From 7e2039734effcb0187485d78ea49239fbb695826 Mon Sep 17 00:00:00 2001 From: Tiziano Zito Date: Mon, 19 Aug 2024 12:27:42 +0200 Subject: [PATCH 01/21] add complete solution --- .gitignore | 1 + auth.py | 105 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 106 insertions(+) create mode 100644 .gitignore create mode 100644 auth.py diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8f2e53e --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +pwdb.json diff --git a/auth.py b/auth.py new file mode 100644 index 0000000..a845cc8 --- /dev/null +++ b/auth.py @@ -0,0 +1,105 @@ +import getpass +import json +import pathlib +import random +import string +import sys + +# name of the file where we store the pw database +PWDB_FLNAME = pathlib.Path('pwdb.json') + +# list of valid characters for salt (only ASCII letters + digits + punctuation) +CHARS = string.ascii_letters + string.digits + string.punctuation + +# length of salt +SALT_LENGTH = 5 + +def get_credentials(): + # get input from terminal + username = input('Enter your username: ') + # get password using the appropriate module, so that typed characters are not + # echoed to the terminal + password = getpass.getpass('Enter your password: ') + return (username, password) + +def authenticate(username, pass_text, pwdb): + # get the salt from the database + salt = pwdb[username][1] + # calculate hash and compare with stored hash + return pwhash(pass_text, salt) == pwdb[username][0] + +def add_user(username, pwdb): + # do not try to add a username twice + if username in pwdb: + raise Exception(f'Username already exists [{username}]!') + else: + password = getpass.getpass(f'Enter password for {username}: ') + salt = get_salt() + pwdb[username] = (pwhash(password,salt), salt) + return pwdb + +def read_pwdb(pwdb_path): + # try to read from the database + # if anything happens, report the error! + if not pwdb_path.exists(): + initialize_pwdb(pwdb_path) + try: + with open(pwdb_path, 'rt') as pwdb_file: + pwdb = json.load(pwdb_file) + except json.decoder.JSONDecodeError as exc: + # this happens when the json data is invalid + raise Exception(f'Invalid database {pwdb_path}: {exc}') + except Exception as exc: + # this is a catch-all condition + raise Exception(f'Unkown error reading {pwdb_path}: {exc}') + return pwdb + +def write_pwdb(pwdb, pwdb_path): + with open(pwdb_path, 'wt') as pwdb_file: + json.dump(pwdb, pwdb_file) + +def pwhash(pass_text, salt): + # simple additive hash -> very insecure! + hash_ = 0 + full_pass_text = pass_text + salt + for idx, char in enumerate(full_pass_text): + # use idx as a multiplier, so that shuffling the characters returns a + # different hash + hash_ += (idx+1)*ord(char) + return hash_ + +def get_salt(): + salt_chars = random.choices(CHARS, k=SALT_LENGTH) + return ''.join(salt_chars) + +def initialize_pwdb(pwdb_path): + write_pwdb({}, pwdb_path) + +def main(pwdb_path): + # load the password database from file + pwdb = read_pwdb(pwdb_path) + + # if we are passed an argument, we want to add a new user + if len(sys.argv) > 1: + pwdb = add_user(sys.argv[1], pwdb) + write_pwdb(pwdb, pwdb_path) + return + + # ask for credentials + username, password = get_credentials() + + if username not in pwdb: + print('Wrong username!') + return + + # try to authenticate + if authenticate(username, password, pwdb): + print('Successfully authenticated!') + else: + # report wrong password + print('Wrong password!') + return + +if __name__ == '__main__': + main(PWDB_FLNAME) + From 4e24d45804994cafa5d553927d1894d9bdd62aec Mon Sep 17 00:00:00 2001 From: Tiziano Zito Date: Mon, 19 Aug 2024 13:03:50 +0200 Subject: [PATCH 02/21] link to visualizations --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 041767e..61db69e 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ - `git checkout ` ➔ `DETACHED HEAD` problem, __changes__ __files__ - interaction with branches: `git branch ` + `git switch ` - `git gui`: building commits along the way interactively (for the *mess around* type of workflows) +- check out these [sketches](git-commands-visualizations.pdf) for a graphical visualization of git commands! ## The Open Source model - remotes: `git pull `, `git push `, `git fetch `, `git merge ` From fb8ba56c793499c904a4d85a120576ed8d184320 Mon Sep 17 00:00:00 2001 From: Tiziano Zito Date: Mon, 19 Aug 2024 13:05:00 +0200 Subject: [PATCH 03/21] add link to exercise from the README --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 61db69e..17ccaa6 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,7 @@ ## Setup - Login with your username found on your name badge and set the initial password for your account: https://git.aspp.school/user/login - You'll have to type that password many many times this week: choose wisely! +- We will use the [exercise](exercise.md) in the repo for the rest of the lecture ## Warm-Up - how to start a repo from scratch? From 10305c4829a289d228f361f86aae38fa7398f789 Mon Sep 17 00:00:00 2001 From: Tiziano Zito Date: Mon, 19 Aug 2024 15:38:36 +0200 Subject: [PATCH 04/21] add quote by Lars Wirzenius --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 17ccaa6..1978ffe 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,14 @@ - You'll have to type that password many many times this week: choose wisely! - We will use the [exercise](exercise.md) in the repo for the rest of the lecture +## A cautionary quote + +> My first instinct is to sell all my computers, fake my own death, move to another planet, and reinvent computing from scratch, rather than try to understand Git. +> +> I rarely actually do that, mind you. But the urge is there. + +— Lars Wirzenius (Linux kernel developer) + ## Warm-Up - how to start a repo from scratch? - `git init` local method From 5ce20dffbff228650e433ab77632c8a5bb1983c4 Mon Sep 17 00:00:00 2001 From: Tiziano Zito Date: Mon, 19 Aug 2024 16:15:09 +0200 Subject: [PATCH 05/21] add note about getting files from different branches --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 1978ffe..2e4865a 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,9 @@ - how to *move* the whole working directory to a specific point in history? - `git checkout ` ➔ `DETACHED HEAD` problem, __changes__ __files__ - interaction with branches: `git branch ` + `git switch ` +- how to copy a file from a different branch: + - `git checkout ` ➔ the file is staged automatically + - `git restore --source= Date: Thu, 22 Aug 2024 11:39:40 +0200 Subject: [PATCH 06/21] lecture notes will follow after the lecture --- README.md | 28 ++-------------------------- 1 file changed, 2 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index 2e4865a..2f2416d 100644 --- a/README.md +++ b/README.md @@ -13,33 +13,9 @@ — Lars Wirzenius (Linux kernel developer) -## Warm-Up -- how to start a repo from scratch? - - `git init` local method - - on an online forge (GitHub, GitLab, …): `git clone` -- how to revert mistakes? - - before commit: - - `git restore ` [discard changes in the working directory] __changes files__ - - `git restore --staged ` [unstage changes ➔ opposite of `git add `, does not modify the working directory] - - after commit: - - `git revert ` [creates a new commit, modifies the working directory] - - `git reset ` [only reset the HEAD pointer, does not modify the working directory] __rewrites history__ ➔ can not be used if you have already pushed to some remote - - `git reset --hard ` [reset HEAD and modify working directory] __rewrites history__ and __changes files__ ➔ can not be used if you have already pushed to some remote -- how to *move* the whole working directory to a specific point in history? - - `git checkout ` ➔ `DETACHED HEAD` problem, __changes__ __files__ - - interaction