removed default policy file & object

was using default policy to store recommended defaults for hashes,
but it only affects CryptContext objects, and users seem to frequent
using the handler objects directly - so going to store recommended
defaults in the handler from now on.

3 files changed, 11 insertions, 76 deletions

diff --git a/passlib/apps.py b/passlib/apps.py
index 8040b46..55dbea5 100644
--- a/passlib/apps.py
+++ b/passlib/apps.py
@@ -106,15 +106,12 @@ postgres_context = LazyCryptContext(["postgres_md5"])
 #phpass & variants
 #=========================================================
 def _create_phpass_policy(**kwds):
-    "helper to make bcrypt default ONLY if it's available"
-    from passlib.context import default_policy
-    if hash.bcrypt.has_backend():
-        kwds['default'] = 'bcrypt'
-    return default_policy.replace(**kwds)
+    "helper to choose default alg based on bcrypt availability"
+    kwds['default'] = 'bcrypt' if hash.bcrypt.has_backend() else 'phpass'
+    return kwds
 
 phpass_context = LazyCryptContext(
     schemes=["bcrypt", "phpass", "bsdi_crypt"],
-    default="phpass", #NOTE: <-- overridden by create_policy
     create_policy=_create_phpass_policy,
     )
 
diff --git a/passlib/context.py b/passlib/context.py
index 8522a69..e5667c1 100644
--- a/passlib/context.py
+++ b/passlib/context.py
@@ -15,11 +15,6 @@ import re
 from time import sleep
 from warnings import warn
 #site
-try:
-    from pkg_resources import resource_string
-except ImportError:
-    #not available eg: under GAE
-    resource_string = None
 #libs
 from passlib.exc import PasslibConfigWarning
 from passlib.registry import get_crypt_handler, _validate_handler_name
@@ -737,31 +732,6 @@ class _UncompiledCryptPolicy(CryptPolicy):
         self.__class__ = CryptPolicy
         self._compile()
 
-#---------------------------------------------------------
-#load default policy from default.cfg
-#---------------------------------------------------------
-def _load_default_policy():
-    "helper to try to load default policy from file"
-    #if pkg_resources available, try to read out of egg (common case)
-    if resource_string:
-        try:
-            return CryptPolicy.from_string(resource_string("passlib", "default.cfg"))
-        except IOError:
-            log.warn("error reading passlib/default.cfg, is passlib installed correctly?")
-            pass
-
-    #failing that, see if we can read it from package dir
-    path = os.path.abspath(os.path.join(os.path.dirname(__file__), "default.cfg"))
-    if os.path.exists(path):
-        with open(path, "rb") as fh:
-            return CryptPolicy.from_string(fh.read())
-
-    #give up - this is not desirable at all, could use another fallback.
-    log.error("can't find passlib/default.cfg, is passlib installed correctly?")
-    return CryptPolicy()
-
-default_policy = _load_default_policy()
-
 #=========================================================
 # helpers for CryptContext
 #=========================================================
@@ -1169,23 +1139,18 @@ class _CryptRecord(object):
 class CryptContext(object):
     """Helper for encrypting passwords using different algorithms.
 
-    :param policy:
-        optionally override the default policy CryptContext starts with before options are added.
-
-        If not specified, the new instance will inherit a set of default options (such as rounds, etc)
-        from the passlib default policy (importable as :data:`passlib.context.default_policy`).
+    :param \*\*kwds:
 
-        If explicitly set to ``None``, the new instance will not inherit from the default policy,
-        and will contain only the configuration specified by any additional keywords.
+        ``schemes`` and all other keywords are passed to the CryptPolicy constructor,
+        or to :meth:`CryptPolicy.replace`, if a policy has also been specified.
 
-        Alternately, a custom CryptPolicy instance can be passed in,
+    :param policy:
+        Optionally you can pass in an existing CryptPolicy instance,
         which allows loading the policy from a configuration file,
         combining multiple policies together, and other features.
 
-    :param kwds:
-
-        ``schemes`` and all other keywords are passed to the CryptPolicy constructor,
-        or to :meth:`CryptPolicy.replace`, if a policy has also been specified.
+        The options from this policy will be used as defaults,
+        which will be overridden by any keywords passed in explicitly.
 
     .. automethod:: replace
 
@@ -1222,7 +1187,7 @@ class CryptContext(object):
     #===================================================================
     #init
     #===================================================================
-    def __init__(self, schemes=None, policy=default_policy, **kwds):
+    def __init__(self, schemes=None, policy=None, **kwds):
         # XXX: add a name for the contexts, to help out repr?
         # XXX: add ability to make policy readonly for certain instances,
         #      eg the builtin passlib ones?
diff --git a/passlib/default.cfg b/passlib/default.cfg
deleted file mode 100644
index 0fa4836..0000000
--- a/passlib/default.cfg
+++ /dev/null
@@ -1,27 +0,0 @@
-[passlib]
-#
-# this is the PassLib default policy configuration, used by CryptContext
-# objects which don't have an explicit base policy specified.
-# the goal of this default configuration is not to set any preferred schemes,
-# but provide sane defaults (eg rounds) for all the supported algorithms.
-#
-
-#TODO: need to generate min rounds for specific cpu speed & verify time limitations
-
-all.vary_rounds = 10%%
-
-bsdi_crypt.default_rounds = 30000
-bcrypt.default_rounds = 10
-sha1_crypt.default_rounds = 30000
-sun_md5_crypt.default_rounds = 30000
-sha256_crypt.default_rounds = 30000
-sha512_crypt.default_rounds = 30000
-
-ldap_bsdi_crypt.default_rounds = 30000
-ldap_bcrypt.default_rounds = 10
-ldap_sha1_crypt.default_rounds = 30000
-ldap_sun_md5_crypt.default_rounds = 30000
-ldap_sha256_crypt.default_rounds = 30000
-ldap_sha512_crypt.default_rounds = 30000
-
-phpass.default_rounds = 10