From 7d1cc4a99fd257bb6e310798bdb70fd7ef1ff7c6 Mon Sep 17 00:00:00 2001
From: Sasha Romijn <github@mxsasha.eu>
Date: Mon, 15 Jan 2024 21:04:00 +0100
Subject: [PATCH] Fix #891 - Fix legacy password hash support

The auth line checker did correctly include legacy validators,
but this only happened after AuthValidator initialised the RPSLMntner
object with strict validation, discarding invalid auth lines.
---
 irrd/updates/tests/test_validators.py | 21 +++++++++++++++++++--
 irrd/updates/validators.py            |  2 +-
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/irrd/updates/tests/test_validators.py b/irrd/updates/tests/test_validators.py
index 0962e0727..0fddc6862 100644
--- a/irrd/updates/tests/test_validators.py
+++ b/irrd/updates/tests/test_validators.py
@@ -180,6 +180,24 @@ def test_valid_new_person(self, prepare_mocks):
             ["rpsl_pks", ({"TEST-MNT"},), {}],
         ]
 
+    def test_new_person_with_legacy_hash(self, prepare_mocks, config_override):
+        # "authless" meaning: no auth lines that are currently enabled - #891
+        config_override(
+            {
+                "auth": {"password_hashers": {"crypt-pw": "legacy"}},
+            }
+        )
+
+        validator, mock_dq, mock_dh = prepare_mocks
+        person = rpsl_object_from_text(SAMPLE_PERSON)
+        mock_dh.execute_query = lambda q: [
+            {"object_class": "mntner", "object_text": SAMPLE_MNTNER},
+        ]
+
+        validator.passwords = [SAMPLE_MNTNER_CRYPT]
+        result = validator.process_auth(person, None)
+        assert result.is_valid()
+
     def test_new_person_with_authless_mntner(self, prepare_mocks, config_override):
         # "authless" meaning: no auth lines that are currently enabled - #891
         config_override(
@@ -193,12 +211,11 @@ def test_new_person_with_authless_mntner(self, prepare_mocks, config_override):
         cryptonly_maintainer = "\n".join(
             line for line in SAMPLE_MNTNER.splitlines() if not line.startswith("auth:") or "CRYPT" in line
         )
-        print(cryptonly_maintainer)
         mock_dh.execute_query = lambda q: [
             {"object_class": "mntner", "object_text": cryptonly_maintainer},
         ]
 
-        validator.passwords = [SAMPLE_MNTNER_MD5]
+        validator.passwords = [SAMPLE_MNTNER_CRYPT]
         result = validator.process_auth(person, None)
         assert not result.is_valid()
 
diff --git a/irrd/updates/validators.py b/irrd/updates/validators.py
index 375a93ff9..34b056731 100644
--- a/irrd/updates/validators.py
+++ b/irrd/updates/validators.py
@@ -484,7 +484,7 @@ def _check_mntners(
             query = query.object_classes(["mntner"]).rpsl_pks(mntner_pks_to_resolve)
             results = self.database_handler.execute_query(query)
 
-            retrieved_mntner_objs: List[RPSLMntner] = [rpsl_object_from_text(r["object_text"]) for r in results]  # type: ignore
+            retrieved_mntner_objs: List[RPSLMntner] = [rpsl_object_from_text(r["object_text"], strict_validation=False) for r in results]  # type: ignore
             self._mntner_db_cache.update(retrieved_mntner_objs)
             mntner_objs += retrieved_mntner_objs