Fix #891 - Fix legacy password hash support

The auth line checker did correctly include legacy validators, but this only happened after AuthValidator initialised the RPSLMntner object with strict validation, discarding invalid auth lines.
irrdnet · Jan 16, 2024 · 7d1cc4a · 7d1cc4a
1 parent b82fc61
commit 7d1cc4a
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 3 deletions.
diff --git a/irrd/updates/tests/test_validators.py b/irrd/updates/tests/test_validators.py
@@ -180,6 +180,24 @@ def test_valid_new_person(self, prepare_mocks):
             ["rpsl_pks", ({"TEST-MNT"},), {}],
         ]
 
+    def test_new_person_with_legacy_hash(self, prepare_mocks, config_override):
+        # "authless" meaning: no auth lines that are currently enabled - #891
+        config_override(
+            {
+                "auth": {"password_hashers": {"crypt-pw": "legacy"}},
+            }
+        )
+
+        validator, mock_dq, mock_dh = prepare_mocks
+        person = rpsl_object_from_text(SAMPLE_PERSON)
+        mock_dh.execute_query = lambda q: [
+            {"object_class": "mntner", "object_text": SAMPLE_MNTNER},
+        ]
+
+        validator.passwords = [SAMPLE_MNTNER_CRYPT]
+        result = validator.process_auth(person, None)
+        assert result.is_valid()
+
     def test_new_person_with_authless_mntner(self, prepare_mocks, config_override):
         # "authless" meaning: no auth lines that are currently enabled - #891
         config_override(
@@ -193,12 +211,11 @@ def test_new_person_with_authless_mntner(self, prepare_mocks, config_override):
         cryptonly_maintainer = "\n".join(
             line for line in SAMPLE_MNTNER.splitlines() if not line.startswith("auth:") or "CRYPT" in line
         )
-        print(cryptonly_maintainer)
         mock_dh.execute_query = lambda q: [
             {"object_class": "mntner", "object_text": cryptonly_maintainer},
         ]
 
-        validator.passwords = [SAMPLE_MNTNER_MD5]
+        validator.passwords = [SAMPLE_MNTNER_CRYPT]
         result = validator.process_auth(person, None)
         assert not result.is_valid()
 

diff --git a/irrd/updates/validators.py b/irrd/updates/validators.py
@@ -484,7 +484,7 @@ def _check_mntners(
             query = query.object_classes(["mntner"]).rpsl_pks(mntner_pks_to_resolve)
             results = self.database_handler.execute_query(query)
 
-            retrieved_mntner_objs: List[RPSLMntner] = [rpsl_object_from_text(r["object_text"]) for r in results]  # type: ignore
+            retrieved_mntner_objs: List[RPSLMntner] = [rpsl_object_from_text(r["object_text"], strict_validation=False) for r in results]  # type: ignore
             self._mntner_db_cache.update(retrieved_mntner_objs)
             mntner_objs += retrieved_mntner_objs