summaryrefslogtreecommitdiff
path: root/passlib/handlers/django.py
Commit message (Collapse)AuthorAgeFilesLines
* python compat cleanup -- use magic super() callsEli Collins2020-10-061-3/+3
|
* cleanup old python compat -- removed str_to_usascii() wrapperEli Collins2020-10-061-3/+2
|
* cleanup old python compat -- removed uascii_to_str() wrapperEli Collins2020-10-061-2/+2
|
* cleanup old python compat -- replaced "unicode" alias in favor of "str"Eli Collins2020-10-061-4/+4
|
* Merge from stableEli Collins2019-11-111-2/+8
|\
| * bugfix: django_argon2: fix some glitches related to recent argon2 "ID" supportEli Collins2019-11-111-2/+8
| | | | | | | | | | | | | | * patch django_argon2 so it only uses type "I" (to match django's behavior) * patch it's UTs so they don't try to access hasher.type_values, which is only present on base hasher.
* | compat cleanup: replaced all u("") instances with u""Eli Collins2017-02-171-10/+10
|/ | | | | | | realized can do this now that we're requiring python3 >= 3.3. had to keep u() helper around for u(r"") instances, since py3 doesn't have ur"". but switched it to use ascii decoding for py2, to make sure things are clean.
* passlib.utils: relocated a bunch of binary encoding helpers to .utils.binary ↵Eli Collins2016-11-221-1/+2
| | | | submodule
* passlib.handlers.django: added support for django_argon2Eli Collins2016-11-221-3/+42
| | | | | | | * added django_argon2 wrapper & docs * added method for PrefixWrapper to generically preserve custom attrs when creating variants, so .django_name attr is persisted across .using() calls.
* bugfix: bcrypt: fixed some test failuresEli Collins2016-07-011-7/+2
| | | | | | | | | | | | | * _finalize_backend_mixin() now traps AssertionError, to detect assert failures like when bcrypt 3.0.0 returns 2b hash from 2y string. makes _norm_digest_args() correctly work around the broken behavior. * fixed bcrypt fuzz verifier to also work around 3.0.0's broken 2y support * django_bcrypt_sha256 also needed the truncate patches that bcrypt_sha256 has, so factored things out into common class. (commented out / removed some unused code along the way).
* passlib.hash: Improved handling of hashes which truncate passwordsEli Collins2016-06-291-3/+14
| | | | | | | | | | | | | | * Added PasswordHash.truncate_size info attribute, to detect hashes which truncate the password. * All such hashes (bcrypt, des_crypt, some others) now accept a "truncate_error" option, allowing them to be switched from silent truncation to throwing an error instead. This option is also supported by CryptContext. * tests/HandlerCase: - removed .secret_size config flag, can now just read handler.truncate_size instead. - reworked truncation tests to use new API, and test 'truncate_error' policy support.
* Enhanced disabled hash managementEli Collins2016-06-261-3/+10
| | | | | | | | | | | | | | | | | | * PasswordHash.is_disabled flag now present, to programmatically detect disabled hashers (unix_disabled, etc) * CryptContext now offers methods for disabling, enabling, and testing hashes to see if they're tied to a real hash or not. * disabled hashers now offer .disable() and .enable() helpers, as backend for CryptContext methods. * django_disabled now appends random alphanumeric string, per Django. * adjusted HandlerCase: - checks handler.is_disabled, - handle django_disabled via disabled_contains_salt flag - tests .disable() and .enable() api if present
* utils.handlers.HasSalt: set min_salt to default to 0, not NoneEli Collins2016-06-261-5/+4
|
* renamed PasswordHandler.replace() back to PasswordHandler.using()Eli Collins2016-06-151-2/+2
| | | | | this basically reversed rev 5c41b0153d4f; after using it a bit more, decided the name didn't indicate as well what the method was doing.
