o 5 hE@sdZddlmZddlZeeZddlZddlm Z ddl m Z m Z ddl mZddlmZddlmZdd lmZmZmZdd lmZdd lmZmZmZmZd d gZeZ dZ!dZ"dZ#dZ$dZ%GdddeZ&e'Z(ddZ)e)Z*ddZ+e+Z,Gdd d e&Z-Gdd d e&Z.dS)z(passlib.apache - apache password support)with_statementN)warn)excregistry) CryptContext)ExpectedStringError)htdigest) render_bytesto_bytesis_ascii_codec)deprecated_method) join_bytesunicodeBytesIOPY3 HtpasswdFile HtdigestFile:#s: skippedrecordc@seZdZdZdZdZdZdZdZdZ dZ e ddZ e ddZ ddddd efd d Zd d ZeddZejddZeddZddZd2ddZddZddZddZddZdd Zd3d!d"Zd#d$Zd%d&Zd'd(Zd)d*Z d+d,Z!d4d.d/Z"d0d1Z#dS)5 _CommonFilez0common framework for HtpasswdFile & HtdigestFileNFcKs,d|vrtd|di|}|||S)zcreate new object from raw string. :type data: unicode or bytes :arg data: database to load, as single string. :param \*\*kwds: all other keywords are the same as in the class constructor pathz$'path' not accepted by from_string()N) TypeError load_string)clsdatakwdsselfrrb/var/www/html/construction_image-detection-poc/venv/lib/python3.10/site-packages/passlib/apache.py from_stringKs   z_CommonFile.from_stringcKs|di|}|||S)zcreate new object from file, without binding object to file. :type path: str :arg path: local filepath to load from :param \*\*kwds: all other keywords are the same as in the class constructor Nr)load)rrrrrrr from_path\s z_CommonFile.from_pathTutf-8cCs|stdtddd}d}nt|std||_||_||_||_d|_|s0tdtddd }|r:|s:| dSi|_ g|_ dS) Nz``encoding=None`` is deprecated as of Passlib 1.6, and will cause a ValueError in Passlib 1.8, use ``return_unicode=False`` instead. stacklevelr$Fz'encoding must be 7-bit ascii compatiblerzp``autoload=False`` is deprecated as of Passlib 1.6, and will be removed in Passlib 1.8, use ``new=True`` insteadT) rDeprecationWarningr ValueErrorencodingreturn_unicodeautosave_path_mtimer"_records_source)rrnewautoloadr,r*r+rrr __init__ns,  z_CommonFile.__init__cCsTd}|jr |d7}|jr|d|j7}|jdkr|d|j7}d|jjt||fS)Nz autosave=Truez path=%rr$z encoding=%rz <%s 0x%0x%s>)r,r-r* __class____name__id)rtailrrr __repr__s z_CommonFile.__repr__cC|jSN)r-rrrr rsz_CommonFile.pathcCs||jkrd|_||_dS)Nr)r-r.rvaluerrr rs  cCr:)z7modify time when last loaded (if bound to a local file))r.r<rrr mtimesz_CommonFile.mtimecCs<|js td||jr|jtj|jkrdS|dS)zBReload from ``self.path`` only if file has changed since last loadz%r is not bound to a local fileFT)r- RuntimeErrorr.osrgetmtimer"r<rrr load_if_changeds  z_CommonFile.load_if_changedcCs|dur$t|d}d|_||Wdd S1swYd S|s8tdt|jjdtdd|S|j rat|j d}t j |j |_||Wdd S1sZwYd St d|jj) aLoad state from local file. If no path is specified, attempts to load from ``self.path``. :type path: str :arg path: local file to load from :type force: bool :param force: if ``force=False``, only load from ``self.path`` if file has changed since last load. .. deprecated:: 1.6 This keyword will be removed in Passlib 1.8; Applications should use :meth:`load_if_changed` instead. Nrbrz%(name)s.load(force=False) is deprecated as of Passlib 1.6,and will be removed in Passlib 1.8; use %(name)s.load_if_changed() instead.)namer%r&z2%s().path is not set, an explicit path is requiredT)openr. _load_linesrdictr5r6r(rCr-rArrBr@)rrforcefhrrr r"s4      z_CommonFile.loadcCs&t||jd}d|_|t|dS)z@Load state from unicode or bytes string, replacing current staterrN)r r*r.rGr)rrrrr rsz_CommonFile.load_stringc Cs|j}i}g}d}t|D]C\}}|}|r|tr!||7}q |||d\} } | |vr:td| ||7}q |rE|t|fd}| || <|t | fq | r\|t|f||_ ||_ dS)zload from sequence of listsz1username occurs multiple times in source file: %rN) _parse_record enumeratelstrip startswith_BHASHlogwarningappend_SKIPPED_RECORDrstripr/r0) rlinesparserecordssourceridxlinetmpkeyr>rrr rGs. z_CommonFile._load_linescCtd)z)parse line of file into (key, value) pair!should be implemented in subclassNotImplementedError)rrlinenorrr rM z_CommonFile._parse_recordcCs.