core.bones.password

The PasswordBone class is a specialized version of the StringBone class designed to handle password data. It hashes the password data before saving it to the database and prevents it from being read directly. The class also includes various tests to determine the strength of the entered password.

Module Contents

Classes

PasswordBone

A specialized subclass of the StringBone class designed to handle password data.

Functions

encode_password(password, salt[, iterations, dklen])

Decodes a pashword and return the hash and meta information as hash

Attributes

PBKDF2_DEFAULT_ITERATIONS

core.bones.password.PBKDF2_DEFAULT_ITERATIONS = 600000
core.bones.password.encode_password(password, salt, iterations=PBKDF2_DEFAULT_ITERATIONS, dklen=42)

Decodes a pashword and return the hash and meta information as hash

Parameters:

  • password (str | bytes) –

  • salt (str | bytes) –

  • iterations (int) –

  • dklen (int) –

Return type:

dict[str, str | bytes]

class core.bones.password.PasswordBone(*, descr='Password', test_threshold=4, tests=tests, **kwargs)

Bases: viur.core.bones.string.StringBone

A specialized subclass of the StringBone class designed to handle password data.

The PasswordBone hashes the password before saving it to the database and prevents it from being read directly. It also includes various tests to determine the strength of the entered password.

Initializes a new PasswordBone.

Parameters:

  • test_threshold (int) – The minimum number of tests the password must pass.

  • password_tests – Defines separate tests specified as tuples of regex, hint and required-flag.

  • descr (str) –

  • tests (Iterable[Iterable[Tuple[str, str, bool]]]) –

type = 'password'

A string representing the bone type, which is “password” in this case.

saltLength = 13
tests: Iterable[Iterable[Tuple[str, str, bool]]] = (('^.*[A-Z].*$',), ('^.*[a-z].*$',), ('^.*\\d.*$',), ('^.*\\W.*$',), ('^.{8,}$',))

Provides tests based on regular expressions to test the password strength.

Note: The provided regular expressions have to produce exactly the same results in Python and JavaScript.

This requires that some feature either cannot be used, or must be rewritten to match on both engines.

isInvalid(value)

Determines if the entered password is invalid based on the length and strength requirements. It checks if the password is empty, too short, or too weak according to the password tests specified in the class.

Parameters:

value (str) – The password to be checked.

Returns:

True if the password is invalid, otherwise False.

Return type:

bool

fromClient(skel, name, data)

Processes the password field from the client data, validates it, and stores it in the skeleton instance after hashing. This method performs several checks, such as ensuring that the password field is present in the data, that the password is not empty, and that it meets the length and strength requirements. If any of these checks fail, a ReadFromClientError is returned.

Parameters:

  • skel (SkeletonInstance) – The skeleton instance to store the password in.

  • name (str) – The name of the password field.

  • data (dict) – The data dictionary containing the password field value.

Returns:

None if the password is valid, otherwise a list of ReadFromClientErrors.

Return type:

Union[None, List[ReadFromClientError]]

serialize(skel, name, parentIndexed)

Processes and stores the password field from the client data into the skeleton instance after hashing and validating it. This method carries out various checks, such as:

  • Ensuring that the password field is present in the data.

  • Verifying that the password is not empty.

  • Confirming that the password meets the length and strength requirements.

If any of these checks fail, a ReadFromClientError is returned.

Parameters:

  • skel (SkeletonInstance) – The skeleton instance where the password will be stored as a hashed value along with its salt.

  • name (str) – The name of the password field used to access the password value in the data dictionary.

  • data (dict) – The data dictionary containing the password field value, typically submitted by the client.

  • parentIndexed (bool) –

Returns:

None if the password is valid and successfully stored in the skeleton instance; otherwise, a list of ReadFromClientErrors containing detailed information about the errors.

Return type:

Union[None, List[ReadFromClientError]]

unserialize(skeletonValues, name)

This method does not unserialize password values from the datastore. It always returns False, indicating that no password value will be unserialized.

Parameters:

  • skeletonValues (dict) – The dictionary containing the values from the datastore.

  • name (str) – The name of the password field.

Returns:

False, as no password value will be unserialized.

Return type:

bool

structure()

Describes the bone and its settings as an JSON-serializable dict. This function has to be implemented for subsequent, specialized bone types.

Return type:

dict