From 4805ecceeaba5a7a903dbb16f28ebdc851b7db4c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89ric=20Falconnier?= <eric.falconnier@112hz.com>
Date: Thu, 14 May 2020 12:26:35 +0200
Subject: [PATCH] Move password hash module

Remove unused slack logger. Fix import error during tests.
---
 server/realms/backends/ldap/__init__.py |  2 +-
 server/realms/utils.py                  | 33 +++++++++++++++++++++++++
 server/utils/password_hash.py           | 33 -------------------------
 server/utils/slack_logging_handler.py   | 19 --------------
 zentral/contrib/mdm/forms.py            |  2 +-
 5 files changed, 35 insertions(+), 54 deletions(-)
 delete mode 100644 server/utils/password_hash.py
 delete mode 100644 server/utils/slack_logging_handler.py

diff --git a/server/realms/backends/ldap/__init__.py b/server/realms/backends/ldap/__init__.py
index b9a129b92c..4e7344e586 100644
--- a/server/realms/backends/ldap/__init__.py
+++ b/server/realms/backends/ldap/__init__.py
@@ -3,7 +3,7 @@
 from django.urls import reverse
 import ldap
 from realms.backends.base import BaseBackend
-from utils.password_hash import build_password_hash_dict
+from realms.utils import build_password_hash_dict
 
 
 logger = logging.getLogger("zentral.realms.backends.ldap")
diff --git a/server/realms/utils.py b/server/realms/utils.py
index 300cf04efb..24a83603d3 100644
--- a/server/realms/utils.py
+++ b/server/realms/utils.py
@@ -1,7 +1,20 @@
+import base64
+import hashlib
+import logging
+import random
 from django.conf import settings
 from django.contrib.auth import authenticate, login
 
 
+logger = logging.getLogger("zentral.realms.utils")
+
+
+try:
+    random = random.SystemRandom()
+except NotImplementedError:
+    logger.warning('No secure pseudo random number generator available.')
+
+
 def login_callback(request, realm_user, next_url=None):
     """
     Realm authorization session callback used to log realm users in,
@@ -14,3 +27,23 @@ def login_callback(request, realm_user, next_url=None):
         request.session.set_expiry(0)
         login(request, user)
     return next_url or settings.LOGIN_REDIRECT_URL
+
+
+def build_password_hash_dict(password):
+    # see https://developer.apple.com/documentation/devicemanagement/setautoadminpasswordcommand/command
+    # for the compatibility
+    password = password.encode("utf-8")
+    salt = bytearray(random.getrandbits(8) for i in range(32))
+    iterations = 39999
+    # see https://github.com/micromdm/micromdm/blob/master/pkg/crypto/password/password.go macKeyLen !!!
+    # Danke github.com/groob !!!
+    dklen = 128
+
+    dk = hashlib.pbkdf2_hmac("sha512", password, salt, iterations, dklen=dklen)
+    return {
+        "SALTED-SHA512-PBKDF2": {
+            "entropy": base64.b64encode(dk).decode("ascii").strip(),
+            "salt": base64.b64encode(salt).decode("ascii").strip(),
+            "iterations": iterations
+        }
+    }
diff --git a/server/utils/password_hash.py b/server/utils/password_hash.py
deleted file mode 100644
index 251b12ca14..0000000000
--- a/server/utils/password_hash.py
+++ /dev/null
@@ -1,33 +0,0 @@
-import base64
-import hashlib
-import logging
-import random
-
-
-logger = logging.getLogger("zentral.base.utils.password_hash")
-
-
-try:
-    random = random.SystemRandom()
-except NotImplementedError:
-    logger.warning('No secure pseudo random number generator available.')
-
-
-def build_password_hash_dict(password):
-    # see https://developer.apple.com/documentation/devicemanagement/setautoadminpasswordcommand/command
-    # for the compatibility
-    password = password.encode("utf-8")
-    salt = bytearray(random.getrandbits(8) for i in range(32))
-    iterations = 39999
-    # see https://github.com/micromdm/micromdm/blob/master/pkg/crypto/password/password.go macKeyLen !!!
-    # Danke github.com/groob !!!
-    dklen = 128
-
-    dk = hashlib.pbkdf2_hmac("sha512", password, salt, iterations, dklen=dklen)
-    return {
-        "SALTED-SHA512-PBKDF2": {
-            "entropy": base64.b64encode(dk).decode("ascii").strip(),
-            "salt": base64.b64encode(salt).decode("ascii").strip(),
-            "iterations": iterations
-        }
-    }
diff --git a/server/utils/slack_logging_handler.py b/server/utils/slack_logging_handler.py
deleted file mode 100644
index 002fd3dc55..0000000000
--- a/server/utils/slack_logging_handler.py
+++ /dev/null
@@ -1,19 +0,0 @@
-import json
-import requests
-from django.conf import settings
-from django.utils.log import AdminEmailHandler
-
-API_ENDPOINT = "https://slack.com/api/chat.postMessage"
-
-
-class SlackHandler(AdminEmailHandler):
-    def send_mail(self, subject, message, *args, **kwargs):
-        args = {'text': "\n\n".join([subject, message])}
-        if hasattr(settings, 'SLACK_ERROR_REPORTING_WEBHOOK'):
-            url = settings.SLACK_ERROR_REPORTING_WEBHOOK
-        else:
-            args.update({'token': settings.SLACK_ERROR_REPORTING_TOKEN,
-                         'channel': settings.SLACK_ERROR_REPORTING_CHANNEL,
-                         'username': settings.SLACK_ERROR_REPORTING_USERNAME})
-            url = API_ENDPOINT
-        requests.post(url, headers={'Accept': 'application/json'}, data=json.dumps(args))
diff --git a/zentral/contrib/mdm/forms.py b/zentral/contrib/mdm/forms.py
index 202429d8e4..42080ba607 100644
--- a/zentral/contrib/mdm/forms.py
+++ b/zentral/contrib/mdm/forms.py
@@ -1,7 +1,7 @@
 import plistlib
 from django import forms
 from django.db import connection
-from utils.password_hash import build_password_hash_dict
+from realms.utils import build_password_hash_dict
 from zentral.contrib.inventory.models import MetaMachine
 from .dep import decrypt_dep_token
 from .dep_client import DEPClient