|j}||v}|||<|s|jt|f|S)z helper for setting record which takes care of inserting source line if needed; :returns: bool if key already present )r/r0rTrV)rr_r>rZexistingrrr _set_records z_CommonFile._set_recordcCs |jr |jr|dSdSdS)z0subclass helper to call save() after any changesN)r,r-saver<rrr _autosave!s  z_CommonFile._autosavecCs||dur#t|d}||WddS1swYdS|jr6||jtj|j|_dSt d|j j )zhSave current state to file. If no path is specified, attempts to save to ``self.path``. Nwbz%%s().path is not set, cannot autosave) rF writelines _iter_linesr-rhrArrBr.r@r5r6)rrrJrrr rh&s " z_CommonFile.savecCs t|S)z)Export current state as a string of bytes)r rlr<rrr to_string4 z_CommonFile.to_stringccs~|j} t|}|jD]&\}}|tkr|Vq |tksJ||vr#q ||||V ||q |r=Jd|fdS)z#iterator yielding lines of databaseTz'failed to write all records: missing=%rN)r/setr0rUrV_render_recordremove)rrZpendingactioncontentrrr rl@s  z_CommonFile._iter_linescCr`)z,given key/value pair, encode as line of filerarb)rr_r>rrr rp[rez_CommonFile._render_recordcC ||dS)z)user-specific wrapper for _encode_field()user _encode_fieldrrvrrr _encode_userbrnz_CommonFile._encode_usercCru)z*realm-specific wrapper for _encode_field()realmrwrr{rrr _encode_realmfrnz_CommonFile._encode_realmfieldcCsnt|tr ||j}n t|tst||t|dkr$td||ftdd|Dr5td||f|S)a+convert field to internal representation. internal representation is always bytes. byte strings are left as-is, unicode strings encoding using file's default encoding (or ``utf-8`` if no encoding has been specified). :raises UnicodeEncodeError: if unicode value cannot be encoded using default encoding. :raises ValueError: if resulting byte string contains a forbidden character, or is too long (>255 bytes). :returns: encoded identifer as bytes z%%s must be at most 255 characters: %rcss|]}|tvVqdSr;)_INVALID_FIELD_CHARS).0crrr z,_CommonFile._encode_field..z"%s contains invalid characters: %r) isinstancerencoder*bytesrlenr)any)rr>paramrrr rxjs    z_CommonFile._encode_fieldcCs(t|ts Jd|jr||jS|S)aWdecode field from internal representation to format returns by users() method, etc. :raises UnicodeDecodeError: if unicode value cannot be decoded using default encoding. (usually indicates wrong encoding set for file). :returns: field as unicode or bytes, as appropriate. zexpected value to be bytes)rrr+decoder*r=rrr _decode_fields  z_CommonFile._decode_field)NTr;)r~)$r6 __module__ __qualname____doc__r*r+r-r.r,r/r0 classmethodr!r#rr3r9propertyrsetterr?rCr"rrGrMrgrirhrmrlrprzr}rxrrrrr r,sL   #    $*    rcCsd}dD] }t|r|}nqtdrdnd}t|s&tgdt|p*dd|p0|p0d|p3d|p6ddd}|j|d|dd |S) N)bcrypt sha256_cryptr)portable_apache_24host_apache_24linux_apache_24portablehost apr_md5_cryptr)rportable_apache_22rhost_apache_22rlinux_apache_22rr)rr)rhas_os_crypt_support has_backend_warn_no_bcryptclearupdaterH) host_bestrErdefaultsrrr _init_default_schemess.  rcCsPgd}|t|dddg|}tt||jd}t|tdddS)N)rr sha512_crypt des_cryptr ldap_sha1 plaintextr)r_r2y)schemesdefault bcrypt__ident)extendrget_supported_os_crypt_schemessortedroindexrhtpasswd_defaults)r preferredrrr _init_htpasswd_contextsrcseZdZdZddeffdd ZddZddZd d Zd d Z e d dddddZ ddZ ddZ e d dddddZddZddZe d ddddd ZZS)!raclass for reading & writing Htpasswd files. The class constructor accepts the following arguments: :type path: filepath :param path: Specifies path to htpasswd file, use to implicitly load from and save to. This class has two modes of operation: 1. It can be "bound" to a local file by passing a ``path`` to the class constructor. In this case it will load the contents of the file when created, and the :meth:`load` and :meth:`save` methods will automatically load from and save to that file if they are called without arguments. 