with branches: `git branch ` + `git switch ` -- how to copy a file from a different branch: - - `git checkout ` ➔ the file is staged automatically - - `git restore --source= `, `git push `, `git fetch `, `git merge ` -- GitHub: forks, branches and PRs: important ➔ explain fork vs. clone!!! -- strategies for keeping your fork up-to-date: your `main`, origin's and upstream's `main`, short-lived and long-lived topic branches -- a more thorough and detailed explanation can be found on the [SciPy Contributor's Guide](https://docs.scipy.org/doc/scipy/dev/gitwash/gitwash.html). This guide can be adapted to your own needs, see [gitwash](https://github.com/matthew-brett/gitwash). -- make it clear that GitHub and GitLab are just options (git≠GitHub) +… will follow after the lecture … ## Scenarios 1. [lone scientist](scenarios/scenario1.png) working alone in the cellar without Internet (local git) From efcb6ae933a95e588ef0895b985e616ea64a0f7c Mon Sep 17 00:00:00 2001 From: Tiziano Zito Date: Thu, 22 Aug 2024 11:49:59 +0200 Subject: [PATCH 07/21] simplified solution --- auth.py | 29 ++++++----------------------- 1 file changed, 6 insertions(+), 23 deletions(-) diff --git a/auth.py b/auth.py index a845cc8..5408393 100644 --- a/auth.py +++ b/auth.py @@ -39,19 +39,11 @@ def add_user(username, pwdb): return pwdb def read_pwdb(pwdb_path): - # try to read from the database - # if anything happens, report the error! if not pwdb_path.exists(): - initialize_pwdb(pwdb_path) - try: + pwdb = {} + else: with open(pwdb_path, 'rt') as pwdb_file: pwdb = json.load(pwdb_file) - except json.decoder.JSONDecodeError as exc: - # this happens when the json data is invalid - raise Exception(f'Invalid database {pwdb_path}: {exc}') - except Exception as exc: - # this is a catch-all condition - raise Exception(f'Unkown error reading {pwdb_path}: {exc}') return pwdb def write_pwdb(pwdb, pwdb_path): @@ -72,9 +64,6 @@ def get_salt(): salt_chars = random.choices(CHARS, k=SALT_LENGTH) return ''.join(salt_chars) -def initialize_pwdb(pwdb_path): - write_pwdb({}, pwdb_path) - def main(pwdb_path): # load the password database from file pwdb = read_pwdb(pwdb_path) @@ -87,17 +76,11 @@ def main(pwdb_path): # ask for credentials username, password = get_credentials() - - if username not in pwdb: - print('Wrong username!') - return - - # try to authenticate - if authenticate(username, password, pwdb): - print('Successfully authenticated!') + if username not in pwdb or not authenticate(username, password, pwdb): + print('Wrong username or password!') else: - # report wrong password - print('Wrong password!') + print('Successfully authenticated!') + return if __name__ == '__main__': From fa633f7d1a7ccc458f5eabb0f5b9265d5a03c01c Mon Sep 17 00:00:00 2001 From: Tiziano Zito Date: Mon, 26 Aug 2024 11:34:56 +0300 Subject: [PATCH 08/21] complete implementation of basic API --- auth.py | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 auth.py diff --git a/auth.py b/auth.py new file mode 100644 index 0000000..67064e5 --- /dev/null +++ b/auth.py @@ -0,0 +1,42 @@ +import json +import sys + +def get_credentials(): + username = input('Enter your username: ') + password = input('Enter your password: ') + return (username, password) + +def authenticate(username, password, pwdb): + return password == pwdb[username] + +def add_user(username, pwdb): + pwdb[username] = input(f'Enter password for {username}: ') + return pwdb + +def read_pwdb(pwdb_path): + try: + pwdb_file = open(pwdb_path, 'rt') + pwdb = json.load(pwdb_file) + except Exception: + pwdb = {} + return pwdb + +def write_pwdb(pwdb, pwdb_path): + pwdb_file = open(pwdb_path, 'wt') + json.dump(pwdb, pwdb_file) + +pwdb_path = 'pwdb.json' +pwdb = read_pwdb(pwdb_path) + +if len(sys.argv) > 1: + pwdb = add_user(sys.argv[1], pwdb) + write_pwdb(pwdb, pwdb_path) +else: + username, password = get_credentials() + if