app-MAIL-temp/app/pw_models.py

import unicodedata

import bcrypt

from app.extensions import db


_NORMALIZATION_FORM = "NFKC"


class PasswordOracle:
    salt = db.Column(db.String(128), nullable=True)
    password = db.Column(db.String(128), nullable=True)

    def set_password(self, password):
        password = unicodedata.normalize(_NORMALIZATION_FORM, password)
        salt = bcrypt.gensalt()
        password_hash = bcrypt.hashpw(password.encode(), salt).decode()
        self.salt = salt.decode()
        self.password = password_hash

    def check_password(self, password) -> bool:
        if not self.password:
            return False

        password = unicodedata.normalize(_NORMALIZATION_FORM, password)
        password_hash = bcrypt.hashpw(password.encode(), self.salt.encode())
        return self.password.encode() == password_hash
app.pw_models: Use unicode normalization Per NIST [SP800-63B, §5.1.1.2] Memorized Secret Verifiers : > the verifier SHOULD apply the Normalization Process for > Stabilized Strings using either the NFKC or NFKD normalization This is necessary for Unicode passwords to work reliably. ASCII-only passwords aren't affected. [SP800-63B, §5.1.1.2]: https://pages.nist.gov/800-63-3/sp800-63b.html#-5112-memorized-secret-verifiers 2021-05-26 21:42:19 +02:00			`import unicodedata`

app.models: minor refactor (extract pw auth) 2021-05-26 18:17:47 +02:00			`import bcrypt`

			`from app.extensions import db`


app.pw_models: Use unicode normalization Per NIST [SP800-63B, §5.1.1.2] Memorized Secret Verifiers : > the verifier SHOULD apply the Normalization Process for > Stabilized Strings using either the NFKC or NFKD normalization This is necessary for Unicode passwords to work reliably. ASCII-only passwords aren't affected. [SP800-63B, §5.1.1.2]: https://pages.nist.gov/800-63-3/sp800-63b.html#-5112-memorized-secret-verifiers 2021-05-26 21:42:19 +02:00			`_NORMALIZATION_FORM = "NFKC"`


app.models: minor refactor (extract pw auth) 2021-05-26 18:17:47 +02:00			`class PasswordOracle:`
			`salt = db.Column(db.String(128), nullable=True)`
			`password = db.Column(db.String(128), nullable=True)`

			`def set_password(self, password):`
app.pw_models: Use unicode normalization Per NIST [SP800-63B, §5.1.1.2] Memorized Secret Verifiers : > the verifier SHOULD apply the Normalization Process for > Stabilized Strings using either the NFKC or NFKD normalization This is necessary for Unicode passwords to work reliably. ASCII-only passwords aren't affected. [SP800-63B, §5.1.1.2]: https://pages.nist.gov/800-63-3/sp800-63b.html#-5112-memorized-secret-verifiers 2021-05-26 21:42:19 +02:00			`password = unicodedata.normalize(_NORMALIZATION_FORM, password)`
app.models: minor refactor (extract pw auth) 2021-05-26 18:17:47 +02:00			`salt = bcrypt.gensalt()`
			`password_hash = bcrypt.hashpw(password.encode(), salt).decode()`
			`self.salt = salt.decode()`
			`self.password = password_hash`

			`def check_password(self, password) -> bool:`
			`if not self.password:`
			`return False`
app.pw_models: Use unicode normalization Per NIST [SP800-63B, §5.1.1.2] Memorized Secret Verifiers : > the verifier SHOULD apply the Normalization Process for > Stabilized Strings using either the NFKC or NFKD normalization This is necessary for Unicode passwords to work reliably. ASCII-only passwords aren't affected. [SP800-63B, §5.1.1.2]: https://pages.nist.gov/800-63-3/sp800-63b.html#-5112-memorized-secret-verifiers 2021-05-26 21:42:19 +02:00
			`password = unicodedata.normalize(_NORMALIZATION_FORM, password)`
app.models: minor refactor (extract pw auth) 2021-05-26 18:17:47 +02:00			`password_hash = bcrypt.hashpw(password.encode(), self.salt.encode())`
			`return self.password.encode() == password_hash`