hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-15 22:13:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

keep salting generated tokens

Browse Source 
all the savings are in rounds, but keep salt because it still prevents the ability to hash a token once and check it against the whole db
This commit is contained in:
Min RK
2017-08-06 14:16:47 +02:00
parent a27765f7d5
commit 25d19732e0
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
jupyterhub/orm.py
View File

@@ -243,7 +243,7 @@ class Hashed(object):
# values to use for internally generated tokens, # values to use for internally generated tokens,
# which have good entropy as UUIDs # which have good entropy as UUIDs
generated = True generated = True
generated_salt_bytes = b'' generated_salt_bytes = 8
generated_rounds = 1 generated_rounds = 1
@property @property

5
jupyterhub/tests/test_orm.py
View File

@@ -67,7 +67,10 @@ def test_tokens(db):
assert found.match(token) assert found.match(token)
assert found.user is user assert found.user is user
assert found.service is None assert found.service is None
assert found.hashed.startswith('%s:1::' % orm.APIToken.algorithm) algo, rounds, salt, checksum = found.hashed.split(':')
assert algo == orm.APIToken.algorithm
assert rounds == '1'
assert len(salt) == orm.APIToken.generated_salt_bytes * 2
found = orm.APIToken.find(db, 'something else') found = orm.APIToken.find(db, 'something else')
assert found is None assert found is None