Bump version to 4.0.2~beta

debian/changelog

@@ -1,3 +1,17 @@
+moulinette (4.0.2~beta) testing; urgency=low
+
+  - Bump version number for beta release
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 19 Jun 2020 15:33:29 +0200
+
+moulinette (4.0.1~alpha) testing; urgency=low
+
+  - [fix] Get rid of legacy code which breaks postinstall on buster for some reason (ac83b10f)
+  - [fix] Remove legacy Breaks and Replaces (e49a47c7)
+  - [fix] Let's hash the password like we do in core during tests (0c78374e)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 05 Jun 2020 17:32:35 +0200
+
 moulinette (3.8.1.2) stable; urgency=low
 
   - [fix] locale parsing in some edge case

debian/control

@@ -18,8 +18,6 @@ Depends: ${misc:Depends}, ${python:Depends},
     python-toml,
     python-psutil,
     python-tz
-Replaces: yunohost-cli
-Breaks: yunohost-cli
 Description: prototype interfaces with ease in Python
  The moulinette is a Python package that allows one to quickly and
  easily prototype interfaces for your application. Each action can

moulinette/authenticators/ldap.py

@@ -4,9 +4,6 @@
 from __future__ import absolute_import
 import os
 import logging
-import random
-import string
-import crypt
 import ldap
 import ldap.sasl
 import time
@@ -114,30 +111,6 @@ class Authenticator(BaseAuthenticator):
                 raise MoulinetteError("Not logged in with the expected userdn ?!")
             else:
                 self.con = con
-                self._ensure_password_uses_strong_hash(password)
-
-    def _ensure_password_uses_strong_hash(self, password):
-        # XXX this has been copy pasted from YunoHost, should we put that into moulinette?
-        def _hash_user_password(password):
-            char_set = (
-                string.ascii_uppercase + string.ascii_lowercase + string.digits + "./"
-            )
-            salt = "".join([random.SystemRandom().choice(char_set) for x in range(16)])
-            salt = "$6$" + salt + "$"
-            return "{CRYPT}" + crypt.crypt(str(password), salt)
-
-        hashed_password = self.search(self.admindn, attrs=["userPassword"])[0]
-
-        # post-install situation, password is not already set
-        if "userPassword" not in hashed_password or not hashed_password["userPassword"]:
-            return
-
-        # we aren't using sha-512 but something else that is weaker, proceed to upgrade
-        if not hashed_password["userPassword"][0].startswith("{CRYPT}$6$"):
-            self.update(
-                "cn=%s" % self.adminuser,
-                {"userPassword": [_hash_user_password(password)]},
-            )
 
     # Additional LDAP methods
     # TODO: Review these methods

test/src/ldap_server.py

@@ -98,7 +98,22 @@ class LDAPServer:
                 "posixAccount",
                 "simpleSecurityObject",
             ],
-            "userPassword": ["yunohost"],
+            "userPassword": [self._hash_user_password("yunohost")],
         }
 
         ldap_interface.update("cn=admin", admin_dict)
+
+
+    def _hash_user_password(self, password):
+        """
+        Copy pasta of what's in yunohost/user.py
+        """
+        import string
+        import random
+        import crypt
+
+        char_set = string.ascii_uppercase + string.ascii_lowercase + string.digits + "./"
+        salt = ''.join([random.SystemRandom().choice(char_set) for x in range(16)])
+
+        salt = '$6$' + salt + '$'
+        return '{CRYPT}' + crypt.crypt(str(password), salt)

tox.ini

@@ -19,6 +19,7 @@ deps =
   gevent-websocket
   bottle >= 0.12
   WebTest >= 2.0, < 2.1
+  python-ldap >= 3.1.0
 commands =
     pytest {posargs}