app-MAIL-temp/app/pw_models.py

import bcrypt
import sqlalchemy as sa
import unicodedata

_NORMALIZATION_FORM = "NFKC"


class PasswordOracle:
    password = sa.Column(sa.String(128), nullable=True)

    def set_password(self, password):
        password = unicodedata.normalize(_NORMALIZATION_FORM, password)
        salt = bcrypt.gensalt()
        self.password = bcrypt.hashpw(password.encode(), salt).decode()

    def check_password(self, password) -> bool:
        if not self.password:
            return False

        password = unicodedata.normalize(_NORMALIZATION_FORM, password)
        return bcrypt.checkpw(password.encode(), self.password.encode())
app.models: minor refactor (extract pw auth) 2021-05-26 18:17:47 +02:00			`import bcrypt`
do not use flask-sqlalchemy - add __tablename__ for all models - use sa and orm instead of db - rollback all changes in tests - remove session in @app.teardown_appcontext 2021-10-12 14:36:47 +02:00			`import sqlalchemy as sa`
			`import unicodedata`
app.models: minor refactor (extract pw auth) 2021-05-26 18:17:47 +02:00
app.pw_models: Use unicode normalization Per NIST [SP800-63B, §5.1.1.2] Memorized Secret Verifiers : > the verifier SHOULD apply the Normalization Process for > Stabilized Strings using either the NFKC or NFKD normalization This is necessary for Unicode passwords to work reliably. ASCII-only passwords aren't affected. [SP800-63B, §5.1.1.2]: https://pages.nist.gov/800-63-3/sp800-63b.html#-5112-memorized-secret-verifiers 2021-05-26 21:42:19 +02:00			`_NORMALIZATION_FORM = "NFKC"`


app.models: minor refactor (extract pw auth) 2021-05-26 18:17:47 +02:00			`class PasswordOracle:`
do not use flask-sqlalchemy - add __tablename__ for all models - use sa and orm instead of db - rollback all changes in tests - remove session in @app.teardown_appcontext 2021-10-12 14:36:47 +02:00			`password = sa.Column(sa.String(128), nullable=True)`
app.models: minor refactor (extract pw auth) 2021-05-26 18:17:47 +02:00
			`def set_password(self, password):`
app.pw_models: Use unicode normalization Per NIST [SP800-63B, §5.1.1.2] Memorized Secret Verifiers : > the verifier SHOULD apply the Normalization Process for > Stabilized Strings using either the NFKC or NFKD normalization This is necessary for Unicode passwords to work reliably. ASCII-only passwords aren't affected. [SP800-63B, §5.1.1.2]: https://pages.nist.gov/800-63-3/sp800-63b.html#-5112-memorized-secret-verifiers 2021-05-26 21:42:19 +02:00			`password = unicodedata.normalize(_NORMALIZATION_FORM, password)`
app.models: minor refactor (extract pw auth) 2021-05-26 18:17:47 +02:00			`salt = bcrypt.gensalt()`
app.pw_models: Refactor, use constant-time equality 2021-05-29 16:22:47 +02:00			`self.password = bcrypt.hashpw(password.encode(), salt).decode()`
app.models: minor refactor (extract pw auth) 2021-05-26 18:17:47 +02:00
			`def check_password(self, password) -> bool:`
			`if not self.password:`
			`return False`
app.pw_models: Use unicode normalization Per NIST [SP800-63B, §5.1.1.2] Memorized Secret Verifiers : > the verifier SHOULD apply the Normalization Process for > Stabilized Strings using either the NFKC or NFKD normalization This is necessary for Unicode passwords to work reliably. ASCII-only passwords aren't affected. [SP800-63B, §5.1.1.2]: https://pages.nist.gov/800-63-3/sp800-63b.html#-5112-memorized-secret-verifiers 2021-05-26 21:42:19 +02:00
			`password = unicodedata.normalize(_NORMALIZATION_FORM, password)`
app.pw_models: Refactor, use constant-time equality 2021-05-29 16:22:47 +02:00			`return bcrypt.checkpw(password.encode(), self.password.encode())`