Skip to content

Code cleanup, work exclusively with bcrypt, works on Windows #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
tminakov wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Code cleanup, work exclusively with bcrypt, works on Windows #21

tminakov wants to merge 3 commits into from

Conversation

@tminakov
Copy link

@tminakov tminakov commented Oct 14, 2017

The changes can be summarized in two major areas:

  • the password checks are exclusively through bcrypt, thus mitigating timing attacks - inspired from the go implementation, done by @lupine

  • code cleanup and refactoring:

    • all operations involving the config are now in the serverconfig.py (ex "init.py") file, separation of logic and purpose
    • the server can be initialized/ran on Windows now - shortcuted the writability check done by pwd
    • a couple of small bugss/corner cases covered

Todor Minakov and others added 3 commits October 14, 2017 14:25
@tminakov
* REFA - renamed the init.py to serverconfig.py, and moved all config…
b038680 
…uration functions to it - separation of logic

* FIX - the "list" CLI option works once again
* FEAT - skipping of directory writability check, thus allowing to work under Windows
@tminakov
* REFA - the check for directory write capabilities checks both the u…
a968f4c 
…ser & group permissions in one pass, and is more complete. Minor docstrings updates
@tminakov
* FEAT - full migration to bcrypt - if the client sent 'Password' req…
60d9def 
…uest attribute, bcrypt it & compare it like this; if the config file does not have bcrypted password - generate it on load
@tminakov
Copy link
Author

tminakov commented Oct 14, 2017

Travis failed on py3.2, at the import of logbook and requests; this amazes me a lot (to put it mildly), and I'm not sure how shall that be fixed - and shall it at all.

@stephanepechard stephanepechard self-assigned this Oct 17, 2017
@tminakov
Copy link
Author

tminakov commented Oct 22, 2017

Hi @stephanepechard, any update of the merge, is there something bothering you with the code? I'd really like to see it in, to use as a base for some new development.

Thanks,
Todor

@stephanepechard
Copy link
Member

stephanepechard commented Oct 24, 2017

@tminakov Did you validate your changes on OSes other than Windows?

@tminakov
Copy link
Author

tminakov commented Oct 25, 2017
edited
Loading

Yes, on Ubuntu - my main dev environment, and Debian - my main execution one; the Windows' writability check skip is just "to get it done" and for compatibility - but I've tested it there also.

@tminakov
Copy link
Author

tminakov commented Oct 25, 2017

By the way, I should've mentioned it - looked into the 3.2 failure, and it comes from the requests library - it does not support it, as a lot of others also don't:

psf/requests#3479

psf/requests#3507 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@stephanepechard stephanepechard

Labels

enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tminakov @stephanepechard