# -*- coding: utf-8 -*-
#
# Copyright (C) 2007, 2008 by Jan Dittberner.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
# USA.
#
# Version: $Id$

"""This module provides some functions for password handling."""
import crypt
import crack
import random
import logging

log = logging.getLogger(__name__)

_pwchars = []
for _pair in (('0', '9'), ('A', 'Z'), ('a', 'z')):
    _pwchars.extend(range(ord(_pair[0]), ord(_pair[1])))
_saltchars = [_char for _char in _pwchars]
for _char in "-+/*_@":
    _pwchars.append(ord(_char))


def generatepassword(minlength = 8, maxlength = 12):
    """Generates a new random password with a given length.

    The generated password has a length between minlength and maxlength.

    Keyword arguments:
    minlength -- minimum length of the generated password
    maxlength -- the maximum length of the generated password

    """
    return "".join([chr(letter) for letter in \
                    random.sample(_pwchars,
                                  random.randint(minlength, maxlength))])


def checkpassword(password):
    """Checks the password with cracklib.

    The password is returned if it is good enough. Otherwise None is
    returned.

    Arguments:
    password -- the password to check
    """
    try:
        return crack.VeryFascistCheck(password)
    except ValueError, ve:
        log.info("Weak password: %s", ve)
    return None


def md5_crypt_password(password):
    """Hashes the given password with MD5 and a random salt value.

    A password hashed with MD5 and a random salt value is returned.

    Arguments:
    password -- the password to hash
    """
    salt = "".join([chr(letter) for letter in \
                    random.sample(_saltchars, 8)])
    return crypt.crypt(password, '$1$' + salt)


def get_pw_tuple(password = None):
    """Gets a valid (password, hashvalue) tuple.

    The tuple consists of a password and a md5 hash of the same
    password. If a password is given it is checked and if it is too
    weak replaced by a generated one.

    """
    while password == None or checkpassword(password) == None:
        password = generatepassword()
    return (password, md5_crypt_password(password))


def validate_password(hash, password):
    """Validates whether the given clear text password matches the
    given hash value.
    """
    return hash == crypt.crypt(password, hash)