2. Alternately, it can exist as an independant object, in which case :meth:`load` and :meth:`save` will require an explicit path to be provided whenever they are called. As well, ``autosave`` behavior will not be available. This feature is new in Passlib 1.6, and is the default if no ``path`` value is provided to the constructor. This is also exposed as a readonly instance attribute. :type new: bool :param new: Normally, if *path* is specified, :class:`HtpasswdFile` will immediately load the contents of the file. However, when creating a new htpasswd file, applications can set ``new=True`` so that the existing file (if any) will not be loaded. .. versionadded:: 1.6 This feature was previously enabled by setting ``autoload=False``. That alias has been deprecated, and will be removed in Passlib 1.8 :type autosave: bool :param autosave: Normally, any changes made to an :class:`HtpasswdFile` instance will not be saved until :meth:`save` is explicitly called. However, if ``autosave=True`` is specified, any changes made will be saved to disk immediately (assuming *path* has been set). This is also exposed as a writeable instance attribute. :type encoding: str :param encoding: Optionally specify character encoding used to read/write file and hash passwords. Defaults to ``utf-8``, though ``latin-1`` is the only other commonly encountered encoding. This is also exposed as a readonly instance attribute. :type default_scheme: str :param default_scheme: Optionally specify default scheme to use when encoding new passwords. This can be any of the schemes with builtin Apache support, OR natively supported by the host OS's :func:`crypt.crypt` function. * Builtin schemes include ``"bcrypt"`` (apache 2.4+), ``"apr_md5_crypt"`, and ``"des_crypt"``. * Schemes commonly supported by Unix hosts include ``"bcrypt"``, ``"sha256_crypt"``, and ``"des_crypt"``. In order to not have to sort out what you should use, passlib offers a number of aliases, that will resolve to the most appropriate scheme based on your needs: * ``"portable"``, ``"portable_apache_24"`` -- pick scheme that's portable across hosts running apache >= 2.4. **This will be the default as of Passlib 2.0**. * ``"portable_apache_22"`` -- pick scheme that's portable across hosts running apache >= 2.4. **This is the default up to Passlib 1.9**. * ``"host"``, ``"host_apache_24"`` -- pick strongest scheme supported by apache >= 2.4 and/or host OS. * ``"host_apache_22"`` -- pick strongest scheme supported by apache >= 2.2 and/or host OS. .. versionadded:: 1.6 This keyword was previously named ``default``. That alias has been deprecated, and will be removed in Passlib 1.8. .. versionchanged:: 1.6.3 Added support for ``"bcrypt"``, ``"sha256_crypt"``, and ``"portable"`` alias. .. versionchanged:: 1.7 Added apache 2.4 semantics, and additional aliases. :type context: :class:`~passlib.context.CryptContext` :param context: :class:`!CryptContext` instance used to create and verify the hashes found in the htpasswd file. The default value is a pre-built context which supports all of the hashes officially allowed in an htpasswd file. This is also exposed as a readonly instance attribute. .. warning:: This option may be used to add support for non-standard hash formats to an htpasswd file. However, the resulting file will probably not be usable by another application, and particularly not by Apache. :param autoload: Set to ``False`` to prevent the constructor from automatically loaded the file from disk. .. deprecated:: 1.6 This has been replaced by the *new* keyword. Instead of setting ``autoload=False``, you should use ``new=True``. Support for this keyword will be removed in Passlib 1.8. :param default: Change the default algorithm used to hash new passwords. .. deprecated:: 1.6 This has been renamed to *default_scheme* for clarity. Support for this alias will be removed in Passlib 1.8. Loading & Saving ================ .. automethod:: load .. automethod:: load_if_changed .. automethod:: load_string .. automethod:: save .. automethod:: to_string