Skip to content

Fix broken implementation of import_from_firstuse #221

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Fix broken implementation of import_from_firstuse #221

wants to merge 6 commits into from
+25 −6

Conversation

@mtav
Copy link

@mtav mtav commented Sep 10, 2022
edited
Loading

This would fix #219 when using c.NativeAuthenticator.import_from_firstuse = True:

When importing users from passwords.dbm, the hashed password was processed as if it was a cleartext password, leading the original password to fail and preventing imported users from logging in.

An extra keyword option "from_firstuse" was added to create_user() to handle this special case.

The code also silently skips existing users on import to avoid overwriting their password.
This is to handle the case when users do not wish to delete their FirstUseAuthenticator database after the first import, in which case the re-import at each hub reload could cause any password changes done after to be overwritten, or constant reload failures.

Note about password checks on import:
The FirstUse Authenticator stores hashed passwords, so checking if they are based on common passwords would be quite time consuming. So the import only checks for valid usernames, not if the passwords are long enough or common.

mtav and others added 6 commits September 10, 2022 04:32
@mtav
Fixed an issue when using c.NativeAuthenticator.import_from_firstuse …
79899cb 
…= True:

When importing users from passwords.dbm, the hashed password was processed as if it was a cleartext password, leading the original password to fail and preventing imported users from logging in.

An extra keyword option "from_firstuse" was added to create_user() to handle this special case.
@pre-commit-ci
[pre-commit.ci] auto fixes from pre-commit.com hooks
3c75878 
for more information, see https://pre-commit.ci
@mtav
Re-enabled password strength test, although I suspect it won't work f…
c0f92dd 
…or imported weak passwords that have previously been hashed.
@mtav
Merge branch 'main' of github.com:mtav/nativeauthenticator
c74c94a
@mtav
Improved handling of FirstUseAuthenticator import:
4225879 
-Import fails on invalid usernames.
-Import fails if user is valid, but already exists and still returns user_info.
-Otherwise import works.

Note: Password strength check not fixed yet.
@mtav
All tests passed.
29c0f94 
"password" (cleartext or hash) gets decoded before any password checks and then re-encoded before being added to the database.
@mtav mtav mentioned this pull request Sep 12, 2022
Open
@consideRatio consideRatio changed the title fixes #219 Fix broken implementation of import_from_firstuse May 8, 2023
@consideRatio consideRatio added the bug Something isn't working label May 8, 2023
@consideRatio consideRatio mentioned this pull request May 8, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Something isn't working

Projects

PR triage (experimental)
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

import_from_firstuse not working: Previous users cannot log in or create an account.

2 participants

@mtav @consideRatio