diff options
| -rw-r--r-- | docs/password_hash_api.rst | 46 | ||||
| -rw-r--r-- | passlib/handlers/bcrypt.py | 2 | ||||
| -rw-r--r-- | passlib/handlers/des_crypt.py | 8 | ||||
| -rw-r--r-- | passlib/handlers/ldap_digests.py | 2 | ||||
| -rw-r--r-- | passlib/handlers/md5_crypt.py | 8 | ||||
| -rw-r--r-- | passlib/handlers/oracle.py | 4 | ||||
| -rw-r--r-- | passlib/handlers/pbkdf2.py | 28 | ||||
| -rw-r--r-- | passlib/handlers/phpass.py | 2 | ||||
| -rw-r--r-- | passlib/handlers/sha1_crypt.py | 6 | ||||
| -rw-r--r-- | passlib/handlers/sha2_crypt.py | 8 | ||||
| -rw-r--r-- | passlib/handlers/sun_md5_crypt.py | 4 | ||||
| -rw-r--r-- | passlib/tests/test_utils_handlers.py | 14 | ||||
| -rw-r--r-- | passlib/tests/utils.py | 26 | ||||
| -rw-r--r-- | passlib/utils/handlers.py | 90 |
14 files changed, 155 insertions, 93 deletions
diff --git a/docs/password_hash_api.rst b/docs/password_hash_api.rst index 140626a..1491280 100644 --- a/docs/password_hash_api.rst +++ b/docs/password_hash_api.rst @@ -390,23 +390,59 @@ Salt Information ---------------- For schemes which support a salt (ie, ``'salt' in PasswordHash.setting_kwds``), the following attributes are usually exposed. -(Applications can test for this suites' presence by checking if ``getattr(handler,"max_salt_chars",None)>0``) +(Applications can test for this suites' presence by checking if ``getattr(handler,"max_salt_size",None)>0``) -.. attribute:: PasswordHash.max_salt_chars +.. attribute:: PasswordHash.max_salt_size maximum number of characters which will be *used* if a salt string is provided to :meth:`~PasswordHash.genconfig` or :meth:`~PasswordHash.encrypt`. must be positive integer if salts are supported, may be ``None`` or ``0`` if salts are not supported. -.. attribute:: PasswordHash.min_salt_chars +.. attribute:: PasswordHash.min_salt_size minimum number of characters required in salt string, if provided to :meth:`~PasswordHash.genconfig` or :meth:`~PasswordHash.encrypt`. - must be non-negative integer that is not greater than :attr:`~PasswordHash.max_salt_chars`. + must be non-negative integer that is not greater than :attr:`~PasswordHash.max_salt_size`. -.. attribute:: PasswordHash.salt_charset +.. attribute:: PasswordHash.salt_chars string containing list of all characters which are allowed to be specified in salt parameter. for most hashes, this is equal to `passlib.utils.h64.CHARS`. + +.. warning:: + + In Passlib 1.3 and earlier, these attributes were named ``min_salt_chars``, + ``max_salt_chars``, and ``salt_charset``, respectively. + These names have been deprecated, due to their ambiguity. Passlib 1.4 contains aliases + for these names, so client applications may continue to use them; + but these aliases will be removed in Passlib 1.5. + +.. todo:: + + this list the behavior for handlers which accept + an salt string containing characters. + some handlers take raw bytes + for their salt keyword, how these attributes change + in that situtation should be documentated. + +.. + + not yet documentated, want to make sure this is how we want to do things: + + .. attribute:: PasswordHash.default_salt_size + + size of salts generated by genconfig + when no salt is provided by caller. + for most hashes, this defaults to :attr:`!PasswordHash.max_salt_size`. + + .. attribute:: PasswordHash.default_salt_chars + + sequence of characters used to generated new salts + when no salt is provided by caller. + for most hashes, this is the same as :attr:`!PasswordHash.salt_chars`; + but some hashes accept a much larger range of values + than are typically used. This field allows + the full range to be accepted, while only + a select subset to be used for generation. diff --git a/passlib/handlers/bcrypt.py b/passlib/handlers/bcrypt.py index 428dd87..97b8941 100644 --- a/passlib/handlers/bcrypt.py +++ b/passlib/handlers/bcrypt.py @@ -76,7 +76,7 @@ class