Modernize rpcauth.py and its tests

2023-02-10 17:34:31 -05:00 · 2023-02-10 17:34:31 -05:00 · e4e17907b6
parent 2c1fe27bf3
commit e4e17907b6
2 changed files with 11 additions and 14 deletions
--- a/share/rpcauth/rpcauth.py
+++ b/share/rpcauth/rpcauth.py
@ -4,22 +4,20 @@
 # file COPYING or http://www.opensource.org/licenses/mit-license.php.

 from argparse import ArgumentParser
-from base64 import urlsafe_b64encode
 from getpass import getpass
-from os import urandom
-
+from secrets import token_hex, token_urlsafe
 import hmac

 def generate_salt(size):
    """Create size byte hex salt"""
-    return urandom(size).hex()
+    return token_hex(size)

 def generate_password():
    """Create 32 byte b64 password"""
-    return urlsafe_b64encode(urandom(32)).decode('utf-8')
+    return token_urlsafe(32)

 def password_to_hmac(salt, password):
-    m = hmac.new(bytearray(salt, 'utf-8'), bytearray(password, 'utf-8'), 'SHA256')
+    m = hmac.new(salt.encode('utf-8'), password.encode('utf-8'), 'SHA256')
    return m.hexdigest()

 def main():
@ -38,8 +36,8 @@ def main():
    password_hmac = password_to_hmac(salt, args.password)

    print('String to be appended to bitcoin.conf:')
-    print('rpcauth={0}:{1}${2}'.format(args.username, salt, password_hmac))
-    print('Your password:\n{0}'.format(args.password))
+    print(f'rpcauth={args.username}:{salt}${password_hmac}')
+    print(f'Your password:\n{args.password}')

 if __name__ == '__main__':
    main()
--- a/test/util/rpcauth-test.py
+++ b/test/util/rpcauth-test.py
@ -4,7 +4,7 @@
 # file COPYING or http://www.opensource.org/licenses/mit-license.php.
 """Test share/rpcauth/rpcauth.py
 """
-import base64
+import re
 import configparser
 import hmac
 import importlib
@ -28,18 +28,17 @@ class TestRPCAuth(unittest.TestCase):
            self.assertEqual(len(self.rpcauth.generate_salt(i)), i * 2)

    def test_generate_password(self):
+        """Test that generated passwords only consist of urlsafe characters."""
+        r = re.compile(r"[0-9a-zA-Z_-]*")
        password = self.rpcauth.generate_password()
-        expected_password = base64.urlsafe_b64encode(
-            base64.urlsafe_b64decode(password)).decode('utf-8')
-        self.assertEqual(expected_password, password)
+        self.assertTrue(r.fullmatch(password))

    def test_check_password_hmac(self):
        salt = self.rpcauth.generate_salt(16)
        password = self.rpcauth.generate_password()
        password_hmac = self.rpcauth.password_to_hmac(salt, password)

-        m = hmac.new(bytearray(salt, 'utf-8'),
-            bytearray(password, 'utf-8'), 'SHA256')
+        m = hmac.new(salt.encode('utf-8'), password.encode('utf-8'), 'SHA256')
        expected_password_hmac = m.hexdigest()

        self.assertEqual(expected_password_hmac, password_hmac)