Mercurial > libervia-backend

diff sat/memory/params.py @ 3160:330a5f1d9eea

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
core (memory/crypto): replaced `PyCrypto` by `cryptography`: `PyCrypto` is unmaintained for years but was used in SàT for password hashing. This patch fixes that by replacing `PyCrypto` by the reference `cryptography` module which is well maintained. The behaviour stays the same (except that previously async `hash`, `encrypt` and `decrypt` methods are now synchronous, as they are quick and using a deferToThread may actually be more resource intensive than using blocking methods). It is planed to improve `memory.crypto` by using more up-to-date cryptography/hashing algorithms in the future. PyCrypto is no more a dependency of SàT
author Goffi <goffi@goffi.org>
date Sun, 09 Feb 2020 23:50:26 +0100
parents 559a625a236b
children 7d8a04a1d3a2
line wrap: on
line diff
--- a/sat/memory/params.py	Sun Feb 09 23:50:21 2020 +0100
+++ b/sat/memory/params.py	Sun Feb 09 23:50:26 2020 +0100
@@ -1,7 +1,6 @@
 #!/usr/bin/env python3
 
-
-# SAT: a jabber client
+# SàT: a XMPP client
 # Copyright (C) 2009-2020 Jérôme Poisson (goffi@goffi.org)
 
 # This program is free software: you can redistribute it and/or modify
@@ -521,18 +520,11 @@
             raise exceptions.ProfileNotSetError(
                 "The profile is needed to decrypt a password"
             )
-        d = self.host.memory.decryptValue(value, profile)
+        password = self.host.memory.decryptValue(value, profile)
 
-        def gotPlainPassword(password):
-            if (
-                password is None
-            ):  # empty value means empty password, None means decryption failure
-                raise exceptions.InternalError(
-                    _("The stored password could not be decrypted!")
-                )
-            return password
-
-        return d.addCallback(gotPlainPassword)
+        if password is None:
+            raise exceptions.InternalError("password should never be None")
+        return defer.succeed(password)
 
     def _type_to_str(self, result):
         """Convert result to string, according to its type """
@@ -1056,7 +1048,7 @@
                     lambda __: PasswordHasher.hash(value)
                 )  # profile password is hashed (empty value stays empty)
             elif value:  # other non empty passwords are encrypted with the personal key
-                d = BlockCipher.encrypt(personal_key, value)
+                d = defer.succeed(BlockCipher.encrypt(personal_key, value))
             else:
                 d = defer.succeed(value)
         else: