diff options
| -rw-r--r-- | CHANGES.txt | 9 | ||||
| -rw-r--r-- | TODO.txt | 3 | ||||
| -rw-r--r-- | pyramid/authentication.py | 17 | ||||
| -rw-r--r-- | pyramid/tests/test_authentication.py | 9 |
4 files changed, 37 insertions, 1 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index b3733a787..43a910f96 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -48,6 +48,15 @@ Bug Fixes attribute of the request. It no longer fails in this case. See https://github.com/Pylons/pyramid/issues/700 +Deprecations +------------ + +- ``pyramid.authentication.AuthTktAuthenticationPolicy`` will emit a warning + if an application is using the policy without explicitly setting the + ``hashalg``. This is because the default is "md5" which is considered + insecure. If you really want "md5" then you must specify it explicitly to + get rid of the warning. + Internals --------- @@ -141,6 +141,9 @@ Future - 1.6: Remove IContextURL and TraversalContextURL. +- 1.7: Change ``pyramid.authentication.AuthTktAuthenticationPolicy`` default + ``hashalg`` to ``sha512``. + Probably Bad Ideas ------------------ diff --git a/pyramid/authentication.py b/pyramid/authentication.py index dbca68a11..0a406e370 100644 --- a/pyramid/authentication.py +++ b/pyramid/authentication.py @@ -6,6 +6,7 @@ import base64 import datetime import re import time as time_mod +import warnings from zope.interface import implementer @@ -405,6 +406,8 @@ class RemoteUserAuthenticationPolicy(CallbackAuthenticationPolicy): be done somewhere else or in a subclass.""" return [] +_marker = object() + @implementer(IAuthenticationPolicy) class AuthTktAuthenticationPolicy(CallbackAuthenticationPolicy): """A :app:`Pyramid` :term:`authentication policy` which @@ -549,8 +552,20 @@ class AuthTktAuthenticationPolicy(CallbackAuthenticationPolicy): http_only=False, wild_domain=True, debug=False, - hashalg='md5', + hashalg=_marker ): + if hashalg is _marker: + hashalg = 'md5' + warnings.warn('The MD5 hash function is known to have collisions. ' + 'We recommend instead that you update your code to ' + 'use the SHA512 algorithm by setting ' + 'hashalg=\'sha512\'. If you accept these risks ' + 'and want to continue using MD5, explicitly set ' + 'the hashalg=\'md5\' in your authentication policy. ' + 'The default algorithm used in this policy is ' + 'likely to change in the future.', + DeprecationWarning, + stacklevel=2) self.cookie = AuthTktCookieHelper( secret, cookie_name=cookie_name, diff --git a/pyramid/tests/test_authentication.py b/pyramid/tests/test_authentication.py index 2d69173fa..123e4f9f5 100644 --- a/pyramid/tests/test_authentication.py +++ b/pyramid/tests/test_authentication.py @@ -1,4 +1,5 @@ import unittest +import warnings from pyramid import testing from pyramid.compat import ( text_, @@ -440,6 +441,14 @@ class TestAuthTktAuthenticationPolicy(unittest.TestCase): inst.cookie = DummyCookieHelper(cookieidentity) return inst + def setUp(self): + self.warnings = warnings.catch_warnings() + self.warnings.__enter__() + warnings.simplefilter('ignore', DeprecationWarning) + + def tearDown(self): + self.warnings.__exit__(None, None, None) + def test_allargs(self): # pass all known args inst = self._getTargetClass()( |