bcrypt(uh.HasManyIdents, uh.HasRounds, uh.HasSalt, uh.HasManyBackends, uh. ident_aliases = {"2":"$2$", "2a": "$2a$"} #--HasSalt-- - min_salt_chars = max_salt_chars = 22 + min_salt_size = max_salt_size = 22 #--HasRounds-- default_rounds = 12 #current passlib default diff --git a/passlib/handlers/des_crypt.py b/passlib/handlers/des_crypt.py index 03c75f8..b212c12 100644 --- a/passlib/handlers/des_crypt.py +++ b/passlib/handlers/des_crypt.py @@ -163,7 +163,7 @@ class des_crypt(uh.HasManyBackends, uh.HasSalt, uh.GenericHandler): setting_kwds = ("salt",) #--HasSalt-- - min_salt_chars = max_salt_chars = 2 + min_salt_size = max_salt_size = 2 #========================================================= #formatting @@ -265,7 +265,7 @@ class bsdi_crypt(uh.HasManyBackends, uh.HasRounds, uh.HasSalt, uh.GenericHandler checksum_chars = 11 #--HasSalt-- - min_salt_chars = max_salt_chars = 4 + min_salt_size = max_salt_size = 4 #--HasRounds-- default_rounds = 5000 @@ -362,7 +362,7 @@ class bigcrypt(uh.HasSalt, uh.GenericHandler): #NOTE: checksum chars must be multiple of 11 #--HasSalt-- - min_salt_chars = max_salt_chars = 2 + min_salt_size = max_salt_size = 2 #========================================================= #internal helpers @@ -444,7 +444,7 @@ class crypt16(uh.HasSalt, uh.GenericHandler): checksum_chars = 22 #--HasSalt-- - min_salt_chars = max_salt_chars = 2 + min_salt_size = max_salt_size = 2 #========================================================= #internal helpers diff --git a/passlib/handlers/ldap_digests.py b/passlib/handlers/ldap_digests.py index 43268a5..07af584 100644 --- a/passlib/handlers/ldap_digests.py +++ b/passlib/handlers/ldap_digests.py @@ -65,7 +65,7 @@ class _SaltedBase64DigestHelper(uh.HasRawSalt, uh.HasRawChecksum, uh.GenericHand _hash_func = None #required - hash function _pat = None #required - regexp to recognize hash _stub_checksum = None #required - default checksum to plug in - min_salt_chars = max_salt_chars = 4 + min_salt_size = max_salt_size = 4 @classmethod def identify(cls, hash): diff --git a/passlib/handlers/md5_crypt.py b/passlib/handlers/md5_crypt.py index 0538b97..43c0e7e 100644 --- a/passlib/handlers/md5_crypt.py +++ b/passlib/handlers/md5_crypt.py @@ -154,8 +154,8 @@ class md5_crypt(uh.HasManyBackends, uh.HasSalt, uh.GenericHandler): checksum_chars = 22 #--HasSalt-- - min_salt_chars = 0 - max_salt_chars = 8 + min_salt_size = 0 + max_salt_size = 8 #========================================================= #internal helpers @@ -221,8 +221,8 @@ class apr_md5_crypt(uh.HasSalt, uh.GenericHandler): checksum_chars = 22 #--HasSalt-- - min_salt_chars = 0 - max_salt_chars = 8 + min_salt_size = 0 + max_salt_size = 8 #========================================================= #internal helpers diff --git a/passlib/handlers/oracle.py b/passlib/handlers/oracle.py index b70d20e..28ed3df 100644 --- a/passlib/handlers/oracle.py +++ b/passlib/handlers/oracle.py @@ -161,8 +161,8 @@ class oracle11(uh.HasSalt, uh.GenericHandler): _stub_checksum = '0' * 40 #--HasSalt-- - min_salt_chars = max_salt_chars = 20 - salt_charset = uh.UC_HEX_CHARS + min_salt_size = max_salt_size = 20 + salt_chars = uh.UC_HEX_CHARS #========================================================= diff --git a/passlib/handlers/pbkdf2.py b/passlib/handlers/pbkdf2.py index 8cf9b21..f4a76ed 100644 --- a/passlib/handlers/pbkdf2.py +++ b/passlib/handlers/pbkdf2.py @@ -35,9 +35,9 @@ class Pbkdf2DigestHandler(uh.HasRounds, uh.HasRawSalt, uh.HasRawChecksum, uh.Gen setting_kwds = ("salt", "salt_size", "rounds") #--HasSalt-- - default_salt_chars = 16 - min_salt_chars = 0 - max_salt_chars = 1024 + default_salt_size = 16 + min_salt_size = 0 + max_salt_size = 1024 #--HasRounds-- default_rounds = 6400 @@ -48,7 +48,7 @@ class Pbkdf2DigestHandler(uh.HasRounds, uh.HasRawSalt, uh.HasRawChecksum, uh.Gen #--this class-- _prf = None #subclass specified prf identifier - #NOTE: max_salt_chars