username not in pwdb: + print('Wrong username!') + else: + if authenticate(username, password, pwdb): + print('Successfully authenticated!') + else: + print('Wrong password!') From 095f4474b02cdd432b069beaf5cbb5359789cb05 Mon Sep 17 00:00:00 2001 From: Tiziano Zito Date: Mon, 26 Aug 2024 11:37:22 +0300 Subject: [PATCH 09/21] do not track pwdb with git --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8f2e53e --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +pwdb.json From 8a07dbab029470aac89408b0e4ca34237685d31a Mon Sep 17 00:00:00 2001 From: morales-gregorio Date: Mon, 26 Aug 2024 11:03:02 +0200 Subject: [PATCH 10/21] fix stuff --- .gitignore | 1 + auth.py | 29 +++++++++++++++++------------ 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/.gitignore b/.gitignore index 8f2e53e..a2e1756 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ pwdb.json +__pycache__ \ No newline at end of file diff --git a/auth.py b/auth.py index 67064e5..a9afa2c 100644 --- a/auth.py +++ b/auth.py @@ -1,6 +1,8 @@ import json import sys +pwdb_path = 'pwdb.json' + def get_credentials(): username = input('Enter your username: ') password = input('Enter your password: ') @@ -25,18 +27,21 @@ def write_pwdb(pwdb, pwdb_path): pwdb_file = open(pwdb_path, 'wt') json.dump(pwdb, pwdb_file) -pwdb_path = 'pwdb.json' -pwdb = read_pwdb(pwdb_path) +def main(): + pwdb = read_pwdb(pwdb_path) -if len(sys.argv) > 1: - pwdb = add_user(sys.argv[1], pwdb) - write_pwdb(pwdb, pwdb_path) -else: - username, password = get_credentials() - if username not in pwdb: - print('Wrong username!') + if len(sys.argv) > 1: + pwdb = add_user(sys.argv[1], pwdb) + write_pwdb(pwdb, pwdb_path) else: - if authenticate(username, password, pwdb): - print('Successfully authenticated!') + username, password = get_credentials() + if username not in pwdb: + print('Wrong username!') else: - print('Wrong password!') + if authenticate(username, password, pwdb): + print('Successfully authenticated!') + else: + print('Wrong password!') + +if __name__=='__main__': + main() \ No newline at end of file From 65a910ff90687c9a99c8211d9eac128502e1c672 Mon Sep 17 00:00:00 2001 From: Tiziano Zito Date: Mon, 26 Aug 2024 12:08:10 +0300 Subject: [PATCH 11/21] implement name-main trick --- auth.py | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/auth.py b/auth.py index 67064e5..9c68472 100644 --- a/auth.py +++ b/auth.py @@ -25,18 +25,21 @@ def write_pwdb(pwdb, pwdb_path): pwdb_file = open(pwdb_path, 'wt') json.dump(pwdb, pwdb_file) -pwdb_path = 'pwdb.json' -pwdb = read_pwdb(pwdb_path) -if len(sys.argv) > 1: - pwdb = add_user(sys.argv[1], pwdb) - write_pwdb(pwdb, pwdb_path) -else: - username, password = get_credentials() - if username not in pwdb: - print('Wrong username!') +if __name__ == "__main__": + pwdb_path = 'pwdb.json' + pwdb = read_pwdb(pwdb_path) + + + if len(sys.argv) > 1: + pwdb = add_user(sys.argv[1], pwdb) + write_pwdb(pwdb, pwdb_path) else: - if authenticate(username, password, pwdb): - print('Successfully authenticated!') + username, password = get_credentials() + if username not in pwdb: + print('Wrong username!') else: - print('Wrong password!') + if authenticate(username, password, pwdb): + print('Successfully authenticated!') + else: + print('Wrong password!') From 975136a53920f44110ddef5f98d65f438b90c847 Mon Sep 17 00:00:00 2001 From: morales-gregorio Date: Mon, 26 Aug 2024 11:40:23 +0200 Subject: [PATCH 12/21] hidde password typing --- auth.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/auth.py b/auth.py index 6219db5..aed1472 100644 --- a/auth.py +++ b/auth.py @@ -1,11 +1,12 @@ import json import sys +from getpass import getpass pwdb_path = 'pwdb.json' def get_credentials(): username = input('Enter your username: ') - password = input('Enter your password: ') + password = getpass('Enter your password: ') return (username, password) def authenticate(username, password, pwdb): From 54201439cb7e1ebb743dbdfabead50f592424bd2 Mon Sep 17 00:00:00 2001 From: morales-gregorio Date: Mon, 26 Aug 2024 12:00:16 +0200 Subject: [PATCH 13/21] capitalize global variable --- auth.