Inspection ================ .. automethod:: users .. automethod:: check_password .. automethod:: get_hash Modification ================ .. automethod:: set_password .. automethod:: delete Alternate Constructors ====================== .. automethod:: from_string Attributes ========== .. attribute:: path Path to local file that will be used as the default for all :meth:`load` and :meth:`save` operations. May be written to, initialized by the *path* constructor keyword. .. attribute:: autosave Writeable flag indicating whether changes will be automatically written to *path*. Errors ====== :raises ValueError: All of the methods in this class will raise a :exc:`ValueError` if any user name contains a forbidden character (one of ``:\r\n\t\x00``), or is longer than 255 characters. Nc svd|vrtdtdd|d}|r*|tvrtd|tjt||}|j|d}||_ t t |j |fi|dS)Nrz{``default`` is deprecated as of Passlib 1.6, and will be removed in Passlib 1.8, it has been renamed to ``default_scheem``.r%r&zPHtpasswdFile: no bcrypt backends available, using fallback for default scheme %r)r) rr(poprrPasslibSecurityWarningrgetcopycontextsuperrr3)rrdefault_schemerrr5rr r3s    zHtpasswdFile.__init__cCs*|t}t|dkrtd||S)Nr%z/malformed htpasswd file (error reading line %d)rWsplit_BCOLONrr))rrrdresultrrr rMs  zHtpasswdFile._parse_recordcCs td||S)Nz%s:%s r )rrvhashrrr rps zHtpasswdFile._render_recordcsfddjDS)z6 Return list of all users in database cg|]}|qSrr)rrvr<rr z&HtpasswdFile.users..)r/r<rr<r usersszHtpasswdFile.userscCs|j|}|||S)aSet password for user; adds user if needed. :returns: * ``True`` if existing user was updated. * ``False`` if user account was added. .. versionchanged:: 1.6 This method was previously called ``update``, it was renamed to prevent ambiguity with the dictionary method. The old alias is deprecated, and will be removed in Passlib 1.8. )rrset_hash)rrvpasswordrrrr set_passwords zHtpasswdFile.set_password1.61.8r deprecatedremoved replacementcC |||Szset password for userrrrvrrrr r  zHtpasswdFile.updatecCs(z |j||WStyYdSw)aReturn hash stored for user, or ``None`` if user not found. .. versionchanged:: 1.6 This method was previously named ``find``, it was renamed for clarity. The old name is deprecated, and will be removed in Passlib 1.8. N)r/rzKeyErrorryrrr get_hashs  zHtpasswdFile.get_hashcCs<tr t|tr ||j}||}|||}||S)z semi-private helper which allows writing a hash directly; adds user if needed. .. warning:: does not (currently) do any validation of the hash string .. versionadded:: 1.7 )rrstrrr*rzrgri)rrvrrfrrr rs    zHtpasswdFile.set_hashrcCs ||Szreturn hash for userrryrrr find1s zHtpasswdFile.findcCs4z |j||=Wn tyYdSw|dS)zDelete user's entry. :returns: * ``True`` if user deleted. * ``False`` if user not found. FT)r/rzrriryrrr delete8s zHtpasswdFile.deletecCsz||}|j|}|durdSt|tr||j}|j||\}}|r;|dur;||jvs2J||j|<| |S)aM Verify password for specified user. If algorithm marked as deprecated by CryptContext, will automatically be re-hashed. :returns: * ``None`` if user not found. * ``False`` if user found, but password does not match. * ``True`` if user found and password matches. .. versionchanged:: 1.6 This method was previously called ``verify``, it was renamed to prevent ambiguity with the :class:`!CryptContext` method. The old alias is deprecated, and will be removed in Passlib 1.8. N) rzr/rrrrr*rverify_and_updateri)rrvrroknew_hashrrr check_passwordFs      zHtpasswdFile.check_passwordrcCrzverify password for userrrrrr verifyerzHtpasswdFile.verify)r6rrrhtpasswd_contextr3rMrprrr rrrrrrr __classcell__rrrr rs09   cseZdZdZdZd+fdd ZddZddZd d Zd d Z d dZ ddZ d,ddZ de fddZeddddddZd,ddZde fddZeddddd d!Zd,d"d#Zd$d%Zde fd&d'Zeddd(dd)d*ZZS)-raclass for reading & writing Htdigest files. The class constructor accepts the following arguments: :type path: filepath :param path: Specifies path to htdigest file, use to implicitly load from and save to. This class has two modes of operation: 1. It can be "bound" to a local file by passing a ``path`` to the class constructor. In this case it will load the contents of the file when created, and the :meth:`load` and :meth:`save` methods will automatically load from and save to that file if they are called without arguments. 