deprecated due to its "wildcard" feature, and will be removed in Passlib 1.8. Use :class:`unix_disabled` instead. )enable_wildcardcCs t|trdStj|ddSNThash isinstanceruhexcExpectedStringErrorclsr r9/usr/lib/python3.9/site-packages/passlib/handlers/misc.pyidentify.s zunix_fallback.identifyFc s*tdttt|jfi|||_dS)Nzf'unix_fallback' is deprecated, and will be removed in Passlib 1.8; please use 'unix_disabled' instead.)rDeprecationWarningsuperr __init__r )selfr kwds __class__rrr5s zunix_fallback.__init__cCs|jr |jStdSdS)N!)Zchecksumr)rsecretrrr_calc_checksum=szunix_fallback._calc_checksumcCs4t|t|ts$tj|dn |r,dS|SdS)Nr F)rvalidate_secretrrrr)rr r r rrrverifyEs   zunix_fallback.verify)F)F) __name__ __module__ __qualname____doc__name context_kwds classmethodrrr!r# __classcell__rrrrr s r z*!s*!cseZdZdZdZdZdZeee Z de j vr8e dZne dZedfdd Zed d Zed d ZeddZejdddedddZedddZeddZZS)raThis class provides disabled password behavior for unix shadow files, and follows the :ref:`password-hash-api`. This class does not implement a hash, but instead matches the "disabled account" strings found in ``/etc/shadow`` on most Unix variants. "encrypting" a password will simply return the disabled account marker. It will reject all passwords, no matter the hash string. The :meth:`~passlib.ifc.PasswordHash.hash` method supports one optional keyword: :type marker: str :param marker: Optional marker string which overrides the platform default used to indicate a disabled account. If not specified, this will default to ``"*"`` on BSD systems, and use the Linux default ``"!"`` for all other platforms. (:attr:`!unix_disabled.default_marker` will contain the default value) .. versionadded:: 1.6 This class was added as a replacement for the now-deprecated :class:`unix_fallback` class, which had some undesirable features. markerrZbsd*rNc s>tt|jfi|}|dur:||s4td|||_|S)Nzinvalid marker: %r)rrusingr ValueErrordefault_marker)rr-rsubclsrrrr/xs   zunix_disabled.usingcCs@t|trt}nt|tr t}ntj|d| p>|d|vS)Nr r)rr _MARKER_CHARSbytes _MARKER_BYTESrrr)rr startrrrrs   zunix_disabled.identifycCs$t|||s tj|dS)NF)rr"rrInvalidHashError)rr r rrrr#s   zunix_disabled.verifycKsB|r&t|||jfi||St||j}t|ddS)Nr-Zparam)rZwarn_hash_settings_deprecationr/r r"r1r)rr rr-rrrr s   zunix_disabled.hash1.72.0Z deprecatedZremovedcCsT||stj|n8|r2t|t|ddS|durF|j|d}||SdS)Nconfigr8r,)rrrr7r"rr/r )rr r<r-rrrgenhashs    zunix_disabled.genhashcCsB|d}|dur>t|dd}||r2||}|r>||7}|S)Nr r8)r rrenable)rr outrrrdisables    zunix_disabled.disablecCsVt|dd}|jD]2}||r|t|d}|r<|Stdqtj|dS)Nr r8zcannot restore original hash)r_disable_prefixes startswithlenr0rrr7)rr prefixZorigrrrr?s    zunix_disabled.enable)N)N)N)r$r%r&r'r( setting_kwdsr)tuplestrr3rBsysplatformrr1r*r/rr#r rdeprecated_methodr=rAr?r+rrrrrRs.        rc@s~eZdZdZdZdZdZdZeddZ eddd Z edd d Z e j d d deddZe j d d dedddZdS)r a~This class stores passwords in plaintext, and follows the :ref:`password-hash-api`. The :meth:`~passlib.ifc.PasswordHash.hash`, :meth:`~passlib.ifc.PasswordHash.genhash`, and :meth:`~passlib.ifc.PasswordHash.verify` methods all require the following additional contextual keyword: :type encoding: str :param encoding: This controls the character encoding to use (defaults to ``utf-8``). This encoding will be used to encode :class:`!unicode` passwords under Python 2, and decode :class:`!bytes` hashes under Python 3. .. versionchanged:: 1.6 The ``encoding`` keyword was added. rencodingzutf-8cCs t|trdStj|ddSr rrrrrrs zplaintext.identifyNcCs t||s|j}t||dS)Nr )rr"default_encodingr)rr rMrrrr s zplaintext.hashcCs>|s |j}t||d}||s,tj|t||||S)Nr )rNrrrrr7rr )rr r rMrrrr#s    zplaintext.verifyr9r:r;cCs |dS)Nr>)r )rrrr genconfigszplaintext.genconfigcCs$||stj||j||dS)NrL)rrrr7r )rr r<rMrrrr=s  zplaintext.genhash)N)N)N)r$r%r&r'r(rFr)rNr*rr r#rrKrOr=rrrrr s"      r )r'rIZloggingZ getLoggerr$logwarningsrZ passlib.utilsrrZpasslib.utils.compatrrrZpasslib.utils.handlersZutilshandlersr__all__ZifcZ DisabledHashZ StaticHandlerr r3r5ZMinimalHandlerrr rrrrs  6~