* PasswordHash.hash() api shift: deprecating passing settings kwds into hash() --Eli Collins2016-06-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | callers should use handler.replace(**settings).hash() instead. this is being done because it greatly streamlines the internals of the .hash() implementation, and allows some redundant configuration parsing to be extracted from the .hash() methods and merged in with existing code in .replace(). this also opens things up for alternate code architectures for implementing new hashers, making it easier to wrap existing libraries (e.g. argon2). internals --------- * replaced a bunch of internal .hash(**settings) calls * GenericHandler - stripped out 'relaxed' keyword from constructor, since it's no longer passed by hash() etc. - _norm_checksum() now only invoked if checksum is specified (simplifies logic). keeping support for 'relaxed' mode, but only as explicit keyword. - removed some unused comments about .from_string() & .to_string() * HasSalt mixin: - .replace() now supports 'salt' keyword, creates variant which has a fixed salt string. - 'salt size' keyword removed from ctor, now handled by .replace() call - _norm_salt() converted to class method so it can be used by .replace() 'salt' keyword code. - per-instance bits of _norm_salt() relocated to HasSalt.__init__ proper - _generate_salt() converted to class method, since no longer depends on instance config. * HasRounds mixin: - similar to HasSalt, relocates per-instance bits of _norm_rounds() into HasRounds.__init__() proper. - remainder of _norm_rounds() turned into class method, merged with ._clip_to_valid_rounds() helper to reduce duplication. - _generate_rounds() converted to class method, since no longer depends on instance config. hashers ------- * fshp: added support for 'variant' keyword to replace() * unix_disabled: added support for 'marker' keyword to replace(), added UTs. * cisco_type7: to match HasSalt, added support for 'salt' keyword to replace(), added UTs. * sha256/512_crypt: now uses custom salt & rounds parsing, rather than relaxed kwd, to handle correctable-but-invalid config strings. unittests --------- * removed checks for PasslibConfigWarning when setting hash(rounds=) out of policy bounds, since that now *is* setting the policy. * adapted some handler ctor to deal w/ lack of 'relaxed' kwd docs ---- * updated docstrings listing hash() keywords for each scheme to list them as .replace() keywords. * updated example code to use .replace() * fleshed out api docs about the change
* .encrypt() method renamed to .hash(), other api cleanupsEli Collins2016-06-101-17/+12
| | | | | | | | | | | | | | | | .encrypt() ---------- hash.encrypt() & context.encrypt() have been renamed to .hash(). this should take care of the long-standing issue 21 (the poor naming of .encrypt). per docs, legacy aliases will remain in place until passlib 2.0. .genhash() / .genconfig() ------------------------- taking advantage of this reorganization to also deprecate .genconfig() and .genhash() -- they're not really useful in a modern system, nor as needed for historical support as initially thought: .genconfig() will be retired completely in passlib 2.0; .genhash() is rolled into the new .hash() method along with .encrypt().
* relocated many of the crypto routes inside passlib.utils,Eli Collins2016-02-101-7/+5
| | | | | | | | | | | | | | | | | | | and moved them to a separate passlib.crypto subpackage. along with this move, made a few api cleanups: * unified all code that's looking up hashes to use new passlib.crypto.lookup_hash() wrapper, which takes care of hash name normalization, loading fallback implementations, and alg metadata inspection, all hidden behind a memoized function. * deprecated pbkdf2() in favor of pbkdf2_hmac() -- only real use, and new signature matches stdlib function. additionally, this version is a bit faster, due to some assumptions that can be made due to the PRF always being HMAC based. * added compile_hmac() helper which does an even more efficient job of pre-compiling a keyed HMAC function; this helped speed up pbkdf2 a bit more.
* django_bcrypt now allows selecting specific bcrypt variants (2b, etc)Eli Collins2015-07-261-9/+0
|
* Merge from stableEli Collins2015-07-251-2/+2
|\
| * retuned/updated default rounds settings for all hashesEli Collins2015-07-251-2/+2
| |
* | Merge from stableEli Collins2013-12-271-12/+107
|\ \ | |/
| * updated rounds values based on timing tests. also:Eli Collins2013-12-221-4/+5
| | | | | | | | | | * a number of hashes now feed off pbkdf2_XXX.default_rounds * added security note re: dlitz_pbkdf2_sha1
| * django compatibility part 2Eli Collins2013-12-221-2/+70
| | | | | | | | | | | | | | | | * added implementation of django 1.6's bcrypt_sha256 hasher, and UTs * added django16 premade context to passlib.apps, made it default django_context * test_ext_django now makes use of django16_context * passlib.ext.django.utils.get_preset_config() now uses django16_context * tox 'django' and 'django-py3' now test bcrypt integration
