From ca3df803c9afd04d7dee612e0bf321cc62cf900f Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Sun, 4 Nov 2012 12:34:22 -0600 Subject: emit a warning if a user is using the default hashalg to AuthTkt --- CHANGES.txt | 9 +++++++++ TODO.txt | 3 +++ pyramid/authentication.py | 17 ++++++++++++++++- pyramid/tests/test_authentication.py | 9 +++++++++ 4 files changed, 37 insertions(+), 1 deletion(-) diff --git a/CHANGES.txt b/CHANGES.txt index b3733a787..43a910f96 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -48,6 +48,15 @@ Bug Fixes attribute of the request. It no longer fails in this case. See https://github.com/Pylons/pyramid/issues/700 +Deprecations +------------ + +- ``pyramid.authentication.AuthTktAuthenticationPolicy`` will emit a warning + if an application is using the policy without explicitly setting the + ``hashalg``. This is because the default is "md5" which is considered + insecure. If you really want "md5" then you must specify it explicitly to + get rid of the warning. + Internals --------- diff --git a/TODO.txt b/TODO.txt index ac5738244..af164adc9 100644 --- a/TODO.txt +++ b/TODO.txt @@ -141,6 +141,9 @@ Future - 1.6: Remove IContextURL and TraversalContextURL. +- 1.7: Change ``pyramid.authentication.AuthTktAuthenticationPolicy`` default + ``hashalg`` to ``sha512``. + Probably Bad Ideas ------------------ diff --git a/pyramid/authentication.py b/pyramid/authentication.py index dbca68a11..0a406e370 100644 --- a/pyramid/authentication.py +++ b/pyramid/authentication.py @@ -6,6 +6,7 @@ import base64 import datetime import re import time as time_mod +import warnings from zope.interface import implementer @@ -405,6 +406,8 @@ class RemoteUserAuthenticationPolicy(CallbackAuthenticationPolicy): be done somewhere else or in a subclass.""" return [] +_marker = object() + @implementer(IAuthenticationPolicy) class AuthTktAuthenticationPolicy(CallbackAuthenticationPolicy): """A :app:`Pyramid` :term:`authentication policy` which @@ -549,8 +552,20 @@ class AuthTktAuthenticationPolicy(CallbackAuthenticationPolicy): http_only=False, wild_domain=True, debug=False, - hashalg='md5', + hashalg=_marker ): + if hashalg is _marker: + hashalg = 'md5' + warnings.warn('The MD5 hash function is known to have collisions. ' + 'We recommend instead that you update your code to ' + 'use the SHA512 algorithm by setting ' + 'hashalg=\'sha512\'. If you accept these risks ' + 'and want to continue using MD5, explicitly set ' + 'the hashalg=\'md5\' in your authentication policy. ' + 'The default algorithm used in this policy is ' + 'likely to change in the future.', + DeprecationWarning, + stacklevel=2) self.cookie = AuthTktCookieHelper( secret, cookie_name=cookie_name, diff --git a/pyramid/tests/test_authentication.py b/pyramid/tests/test_authentication.py index 2d69173fa..123e4f9f5 100644 --- a/pyramid/tests/test_authentication.py +++ b/pyramid/tests/test_authentication.py @@ -1,4 +1,5 @@ import unittest +import warnings from pyramid import testing from pyramid.compat import ( text_, @@ -440,6 +441,14 @@ class TestAuthTktAuthenticationPolicy(unittest.TestCase): inst.cookie = DummyCookieHelper(cookieidentity) return inst + def setUp(self): + self.warnings = warnings.catch_warnings() + self.warnings.__enter__() + warnings.simplefilter('ignore', DeprecationWarning) + + def tearDown(self): + self.warnings.__exit__(None, None, None) + def test_allargs(self): # pass all known args inst = self._getTargetClass()( -- cgit v1.2.3