2. Alternately, it can exist as an independant object, in which case :meth:`load` and :meth:`save` will require an explicit path to be provided whenever they are called. As well, ``autosave`` behavior will not be available. This feature is new in Passlib 1.6, and is the default if no ``path`` value is provided to the constructor. This is also exposed as a readonly instance attribute. :type default_realm: str :param default_realm: If ``default_realm`` is set, all the :class:`HtdigestFile` methods that require a realm will use this value if one is not provided explicitly. If unset, they will raise an error stating that an explicit realm is required. This is also exposed as a writeable instance attribute. .. versionadded:: 1.6 :type new: bool :param new: Normally, if *path* is specified, :class:`HtdigestFile` will immediately load the contents of the file. However, when creating a new htpasswd file, applications can set ``new=True`` so that the existing file (if any) will not be loaded. .. versionadded:: 1.6 This feature was previously enabled by setting ``autoload=False``. That alias has been deprecated, and will be removed in Passlib 1.8 :type autosave: bool :param autosave: Normally, any changes made to an :class:`HtdigestFile` instance will not be saved until :meth:`save` is explicitly called. However, if ``autosave=True`` is specified, any changes made will be saved to disk immediately (assuming *path* has been set). This is also exposed as a writeable instance attribute. :type encoding: str :param encoding: Optionally specify character encoding used to read/write file and hash passwords. Defaults to ``utf-8``, though ``latin-1`` is the only other commonly encountered encoding. This is also exposed as a readonly instance attribute. :param autoload: Set to ``False`` to prevent the constructor from automatically loaded the file from disk. .. deprecated:: 1.6 This has been replaced by the *new* keyword. Instead of setting ``autoload=False``, you should use ``new=True``. Support for this keyword will be removed in Passlib 1.8. Loading & Saving ================ .. automethod:: load .. automethod:: load_if_changed .. automethod:: load_string .. automethod:: save .. automethod:: to_string Inspection ========== .. automethod:: realms .. automethod:: users .. automethod:: check_password(user[, realm], password) .. automethod:: get_hash Modification ============ .. automethod:: set_password(user[, realm], password) .. automethod:: delete .. automethod:: delete_realm Alternate Constructors ====================== .. automethod:: from_string Attributes ========== .. attribute:: default_realm The default realm that will be used if one is not provided to methods that require it. By default this is ``None``, in which case an explicit realm must be provided for every method call. Can be written to. .. attribute:: path Path to local file that will be used as the default for all :meth:`load` and :meth:`save` operations. May be written to, initialized by the *path* constructor keyword. .. attribute:: autosave Writeable flag indicating whether changes will be automatically written to *path*. Errors ====== :raises ValueError: All of the methods in this class will raise a :exc:`ValueError` if any user name or realm contains a forbidden character (one of ``:\r\n\t\x00``), or is longer than 255 characters. Nc s"||_tt|j|fi|dSr;) default_realmrrr3)rrrrrrr r3szHtdigestFile.