Bazaar

Merge lp:~gz/bzr/Base64CredentialStore into lp:bzr

  1. Base64CredentialStore
  2. Merge into bzr.dev
Proposed by Martin Packman
Status: Merged
Approved by: Martin Packman
Approved revision: no longer in the source branch.
Merged at revision: 6546
Proposed branch: lp:~gz/bzr/Base64CredentialStore
Merge into: lp:bzr
Diff against target: 105 lines (+30/-4)
4 files modified
bzrlib/config.py (+14/-0)
bzrlib/tests/test_config.py (+11/-3)
doc/developers/authentication-ring.txt (+2/-1)
doc/en/release-notes/bzr-2.6.txt (+3/-0)
To merge this branch: bzr merge lp:~gz/bzr/Base64CredentialStore
Reviewer Review Type Date Requested Status
bzr-core Pending
Review via email: mp+117160@code.launchpad.net

Commit message

Add Base64CredentialStore for authentication.conf password obfuscation

To post a comment you must log in.
Revision history for this message
Martin Packman (gz) wrote :

sent to pqm by email

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'bzrlib/config.py'
2--- bzrlib/config.py 2012-07-20 15:46:59 +0000
3+++ bzrlib/config.py 2012-07-28 15:30:29 +0000
4@@ -81,6 +81,7 @@
5 from bzrlib.decorators import needs_write_lock
6 from bzrlib.lazy_import import lazy_import
7 lazy_import(globals(), """
8+import base64
9 import fnmatch
10 import re
11
12@@ -2131,6 +2132,19 @@
13 credential_store_registry.default_key = 'plain'
14
15
16+class Base64CredentialStore(CredentialStore):
17+ __doc__ = """Base64 credential store for the authentication.conf file"""
18+
19+ def decode_password(self, credentials):
20+ """See CredentialStore.decode_password."""
21+ # GZ 2012-07-28: Will raise binascii.Error if password is not base64,
22+ # should probably propogate as something more useful.
23+ return base64.decodestring(credentials['password'])
24+
25+credential_store_registry.register('base64', Base64CredentialStore,
26+ help=Base64CredentialStore.__doc__)
27+
28+
29 class BzrDirConfig(object):
30
31 def __init__(self, bzrdir):
32
33=== modified file 'bzrlib/tests/test_config.py'
34--- bzrlib/tests/test_config.py 2012-07-21 02:00:58 +0000
35+++ bzrlib/tests/test_config.py 2012-07-28 15:30:29 +0000
36@@ -15,17 +15,16 @@
37 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
38
39 """Tests for finding and reading the bzr config file[s]."""
40-# import system imports here
41+
42+import base64
43 from cStringIO import StringIO
44 from textwrap import dedent
45 import os
46 import sys
47 import threading
48
49-
50 from testtools import matchers
51
52-#import bzrlib specific imports here
53 from bzrlib import (
54 branch,
55 config,
56@@ -4842,6 +4841,15 @@
57 self.assertEquals('secret', decoded)
58
59
60+class TestBase64CredentialStore(tests.TestCase):
61+
62+ def test_decode_password(self):
63+ r = config.credential_store_registry
64+ plain_text = r.get_credential_store('base64')
65+ decoded = plain_text.decode_password(dict(password='c2VjcmV0'))
66+ self.assertEquals('secret', decoded)
67+
68+
69 # FIXME: Once we have a way to declare authentication to all test servers, we
70 # can implement generic tests.
71 # test_user_password_in_url
72
73=== modified file 'doc/developers/authentication-ring.txt'
74--- doc/developers/authentication-ring.txt 2010-11-12 22:46:28 +0000
75+++ doc/developers/authentication-ring.txt 2012-07-28 15:30:29 +0000
76@@ -158,7 +158,7 @@
77
78 Encoding passwords in ``base64``, while weak, provides protection against
79 accidental reading (if an administrator have to look into the file, he will not
80-see the passwords in clear).(Not implemented yet).
81+see the passwords in clear).
82
83 This specification intends to ease the authentication providing, not to secure
84 it in the best possible way.
85@@ -266,6 +266,7 @@
86 scheme=https
87 host=home.net
88 user=joe
89+ # Obtain the base64 encoded password by running 'echo -n "secret-pass" | base64'
90 password='c2VjcmV0LXBhc3M='
91 password_encoding=base64
92 verify_certificates=no # Still searching a free certificate provider
93
94=== modified file 'doc/en/release-notes/bzr-2.6.txt'
95--- doc/en/release-notes/bzr-2.6.txt 2012-07-28 14:46:45 +0000
96+++ doc/en/release-notes/bzr-2.6.txt 2012-07-28 15:30:29 +0000
97@@ -28,6 +28,9 @@
98 specified, not the branch you use. This was enabled by a new API call in
99 Launchpad's web service. (Aaron Bentley)
100
101+* Implement authentication.conf password obfuscation, the password_encoding
102+ option can now be set to base64. (Florian Dorn)
103+
104 Bug Fixes
105 *********
106