and max_rounds are arbitrarily chosen to provide sanity check. + #NOTE: max_salt_size and max_rounds are arbitrarily chosen to provide sanity check. # the underlying pbkdf2 specifies no bounds for either. #NOTE: defaults chosen to be at least as large as pbkdf2 rfc recommends... @@ -118,7 +118,7 @@ def create_pbkdf2_hash(hash_name, digest_size): :param rounds: Optional number of rounds to use. Defaults to %(dr)d, but must be within ``range(1,1<<32)``. - """ % dict(prf=prf, dsc=base.default_salt_chars, dr=base.default_rounds) + """ % dict(prf=prf, dsc=base.default_salt_size, dr=base.default_rounds) )) #--------------------------------------------------------- @@ -160,13 +160,13 @@ class dlitz_pbkdf2_sha1(uh.HasRounds, uh.HasSalt, uh.GenericHandler): setting_kwds = ("salt", "salt_size", "rounds") ident = "$p5k2$" - #NOTE: max_salt_chars and max_rounds are arbitrarily chosen to provide sanity check. + #NOTE: max_salt_size and max_rounds are arbitrarily chosen to provide sanity check. # underlying algorithm (and reference implementation) allow effectively unbounded values for both of these. #--HasSalt-- - default_salt_chars = 16 - min_salt_chars = 0 - max_salt_chars = 1024 + default_salt_size = 16 + min_salt_size = 0 + max_salt_size = 1024 #--HasROunds-- default_rounds = 10000 @@ -247,7 +247,7 @@ class atlassian_pbkdf2_sha1(uh.HasRawSalt, uh.HasRawChecksum, uh.GenericHandler) _stub_checksum = "\x00" * 32 #--HasRawSalt-- - min_salt_chars = max_salt_chars = 16 + min_salt_size = max_salt_size = 16 @classmethod def from_string(cls, hash): @@ -301,13 +301,13 @@ class grub_pbkdf2_sha512(uh.HasRounds, uh.HasRawSalt, uh.HasRawChecksum, uh.Gene ident = "grub.pbkdf2.sha512." - #NOTE: max_salt_chars and max_rounds are arbitrarily chosen to provide sanity check. + #NOTE: max_salt_size and max_rounds are arbitrarily chosen to provide sanity check. # the underlying pbkdf2 specifies no bounds for either, # and it's not clear what grub specifies. - default_salt_chars = 64 - min_salt_chars = 0 - max_salt_chars = 1024 + default_salt_size = 64 + min_salt_size = 0 + max_salt_size = 1024 default_rounds = 10000 min_rounds = 1 diff --git a/passlib/handlers/phpass.py b/passlib/handlers/phpass.py index 51da27b..0686ef9 100644 --- a/passlib/handlers/phpass.py +++ b/passlib/handlers/phpass.py @@ -57,7 +57,7 @@ class phpass(uh.HasManyIdents, uh.HasRounds, uh.HasSalt, uh.GenericHandler): setting_kwds = ("salt", "rounds", "ident") #--HasSalt-- - min_salt_chars = max_salt_chars = 8 + min_salt_size = max_salt_size = 8 #--HasRounds-- default_rounds = 9 diff --git a/passlib/handlers/sha1_crypt.py b/passlib/handlers/sha1_crypt.py index 9ac6ee3..9e6e396 100644 --- a/passlib/handlers/sha1_crypt.py +++ b/passlib/handlers/sha1_crypt.py @@ -61,9 +61,9 @@ class sha1_crypt(uh.HasManyBackends, uh.HasRounds, uh.HasSalt, uh.GenericHandler checksum_chars = 28 #--HasSalt-- - default_salt_chars = 8 - min_salt_chars = 0 - max_salt_chars = 64 + default_salt_size = 8 + min_salt_size = 0 + max_salt_size = 64 #--HasRounds-- default_rounds = 40000 #current passlib default diff --git a/passlib/handlers/sha2_crypt.py b/passlib/handlers/sha2_crypt.py index e5d27af..5c08a3e 100644 --- a/passlib/handlers/sha2_crypt.py +++ b/passlib/handlers/sha2_crypt.py @@ -245,8 +245,8 @@ class sha256_crypt(uh.HasManyBackends, uh.HasRounds, uh.HasSalt, uh.GenericHandl ident = "$5$" #--HasSalt-- - min_salt_chars = 0 - max_salt_chars = 16 + min_salt_size = 0 + max_salt_size = 16 #TODO: allow salt charset 0-255 except for "\x00\n:$" #--HasRounds-- @@ -389,8 +389,8 @@ class sha512_crypt(uh.HasManyBackends, uh.HasRounds, uh.HasSalt, uh.GenericHandl setting_kwds = ("salt", "rounds", "implicit_rounds") - min_salt_chars = 0 - max_salt_chars = 16 + min_salt_size = 0 + max_salt_size = 16 #TODO: allow salt charset 0-255 except for "\x00\n:$" default_rounds = 40000 #current passlib default diff --git