__init__cCs<|t}t|dkrtd||\}}}||f|fS)Nrz/malformed htdigest file (error reading line %d)r)rrrdrrvr{rrrr rM s   zHtdigestFile._parse_recordcCs|\}}td|||S)Nz %s:%s:%s r)rr_rrvr{rrr rpszHtdigestFile._render_recordcCs"|dur|j}|durtd|S)NzGyou must specify a realm explicitly, or set the default_realm attribute)rrr|rrr _require_realms zHtdigestFile._require_realmcCs||}||dS)Nr{)rrxr|rrr r}s  zHtdigestFile._encode_realmcCs||||fSr;)rzr}rrvr{rrr _encode_key#szHtdigestFile._encode_keycs&tddjD}fdd|DS)z%Return list of all realms in databasecss|]}|dVqdS)rLNrrr_rrr r,rz&HtdigestFile.realms..crrr)rr{r<rr r-rz'HtdigestFile.realms..)ror/)rrealmsrr<r r*szHtdigestFile.realmscs fddjDS)zReturn list of all users in specified realm. * uses ``self.default_realm`` if no realm explicitly provided. * returns empty list if realm not found. cs&g|]}|dkr|dqS)rLrrrr{rrr r6s  z&HtdigestFile.users..)r}r/r|rrr r/s zHtdigestFile.userscCs>|tur d|}}||}tj||||jd}||||S)aSet password for user; adds user & realm if needed. If ``self.default_realm`` has been set, this may be called with the syntax ``set_password(user, password)``, otherwise it must be called with all three arguments: ``set_password(user, realm, password)``. :returns: * ``True`` if existing user was updated * ``False`` if user account added. Nr*)_UNSETrrrr*rrrvr{rrrrr rQs   zHtdigestFile.set_passwordrrrrcC||||Srrrrvr{rrrr rdzHtdigestFile.updatecCs8|||}|j|}|durdStr||j}|S)aReturn :class:`~passlib.hash.htdigest` hash stored for user. * uses ``self.default_realm`` if no realm explicitly provided. * returns ``None`` if user or realm not found. .. versionchanged:: 1.6 This method was previously named ``find``, it was renamed for clarity. The old name is deprecated, and will be removed in Passlib 1.8. N)rr/rrrr*)rrvr{r_rrrr rjs  zHtdigestFile.get_hashcCsP|tur d|}}trt|tr||j}|||}|||}||S)a semi-private helper which allows writing a hash directly; adds user & realm if needed. If ``self.default_realm`` has been set, this may be called with the syntax ``set_hash(user, hash)``, otherwise it must be called with all three arguments: ``set_hash(user, realm, hash)``. .. warning:: does not (currently) do any validation of the hash string .. versionadded:: 1.7 N) rrrrrr*rrgri)rrvr{rr_rfrrr r}s    zHtdigestFile.set_hashrcCrrrrrrr rrzHtdigestFile.findcCs:|||}z|j|=Wn tyYdSw|dS)zDelete user's entry for specified realm. if realm is not specified, uses ``self.default_realm``. :returns: * ``True`` if user deleted, * ``False`` if user not found in realm. FT)rr/rri)rrvr{r_rrr rs   zHtdigestFile.deletecsB||j}fdd|D}|D]}||=q|t|S)zDelete all users for specified realm. if realm is not specified, uses ``self.default_realm``. :returns: number of users deleted (0 if realm not found) csg|] }|dkr|qS)rLrrr{rr rsz-HtdigestFile.delete_realm..)r}r/rir)rr{rZkeysr_rrr delete_realms zHtdigestFile.delete_realmcCsX|tur d|}}||}||}|j||f}|dur!dStj|||||jdS)aVerify password for specified user + realm. If ``self.default_realm`` has been set, this may be called with the syntax ``check_password(user, password)``, otherwise it must be called with all three arguments: ``check_password(user, realm, password)``. :returns: * ``None`` if user or realm not found. * ``False`` if user found, but password does not match. * ``True`` if user found and password matches. .. versionchanged:: 1.6 This method was previously called ``verify``, it was renamed to prevent ambiguity with the :class:`!CryptContext` method. The old alias is deprecated, and will be removed in Passlib 1.8. Nr)rrzr}r/rrrr*rrrr rs    zHtdigestFile.check_passwordrcCrrrrrrr rrzHtdigestFile.verify)NNr;)r6rrrrr3rMrprr}rrrrrr rrrrrrrrrrrrr rrs< "    )/r __future__rlogging getLoggerr6rRrAwarningsrpasslibrrpasslib.contextr passlib.excr passlib.hashr passlib.utilsr r r passlib.utils.decorr passlib.utils.compatr rrr__all__objectrrrQrrUrVrrorrrrrrrrrrr sD      )-c