policy/context work

===================
* tweaks to policy kwds/format:
	- renamed "default" hash category to "all"
	- renamed "fallback" kwd to "default"
* added salt_charset to password hash api
* removed some legacy formats from policy parser
* minor renames to a lot of policy parser methods
* UTs for CryptPolicy & CryptContext added
	- all tests currently pass
	- CryptContext tests not *quite* done

2 files changed, 18 insertions, 10 deletions

diff --git a/docs/lib/passlib.base.rst b/docs/lib/passlib.base.rst
index 1838b37..14cce6f 100644
--- a/docs/lib/passlib.base.rst
+++ b/docs/lib/passlib.base.rst
@@ -34,7 +34,7 @@ Options for configuring a specific hash take the form of the name of
 ``{name}.{option}`` (eg ``sha512_crypt.default_rounds``); where ``{name}`` is usually the name of a password hash,
 and ``{option}`` is one of the options specified below.
 There are a few reserved hash names:
-Any options of the form ``default.{option}`` will be inherited by ALL hashes
+Any options of the form ``all.{option}`` will be inherited by all hashes
 if they do not have a ``{hash}.{option}`` value overriding the default.
 Any options of the form ``context.{option}`` will be treated as options for the context object itself,
 and not for a specified hash. Any options of the form ``{option}`` are taken to implicitly
@@ -54,7 +54,7 @@ The remaining options -
     if not specified, none are considered deprecated.
     this must be a subset of the names listed in context.schemes
 
-``context.fallback``
+``context.default``
     the default scheme context should use for generating new hashes.
     if not specified, the last entry in ``context/schemes`` is used.
 
@@ -134,11 +134,11 @@ A sample policy file::
     #configure what schemes the context supports (note the "context." prefix is implied for these keys)
     schemes = md5_crypt, sha512_crypt, bcrypt
     deprecated = md5_crypt
-    fallback = sha512_crypt
+    default = sha512_crypt
     min_verify_time = 0.1
 
-    #set some common options for ALL schemes
-    default.vary_default_rounds = 10%
+    #set some common options for all schemes
+    all.vary_default_rounds = 10%
 
     #setup some hash-specific defaults
     sha512_crypt.min_rounds = 40000
diff --git a/docs/password_hash_api.rst b/docs/password_hash_api.rst
index 2aae8d2..97a6798 100644
--- a/docs/password_hash_api.rst
+++ b/docs/password_hash_api.rst
@@ -282,7 +282,7 @@ across all handlers in passlib.
 
 For schemes which support a variable number of rounds,
 the following attributes are usually exposed
-(applications can test by checking for ``default_rounds``):
+(applications can test by checking for ``getattr(handler,"default_rounds",None)>0``):
 
 .. attribute:: default_rounds
 
@@ -311,14 +311,22 @@ the following attributes are usually exposed
 
 For schemes which support a salt,
 the following attributes are usually exposed
-(applications can test by checking for ``max_salt_chars``):
+(applications can test by checking for ``getattr(handler,"max_salt_chars",None)>0``):
+
+.. attribute:: max_salt_chars
+
+    maximum number of characters which will be *used*
+    if a salt string is provided to :func:`genconfig` or :func:`encrypt`.
+    must be positive integer if salts are supported,
+    may be ``None`` or ``0`` if salts are not supported.
 
 .. attribute:: min_salt_chars
 
     minimum number of characters required in salt string,
     if provided to :func:`genconfig` or :func:`encrypt`.
+    must be non-negative integer.
 
-.. attribute:: max_salt_chars
+.. attribute:: salt_charset
 
-    maximum number of characters which will be *used*
-    if a salt string is provided to :func:`genconfig` or :func:`encrypt`.
+    string containing list of all characters which are allowed
+    to be specified in salt parameter. usually `passlib.utils.h64.CHARS`.