a/passlib/handlers/sun_md5_crypt.py b/passlib/handlers/sun_md5_crypt.py index fd5e5cd..7b416e8 100644 --- a/passlib/handlers/sun_md5_crypt.py +++ b/passlib/handlers/sun_md5_crypt.py @@ -212,8 +212,8 @@ class sun_md5_crypt(uh.HasRounds, uh.HasSalt, uh.GenericHandler): setting_kwds = ("salt", "rounds") ident = "$md5$" - min_salt_chars = 0 - max_salt_chars = 8 + min_salt_size = 0 + max_salt_size = 8 default_rounds = 5000 #current passlib default min_rounds = 0 diff --git a/passlib/tests/test_utils_handlers.py b/passlib/tests/test_utils_handlers.py index ecc458e..581ca56 100644 --- a/passlib/tests/test_utils_handlers.py +++ b/passlib/tests/test_utils_handlers.py @@ -106,10 +106,10 @@ class SkeletonTest(TestCase): class d1(uh.HasSalt, uh.GenericHandler): name = 'd1' setting_kwds = ('salt',) - min_salt_chars = 1 - max_salt_chars = 3 - default_salt_chars = 2 - salt_charset = 'a' + min_salt_size = 1 + max_salt_size = 3 + default_salt_size = 2 + salt_chars = 'a' #check salt=None self.assertEqual(d1.norm_salt(None), 'aa') @@ -341,10 +341,10 @@ class SaltedHash(uh.HasSalt, uh.GenericHandler): name = "salted_test_hash" setting_kwds = ("salt",) - min_salt_chars = 2 - max_salt_chars = 4 + min_salt_size = 2 + max_salt_size = 4 checksum_chars = 40 - salt_charset = checksum_charset = uh.LC_HEX_CHARS + salt_chars = checksum_charset = uh.LC_HEX_CHARS @classmethod def identify(cls, hash): diff --git a/passlib/tests/utils.py b/passlib/tests/utils.py index 960465c..ed56082 100644 --- a/passlib/tests/utils.py +++ b/passlib/tests/utils.py @@ -307,7 +307,7 @@ class HandlerCase(TestCase): @classproperty def has_salt_info(cls): - return 'salt' in cls.handler.setting_kwds and getattr(cls.handler, "max_salt_chars", None) > 0 + return 'salt' in cls.handler.setting_kwds and getattr(cls.handler, "max_salt_size", None) > 0 @classproperty def has_rounds_info(cls): @@ -359,16 +359,16 @@ class HandlerCase(TestCase): if 'salt' in cls.setting_kwds: # assume HasSalt / HasRawSalt - if cls.min_salt_chars > cls.max_salt_chars: + if cls.min_salt_size > cls.max_salt_size: raise AssertionError("min salt chars too large") - if cls.default_salt_chars < cls.min_salt_chars: + if cls.default_salt_size < cls.min_salt_size: raise AssertionError("default salt chars too small") - if cls.default_salt_chars > cls.max_salt_chars: + if cls.default_salt_size > cls.max_salt_size: raise AssertionError("default salt chars too large") - #salt_charset is None for HasRawSalt - if cls.salt_charset and any(c not in cls.salt_charset for c in cls.default_salt_charset): + #salt_chars is None for HasRawSalt + if cls.salt_chars and any(c not in cls.salt_chars for c in cls.default_salt_chars): raise AssertionError("default salt charset not subset of salt charset") if 'rounds' in cls.setting_kwds: @@ -520,8 +520,8 @@ class HandlerCase(TestCase): if not self.has_salt_info: raise SkipTest handler = self.handler - cs = handler.salt_charset - mn = handler.min_salt_chars + cs = handler.salt_chars + mn = handler.min_salt_size c1 = self.do_genconfig(salt=cs[0] * mn) if mn > 0: self.assertRaises(ValueError, self.do_genconfig, salt=cs[0]*(mn-1)) @@ -531,8 +531,8 @@ class HandlerCase(TestCase): if not self.has_salt_info: raise SkipTest handler = self.handler - cs = handler.salt_charset - mx = handler.max_salt_chars + cs = handler.salt_chars + mx = handler.max_salt_size c1 = self.do_genconfig(salt=cs[0] * mx) c2 = self.do_genconfig(salt=cs[0] * (mx+1)) self.assertEquals(c1,c2) @@ -542,9 +542,9 @@ class HandlerCase(TestCase): if not self.has_salt_info: raise SkipTest handler = self.handler - mx = handler.max_salt_chars - mn = handler.min_salt_chars - cs = handler.salt_charset + mx = handler.max_salt_size + mn = handler.min_salt_size + cs = handler.salt_chars #make sure all listed chars are accepted for i in xrange(0,len(cs),mx): diff --git a/passlib/utils/handlers.py b/passlib/utils/handlers.py index