From 2cec2ce12836bb06ff0c52496cc834084cfa5a8d Mon Sep 17 00:00:00 2001
From: Sasha Romijn <github@mxsasha.eu>
Date: Mon, 15 Jan 2024 21:04:00 +0100
Subject: [PATCH] Fix #891 - Fix legacy password hash support

The auth line checker did correctly include legacy validators,
but this only happened after AuthValidator initialised the RPSLMntner
object with strict validation, discarding invalid auth lines.
---
 irrd/updates/tests/test_validators.py | 20 ++++++++++++++++++--
 irrd/updates/validators.py            |  2 +-
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/irrd/updates/tests/test_validators.py b/irrd/updates/tests/test_validators.py
index 0962e0727..0626e1833 100644
--- a/irrd/updates/tests/test_validators.py
+++ b/irrd/updates/tests/test_validators.py
@@ -180,6 +180,23 @@ def test_valid_new_person(self, prepare_mocks):
             ["rpsl_pks", ({"TEST-MNT"},), {}],
         ]
 
+    def test_new_person_with_legacy_hash(self, prepare_mocks, config_override):
+        config_override(
+            {
+                "auth": {"password_hashers": {"crypt-pw": "legacy"}},
+            }
+        )
+
+        validator, mock_dq, mock_dh = prepare_mocks
+        person = rpsl_object_from_text(SAMPLE_PERSON)
+        mock_dh.execute_query = lambda q: [
+            {"object_class": "mntner", "object_text": SAMPLE_MNTNER},
+        ]
+
+        validator.passwords = [SAMPLE_MNTNER_CRYPT]
+        result = validator.process_auth(person, None)
+        assert result.is_valid()
+
     def test_new_person_with_authless_mntner(self, prepare_mocks, config_override):
         # "authless" meaning: no auth lines that are currently enabled - #891
         config_override(
@@ -193,12 +210,11 @@ def test_new_person_with_authless_mntner(self, prepare_mocks, config_override):
         cryptonly_maintainer = "\n".join(
             line for line in SAMPLE_MNTNER.splitlines() if not line.startswith("auth:") or "CRYPT" in line
         )
-        print(cryptonly_maintainer)
         mock_dh.execute_query = lambda q: [
             {"object_class": "mntner", "object_text": cryptonly_maintainer},
         ]
 
-        validator.passwords = [SAMPLE_MNTNER_MD5]
+        validator.passwords = [SAMPLE_MNTNER_CRYPT]
         result = validator.process_auth(person, None)
         assert not result.is_valid()
 
diff --git a/irrd/updates/validators.py b/irrd/updates/validators.py
index 375a93ff9..34b056731 100644
--- a/irrd/updates/validators.py
+++ b/irrd/updates/validators.py
@@ -484,7 +484,7 @@ def _check_mntners(
             query = query.object_classes(["mntner"]).rpsl_pks(mntner_pks_to_resolve)
             results = self.database_handler.execute_query(query)
 
-            retrieved_mntner_objs: List[RPSLMntner] = [rpsl_object_from_text(r["object_text"]) for r in results]  # type: ignore
+            retrieved_mntner_objs: List[RPSLMntner] = [rpsl_object_from_text(r["object_text"], strict_validation=False) for r in results]  # type: ignore
             self._mntner_db_cache.update(retrieved_mntner_objs)
             mntner_objs += retrieved_mntner_objs