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/auth.py b/auth.py index aed1472..1559a08 100644 --- a/auth.py +++ b/auth.py @@ -2,7 +2,7 @@ import json import sys from getpass import getpass -pwdb_path = 'pwdb.json' +PWDB_PATH = 'pwdb.json' def get_credentials(): username = input('Enter your username: ') @@ -16,26 +16,26 @@ def add_user(username, pwdb): pwdb[username] = input(f'Enter password for {username}: ') return pwdb -def read_pwdb(pwdb_path): +def read_pwdb(PWDB_PATH): try: - pwdb_file = open(pwdb_path, 'rt') + pwdb_file = open(PWDB_PATH, 'rt') pwdb = json.load(pwdb_file) except Exception: pwdb = {} return pwdb -def write_pwdb(pwdb, pwdb_path): - pwdb_file = open(pwdb_path, 'wt') +def write_pwdb(pwdb, PWDB_PATH): + pwdb_file = open(PWDB_PATH, 'wt') json.dump(pwdb, pwdb_file) if __name__ == "__main__": - pwdb_path = 'pwdb.json' - pwdb = read_pwdb(pwdb_path) + PWDB_PATH = 'pwdb.json' + pwdb = read_pwdb(PWDB_PATH) if len(sys.argv) > 1: pwdb = add_user(sys.argv[1], pwdb) - write_pwdb(pwdb, pwdb_path) + write_pwdb(pwdb, PWDB_PATH) else: username, password = get_credentials() if username not in pwdb: From 92818882f90e88bd52de256cb24aa93bb592ce57 Mon Sep 17 00:00:00 2001 From: Matthias Tangemann Date: Mon, 26 Aug 2024 14:50:17 +0300 Subject: [PATCH 14/21] add a cheatsheet for git commands --- cheatsheet.md | 176 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 176 insertions(+) create mode 100644 cheatsheet.md diff --git a/cheatsheet.md b/cheatsheet.md new file mode 100644 index 0000000..813aa43 --- /dev/null +++ b/cheatsheet.md @@ -0,0 +1,176 @@ +# Git cheatsheet + +## Creating a repository +```bash +git init +``` +Creates new git repository in current directory. + +```bash +git clone () +``` +Clones the repository at the specified url. If no path is specified, the repository will +be cloned into a directory with the same name as the remote repository. + + +## Branches +```bash +git branch +``` +Lists all branches in the repository. + +```bash +git branch +``` +Creates a new branch with the given name. + +```bash +git switch +``` +Switches to the specified branch. + +```bash +git merge +``` +Merges the specified branch into the current branch. + + +## Making changes +```bash +git status +``` +Shows the status of the repository. This includes the current branch and files that have been modified. + +```bash +git diff (--staged) +``` +Shows the changes that have been made to the files in the repository. Use `--staged` to see changes that have been added to the staging area. + +```bash +git add +``` +Adds the specified file to the staging area. + +```bash +git add . +``` +Adds all files in the current directory to the staging area. + +```bash +git reset () +``` +Removes the specified file from the staging area. If no file is specified, all files are removed. + +```bash +git commit (-m "") +``` +Commits all changes in the staging area to the current branch. If the `-m` flag is omitted, a text editor will open to write a commit message. + +```bash +git commit --amend +``` +Adds the staged changes to the last commit. This can be used for fixing typos in the commit message. + + +## Undoing changes +```bash +git restore +``` +Restores the specified file to the state of the last commit. This undoes uncommitted changes. + +```bash +git revert +``` +Creates a new commit that undoes the changes of the specified commit. Use `git log` to find the hash of the commit. + +```bash +git reset --hard +``` +Resets the current branch to the specified commit. DANGER: This will remove all changes after the specified commit. Prefer `git revert`. + + +## Looking