ea346d7..8fdacf0 100644 --- a/passlib/utils/handlers.py +++ b/passlib/utils/handlers.py @@ -14,7 +14,8 @@ from warnings import warn #site #libs from passlib.registry import get_crypt_handler -from passlib.utils import classproperty, h64, getrandstr, getrandbytes, rng, is_crypt_handler, ALL_BYTE_VALUES +from passlib.utils import classproperty, h64, getrandstr, getrandbytes, \ + rng, is_crypt_handler, ALL_BYTE_VALUES #pkg #local __all__ = [ @@ -35,7 +36,7 @@ __all__ = [ #constants #========================================================= -#common salt_charset & checksum_charset values +#common salt_chars & checksum_charset values H64_CHARS = h64.CHARS B64_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" HEX_CHARS = "0123456789abcdefABCDEF" @@ -1071,7 +1072,7 @@ class HasSalt(GenericHandler): as well as generating new salts if one it not provided. :param salt: optional salt string - :param salt_size: optional size of salt (only used if no salt provided); defaults to :attr:`default_salt_chars`. + :param salt_size: optional size of salt (only used if no salt provided); defaults to :attr:`default_salt_size`. :param strict: if ``True``, requires a valid salt be provided; otherwise is tolerant of correctable errors (the default). Class Attributes @@ -1079,13 +1080,13 @@ class HasSalt(GenericHandler): In order for :meth:`!norm_salt` to do it's job, the following attributes must be provided by the handler subclass: - .. attribute:: min_salt_chars + .. attribute:: min_salt_size [required] The minimum number of characters allowed in a salt string. An :exc:`ValueError` will be throw if the salt is too small. - .. attribute:: max_salt_chars + .. attribute:: max_salt_size [required] The maximum number of characters allowed in a salt string. @@ -1094,14 +1095,14 @@ class HasSalt(GenericHandler): WHen ``strict=False`` (such as when parsing user-provided values), the salt will be silently trimmed to this length if it's too long. - .. attribute:: default_salt_chars + .. attribute:: default_salt_size [optional] If no salt is provided, this should specify the size of the salt that will be generated by :meth:`generate_salt`. - If this is not specified, it will default to :attr:`max_salt_chars`. + If this is not specified, it will default to :attr:`max_salt_size`. - .. attribute:: salt_charset + .. attribute:: salt_chars [required] A string containing all the characters which are allowed in the salt string. @@ -1127,22 +1128,47 @@ class HasSalt(GenericHandler): #========================================================= #class attrs #========================================================= - min_salt_chars = None #required - minimum size of salt (error if too small) - max_salt_chars = None #required - maximum size of salt (truncated if too large) + #NOTE: min/max/default_salt_chars is deprecated, use min/max/default_salt_size instead + + #: required - minimum size of salt (error if too small) + min_salt_size = None + + #: required - maximum size of salt (truncated if too large) + max_salt_size = None + + @classproperty + def default_salt_size(cls): + "default salt chars (defaults to max_salt_size if not specified by subclass)" + return cls.max_salt_size + + #: set of characters allowed in salt string. + salt_chars = H64_CHARS @classproperty def default_salt_chars(cls): - "default salt chars (defaults to max_salt_chars if not specified by subclass)" - return cls.max_salt_chars + "set of characters used to generate *new* salt strings (defaults to salt_chars)" + return cls.salt_chars - salt_charset = H64_CHARS #set of characters allowed in salt string. + #: helper for HasRawSalt, shouldn't be used publically + _salt_is_bytes = False + #-------------------------------------------------------- + #deprecated attrs + #-------------------------------------------------------- @classproperty - def default_salt_charset(cls): - "set of characters