Add config argument to more password.Password invocations.

rouilj · rouilj · commit 7784eb99871c · 2023-03-04T00:17:26.000-05:00
The work done to allow password_pbkdf2_default_rounds to be overridden
for testing requires that calls to password.Password include a config
argument.

This was needed because using the real value more than quadrupled
testing runtime.

However there are still a few places where config was not being set
when Password was called. I think this fixes all of the ones that are
called from a function that have access to a db.config object.

The remaining ones all call Password(encrypted=x). This results in
Password.unpack() being called. If x is not a propertly formatted
password string ("{scheme}...", it calls encodePassword. It then
should end up raising the ConfigNotSet exception. This is
probably what we want as it means the shape of "x" is not correct.

I don't understand why Password.unpack() attempts to encrypt the value
of encrypted if it doesn't match the right form. According to codecov,
this encryption branch is being used, so somewhere x is of the wrong
form. Hmmm....
diff --git a/roundup/backends/back_anydbm.py b/roundup/backends/back_anydbm.py
@@ -503,7 +503,7 @@ def unserialise(self, classname, node):
             elif isinstance(prop, hyperdb.Interval) and v is not None:
                 d[k] = date.Interval(v)
             elif isinstance(prop, hyperdb.Password) and v is not None:
-                d[k] = password.Password(encrypted=v)
+                d[k] = password.Password(encrypted=v, config=self.config)
             else:
                 d[k] = v
         return d
@@ -2147,7 +2147,8 @@ def import_list(self, propnames, proplist):
             elif isinstance(prop, hyperdb.Interval):
                 value = date.Interval(value)
             elif isinstance(prop, hyperdb.Password):
-                value = password.Password(encrypted=value)
+                value = password.Password(encrypted=value,
+                                          config=self.db.config)
             d[propname] = value
 
         # get a new id if necessary
diff --git a/roundup/backends/back_mysql.py b/roundup/backends/back_mysql.py
@@ -328,7 +328,7 @@ def add_new_columns_v2(self):
                     elif isinstance(prop, hyperdb.Interval) and v is not None:
                         v = date.Interval(v)
                     elif isinstance(prop, hyperdb.Password) and v is not None:
-                        v = password.Password(encrypted=v)
+                        v = password.Password(encrypted=v, config=self.config)
                     elif isinstance(prop, hyperdb.Integer) and v is not None:
                         v = int(v)
                     elif (isinstance(prop, hyperdb.Boolean) or
diff --git a/roundup/backends/rdbms_common.py b/roundup/backends/rdbms_common.py
@@ -3255,7 +3255,8 @@ def import_list(self, propnames, proplist):
             elif isinstance(prop, hyperdb.Interval):
                 value = date.Interval(value)
             elif isinstance(prop, hyperdb.Password):
-                value = password.Password(encrypted=value)
+                value = password.Password(encrypted=value,
+                                          config=self.db.config)
             elif isinstance(prop, String):
                 value = us2s(value)
                 if not isinstance(value, str):
diff --git a/roundup/roundupdb.py b/roundup/roundupdb.py
@@ -114,7 +114,8 @@ def confirm_registration(self, otk):
             elif isinstance(proptype, hyperdb.Interval):
                 props[propname] = date.Interval(value)
             elif isinstance(proptype, hyperdb.Password):
-                props[propname] = password.Password(encrypted=value)
+                props[propname] = password.Password(encrypted=value,
+                                                    config=self.config)
 
         # tag new user creation with 'admin'
         self.journaltag = 'admin'
diff --git a/roundup/test/memorydb.py b/roundup/test/memorydb.py
@@ -62,7 +62,7 @@ def create(journaltag, create=True, debug=False, prefix=default_prefix):
 
     initial_data = os.path.join(prefix, 'initial_data.py')
     vars = dict(db=db, admin_email='admin@test.com',
-                adminpw=password.Password('sekrit'))
+                adminpw=password.Password('sekrit', config=db.config))
     fd = open(initial_data)
     exec(compile(fd.read(), initial_data, 'exec'), vars)
     fd.close()
@@ -110,7 +110,8 @@ def create(journaltag, create=True, debug=False, prefix=default_prefix):
     '''
     if create:
         db.user.create(username="fred", roles='User',
-                       password=password.Password('sekrit'),
+                       password=password.Password('sekrit',
+                                                  config=db.config),
                        address='fred@example.com')
 
     db.security.addPermissionToRole('User', 'Email Access')