at the history +```bash +git log (--oneline) +``` +Shows all past commits on the current branch. Use `--oneline` to show a more compact view. + +```bash +git show +``` +Shows the changes of the specified commit. Use `git log` to find the has of the commit. + + +## Remote repositories +```bash +git remote add +``` +Adds a new remote repository with the specified name (e.g. `origin` or `upstream`) and url. Origin is automatically created when cloning a repository. + +```bash +git push +``` +Pushes the specified branch to the remote repository. + +```bash +git fetch +``` +Fetches changes from the remote repository. + +```bash +git pull +``` +Fetches changes from the remote repository and merges them into the current branch. + + +## Typical workflow +```bash +# 1. Fork the repository on GitHub / git.aspp.school + +# 2. Clone the repository +git clone +git remote add upstream + +# 3. Create a new branch +git branch +git switch + +# 4. Make changes to the code + +# 5. Add and commit changes +git add . +git commit -m "" + +# 6. Push changes to your fork +git push origin + +# 7. Create a pull request on GitHub / git.aspp.school + +# 8. Wait for the pull request to be reviewed and merged + +# 9. Pull changes from the remote repository +git switch main +git pull upstream main + +# 10. Delete the topic branch +git branch -d +``` + +Whenever the remote repository is updated (i.e. when a pull request is merged), you need to pull the changes into your local repository. +```bash +git switch main +git pull upstream main + +# If you have an active topic branch, you need to rebase it on top of the updated main branch +git switch +git rebase main +``` + + +## Getting help +```bash +git help +``` +Shows the manual page for the specified command (`add`, `commit`, `push`, etc.). + +Official Git documentation: https://git-scm.com/docs From 028fb6bf931270ba594b728b746039c2218cd54b Mon Sep 17 00:00:00 2001 From: ASPP Student Date: Mon, 26 Aug 2024 14:53:00 +0300 Subject: [PATCH 15/21] implement password hashing function --- auth.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/auth.py b/auth.py index 1559a08..fb0cb6b 100644 --- a/auth.py +++ b/auth.py @@ -1,6 +1,7 @@ import json import sys from getpass import getpass +from hashlib import sha256 PWDB_PATH = 'pwdb.json' @@ -29,6 +30,9 @@ def write_pwdb(pwdb, PWDB_PATH): json.dump(pwdb, pwdb_file) +def pwhash(pwd): + return sha256(pwd) + if __name__ == "__main__": PWDB_PATH = 'pwdb.json' pwdb = read_pwdb(PWDB_PATH) From 487f0f9597899d69d66e23ea87900832c653d764 Mon Sep 17 00:00:00 2001 From: ASPP Student Date: Mon, 26 Aug 2024 15:31:04 +0300 Subject: [PATCH 16/21] fix hashing password --- auth.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/auth.py b/auth.py index fb0cb6b..50296e3 100644 --- a/auth.py +++ b/auth.py @@ -31,7 +31,12 @@ def write_pwdb(pwdb, PWDB_PATH): def pwhash(pwd): - return sha256(pwd) + encoded_pwd = pwd.encode("utf-8") + m = sha256() + m.update(encoded_pwd) + return m.hexdigest() + + if __name__ == "__main__": PWDB_PATH = 'pwdb.json' From de4dc255acd7bbd2db200aad8323388ab9b2e3a6 Mon Sep 17 00:00:00 2001 From: ASPP Student Date: Mon, 26 Aug 2024 15:31:17 +0300 Subject: [PATCH 17/21] implement hashing password where needed --- auth.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/auth.py b/auth.py index 50296e3..fad77c5 100644 --- a/auth.py +++ b/auth.py @@ -7,14 +7,14 @@ PWDB_PATH = 'pwdb.json' def get_credentials(): username = input('Enter your username: ') - password = getpass('Enter your password: ') - return (username, password) + hashed_password = pwhash(getpass('Enter your password: ')) + return (username, hashed_password) -def authenticate(username, password, pwdb): - return password == pwdb[username] +def authenticate(username, hashed_password, pwdb): + return hashed_password == pwdb[username] def