used to generate *new* salt strings (defaults to salt_charset)" - return cls.salt_charset + def min_salt_chars(cls): + warn(".min_salt_chars is deprecated, use .min_salt_size instead; .min_salt_chars will be removed in passlib 1.5", DeprecationWarning) + return cls.min_salt_size + + @classproperty + def max_salt_chars(cls): + warn(".max_salt_chars is deprecated, use .max_salt_size instead; .max_salt_chars will be removed in passlib 1.5", DeprecationWarning) + return cls.max_salt_size - _salt_is_bytes = False #helper for HasRawSalt + @classproperty + def salt_charset(cls): + warn(".salt_charset is deprecated, use .salt_chars instead; .salt_charset will be removed in passlib 1.5", DeprecationWarning) + return cls.salt_chars #========================================================= #instance attrs @@ -1160,16 +1186,16 @@ class HasSalt(GenericHandler): def generate_salt(cls, salt_size=None, strict=False): """helper method for norm_salt(); generates a new random salt string. - :param salt_size: optional salt size, falls back to :attr:`default_salt_chars`. + :param salt_size: optional salt size, falls back to :attr:`default_salt_size`. :param strict: if too-large salt should throw error, or merely be trimmed. """ if salt_size is None: - salt_size = cls.default_salt_chars + salt_size = cls.default_salt_size else: - mn = cls.min_salt_chars + mn = cls.min_salt_size if mn and salt_size < mn: raise ValueError("%s salt string must be at least %d characters" % (cls.name, mn)) - mx = cls.max_salt_chars + mx = cls.max_salt_size if mx and salt_size > mx: if strict: raise ValueError("%s salt string must be at most %d characters" % (cls.name, mx)) @@ -1177,7 +1203,7 @@ class HasSalt(GenericHandler): if cls._salt_is_bytes: return getrandbytes(rng, salt_size) else: - return getrandstr(rng, cls.default_salt_charset, salt_size) + return getrandstr(rng, cls.default_salt_chars, salt_size) @classmethod def norm_salt(cls, salt, salt_size=None, strict=False): @@ -1189,14 +1215,14 @@ class HasSalt(GenericHandler): :raises ValueError: * if ``strict=True`` and no salt is provided - * if ``strict=True`` and salt contains greater than :attr:`max_salt_chars` characters - * if salt contains chars that aren't in :attr:`salt_charset`. - * if salt contains less than :attr:`min_salt_chars` characters. + * if ``strict=True`` and salt contains greater than :attr:`max_salt_size` characters + * if salt contains chars that aren't in :attr:`salt_chars`. + * if salt contains less than :attr:`min_salt_size` characters. if no salt provided and ``strict=False``, a random salt is generated - using :attr:`default_salt_chars` and :attr:`default_salt_charset`. - if the salt is longer than :attr:`max_salt_chars` and ``strict=False``, - the salt string is clipped to :attr:`max_salt_chars`. + using :attr:`default_salt_size` and :attr:`default_salt_chars`. + if the salt is longer than :attr:`max_salt_size` and ``strict=False``, + the salt string is clipped to :attr:`max_salt_size`. :returns: normalized or generated salt @@ -1212,18 +1238,18 @@ class HasSalt(GenericHandler): if isinstance(salt, unicode): salt = salt.encode("utf-8") else: - sc = cls.salt_charset + sc = cls.salt_chars for c in salt: if c not in sc: raise ValueError("invalid character in %s salt: %r" % (cls.name, c)) #check min size - mn = cls.min_salt_chars + mn = cls.min_salt_size if mn and len(salt) < mn: raise ValueError("%s salt string must be at least %d characters" % (cls.name, mn)) #check max size - mx = cls.max_salt_chars + mx = cls.max_salt_size if len(salt) > mx: if strict: raise ValueError("%s salt string must be at most %d characters" % (cls.name, mx)) @@ -1244,7 +1270,7 @@ class HasRawSalt(HasSalt): document this class's usage """ - salt_charset = ALL_BYTE_VALUES + salt_chars = ALL_BYTE_VALUES _salt_is_bytes = True #NOTE: code is currently shared with HasSalt, using internal _salt_is_bytes flag. |