add_user(username, pwdb): - pwdb[username] = input(f'Enter password for {username}: ') + pwdb[username] = pwhash(input(f'Enter password for {username}: ')) return pwdb def read_pwdb(PWDB_PATH): From f54993e5de646f8bb1fa45977d990276fa441a6b Mon Sep 17 00:00:00 2001 From: ASPP Student Date: Mon, 26 Aug 2024 15:44:37 +0300 Subject: [PATCH 18/21] hide user password on user creation --- auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auth.py b/auth.py index fad77c5..7029239 100644 --- a/auth.py +++ b/auth.py @@ -14,7 +14,7 @@ def authenticate(username, hashed_password, pwdb): return hashed_password == pwdb[username] def add_user(username, pwdb): - pwdb[username] = pwhash(input(f'Enter password for {username}: ')) + pwdb[username] = pwhash(getpass(f'Enter password for {username}: ')) return pwdb def read_pwdb(PWDB_PATH): From 3bead9f7b61e7f4896d9dad167d5db1d24399629 Mon Sep 17 00:00:00 2001 From: Tiziano Zito Date: Thu, 22 Aug 2024 12:07:31 +0200 Subject: [PATCH 19/21] add full lecture notes --- README.md | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2f2416d..2e4865a 100644 --- a/README.md +++ b/README.md @@ -13,9 +13,33 @@ — Lars Wirzenius (Linux kernel developer) -## Lecture notes +## Warm-Up +- how to start a repo from scratch? + - `git init` local method + - on an online forge (GitHub, GitLab, …): `git clone` +- how to revert mistakes? + - before commit: + - `git restore ` [discard changes in the working directory] __changes files__ + - `git restore --staged ` [unstage changes ➔ opposite of `git add `, does not modify the working directory] + - after commit: + - `git revert ` [creates a new commit, modifies the working directory] + - `git reset ` [only reset the HEAD pointer, does not modify the working directory] __rewrites history__ ➔ can not be used if you have already pushed to some remote + - `git reset --hard ` [reset HEAD and modify working directory] __rewrites history__ and __changes files__ ➔ can not be used if you have already pushed to some remote +- how to *move* the whole working directory to a specific point in history? + - `git checkout ` ➔ `DETACHED HEAD` problem, __changes__ __files__ + - interaction with branches: `git branch ` + `git switch ` +- how to copy a file from a different branch: + - `git checkout ` ➔ the file is staged automatically + - `git restore --source= `, `git push `, `git fetch `, `git merge ` +- GitHub: forks, branches and PRs: important ➔ explain fork vs. clone!!! +- strategies for keeping your fork up-to-date: your `main`, origin's and upstream's `main`, short-lived and long-lived topic branches +- a more thorough and detailed explanation can be found on the [SciPy Contributor's Guide](https://docs.scipy.org/doc/scipy/dev/gitwash/gitwash.html). This guide can be adapted to your own needs, see [gitwash](https://github.com/matthew-brett/gitwash). +- make it clear that GitHub and GitLab are just options (git≠GitHub) ## Scenarios 1. [lone scientist](scenarios/scenario1.png) working alone in the cellar without Internet (local git) From a0d4fa9c8623afea224f709eded70df6abc8a47e Mon Sep 17 00:00:00 2001 From: Tiziano Zito Date: Mon, 26 Aug 2024 16:17:24 +0300 Subject: [PATCH 20/21] my solution --- auth.py | 103 ++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 67 insertions(+), 36 deletions(-) diff --git a/auth.py b/auth.py index 7029239..5408393 100644 --- a/auth.py +++ b/auth.py @@ -1,57 +1,88 @@ +import getpass import json +import pathlib +import random +import string import sys -from getpass import getpass -from hashlib import sha256 -PWDB_PATH = 'pwdb.json' +# name of the file where we store the pw database +PWDB_FLNAME = pathlib.Path('pwdb.json') + +# list of valid characters for salt (only ASCII letters + digits + punctuation) +CHARS = string.ascii_letters + string.digits + string.punctuation + +# length of salt +SALT_LENGTH = 5 def get_credentials(): + # get input from terminal username = input('Enter your username: ') - hashed_password = pwhash(getpass('Enter your password: ')) - return (username, hashed_password) + # get password using the appropriate module, so that typed characters are not + # echoed to the terminal + password = getpass.getpass('Enter your password: ') + return (username, password) -def authenticate(username, hashed_password, pwdb): - return hashed_password == pwdb[username] +def authenticate(username, pass_text, pwdb): + # get the salt from the database + salt = pwdb[username][1] + # calculate hash and compare with stored hash + return pwhash(pass_text, salt) == pwdb[username][0] def add_user(username, pwdb): - pwdb[username] = pwhash(getpass(f'Enter password for {username}: ')) + # do not try to add a username twice + if username in pwdb: + raise Exception(f'Username already exists [{username}]!') + else: + password = getpass.getpass(f'Enter password for {username}: ') + salt = get_salt() + pwdb[username] = (pwhash(password,salt), salt) return pwdb -def read_pwdb(PWDB_PATH): - try: - pwdb_file = open(PWDB_PATH, 'rt') - pwdb = json.load(pwdb_file) - except Exception: +def read_pwdb(pwdb_path): + if not pwdb_path.exists(): pwdb = {} + else: + with open(pwdb_path, 'rt') as pwdb_file: + pwdb = json.load(pwdb_file) return pwdb -def write_pwdb(pwdb, PWDB_PATH): - pwdb_file = open(PWDB_PATH, 'wt') - json.dump(pwdb, pwdb_file) +def write_pwdb(pwdb, pwdb_path): + with open(pwdb_path, 'wt') as pwdb_file: + json.dump(pwdb, pwdb_file) +def pwhash(pass_text, salt): + # simple additive hash -> very insecure! + hash_ = 0 + full_pass_text = pass_text + salt + for idx, char in enumerate(full_pass_text): + # use idx as a multiplier, so that shuffling the characters returns a + # different hash + hash_ += (idx+1)*ord(char) + return hash_ -def pwhash(pwd): - encoded_pwd = pwd.encode("utf-8") - m = sha256() - m.update(encoded_pwd) - return m.hexdigest() +def get_salt(): + salt_chars = random.choices(CHARS, k=SALT_LENGTH) + return ''.join(salt_chars) - - -if __name__ == "__main__": - PWDB_PATH = 'pwdb.json' - pwdb = read_pwdb(PWDB_PATH) +def main(pwdb_path): + # load the password database from file + pwdb = read_pwdb(pwdb_path) + # if we are passed an argument, we want to add a new user if len(sys.argv) > 1: pwdb = add_user(sys.argv[1], pwdb) - write_pwdb(pwdb, PWDB_PATH) - else: - username, password = get_credentials() - if username not in pwdb: - print('Wrong username!') - else: - if authenticate(username, password, pwdb): - print('Successfully authenticated!') - else: - print('Wrong password!') + write_pwdb(pwdb, pwdb_path) + return + + # ask for credentials + username, password = get_credentials() + if username not in pwdb or not authenticate(username, password, pwdb): + print('Wrong username or password!') + else: + print('Successfully authenticated!') + + return + +if __name__ == '__main__': + main(PWDB_FLNAME) From 02beb4359fcbaf85d346cc3314d38c96b8ab6125 Mon Sep 17 00:00:00 2001 From: Tiziano Zito Date: Thu, 29 Aug 2024 10:14:45 +0300 Subject: [PATCH 21/21] add reference to tarot cards meaning --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 2e4865a..c68f88f 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,8 @@ - Login with your username found on your name badge and set the initial password for your account: https://git.aspp.school/user/login - You'll have to type that password many many times this week: choose wisely! - We will use the [exercise](exercise.md) in the repo for the rest of the lecture +- find a partner to do pair-programming for this lecture by finding someone with the same tarot card as you +- before starting, make yourself acquainted with the meanining and the power of the tarot cards: carefully read [this booklet](https://aspp.school/wiki/_media/tarot-runic.pdf) ## A cautionary quote