| * django compatibility updates (should fix issue 50)Eli Collins2013-12-201-6/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | passlib.ext.django & it's tests have gotten out of sync with django, leading to a number of UT failures, as reported in issue 50. tests now pass on django 1.2 through 1.6 passlib.ext.django ------------------ mimic changes in django's hasher logic: * handle unsalted_sha1 hasher (django 1.4.6+) * check_password(): empty hashes return False, rather throw error (django 1.5+ * allow empty passwords (django 1.6+) * generate unusuable password suffixes (django 1.6+) passlib.hash ------------ * django_des_crypt: added "use_duplicate_salt" class attr, allowing tests to enable django 1.4+ style hashes which omit 1st salt. * django_disabled: added support for django 1.6+ random suffixes passlib.tests ------------- * test_ext_django: lots of changes to verify django 1.5/1.6 behavior * test_handlers_django: split django tests out of test_handlers to make it easiers to run django-related tests. * added workaround for encoding glitch in salted_md5 / salted_sha1 hashers (django 1.5+)
* | removed some unused importsEli Collins2013-04-091-4/+2
|/
* project-wide whitespace & comment cleanup (it's been a couple of years)Eli Collins2012-08-011-17/+16
|
* forgot to document the relaxed=True keyword, and the strict-parameters policy.Eli Collins2012-05-021-0/+16
|
* assorted bugfixes & additional test coverageEli Collins2012-04-301-1/+1
|
* mass rename of old alias for PasswordHash interfaceEli Collins2012-04-271-5/+5
|
* merging rewrite of all hash documentation, and password hash apiEli Collins2012-04-271-11/+41
| | | | | | | * password hash api rewritten to center around PasswordHash abstract class * extended walkthrough and documentation for PasswordHash interface * pared down the per-hash examples, added links to PasswordHash * updates docs and warnings
* near complete rewrite of django plugin, now making publicEli Collins2012-04-271-0/+6
| | | | | | | | | | | - monkeypatching now formalized w/ a patch manager, and should be *much* more resilient. - patch states reduced greatly, simplified code and tests - now handles django 1.4 correctly - patches hashers module as well (had to write some new wrappers) - added experimental methods GenericHandler.parsehash() to back our wrapper of Hasher.safe_summary() - XXX: doesn't currently import current HASHER state, - XXX: can't import hashers into passlib either -- though left initial notes on this
* added support for the new Django 1.4 hash formatsEli Collins2012-04-271-61/+171
| | | | | | - updated salt handling of the existing django hashes, in a way which should be backwards compatible w/ django 1.0 - UTs now test Django hasher output against passlib handlers (reverse was already being done) - refactor of fuzz testing to reuse some of the methods.
* ran full UTs, found and fixed a few bugs introduced in last few commits.Eli Collins2012-04-111-1/+1
|
* clarify behavior for secret=None and hash=NoneEli Collins2012-04-111-14/+4
| | | | | | | | | | | | | | | | | | | | | | | * passing a non-string secret or non-string hash to any CryptContext or handler method will now reliably result in a TypeError. previously, passing hash=None to many handler identify() and verify() methods would return False, while others would raise a TypeError. other handler methods would alternately throw ValueError or TypeError when passed a value that wasn't unicode or bytes. the various CryptContext methods also behaved inconsistently, depending on the behavior of the underlying handler. all of these behaviors are gone, they should all raise the same TypeError. * redid many of the from_string() methods to verify the hash type. * moved secret type & size validation to GenericHandler's encrypt/genhash/verify methods. this cheaply made the secret validation global to all hashes, and lets _calc_digest() implementations trust that the secret is valid. * updated the CryptContext and handler unittests to verify the above behavior is adhered to.
* passlib.exc: added constructors for common errors, should normalize error ↵Eli Collins2012-04-101-4/+4
| | | | messages
* utils.handlers framework reworked; removed a bunch of boilerplate codeEli Collins2012-03-091-12/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | * StaticHandler is now subclass of GenericHandler - _calc_checksum() should be implemented instead of encrypt(). (compatibility stub added so old code should continue to work) - _norm_hash() no longer needs to handle ->unicode conversion - default from_string() contains a bunch of features, including stripping a known prefix, etc. * context kwds now pulled into constructor, so GenericHandler supports context kwds properly; HasUserContext mixin added to support common 'user' context kwd * identify_regexp & identify_prefix removed, functionality rolled into default GenericHandler.identify() implementation. - default identify checks _hash_regex as potential way to identify hashes * HasStubChecksum removed, functionality rolled into GenericHandler * HasRawChecksum now just sets a flag, functionality moved into GenericHandler * HasManyIdents._parse_ident() helper added to valid & split identifier from hashes. * GenericHandler._norm_checksum() is now strict about unicode / bytes
* renamed calc_checksum() -> _calc_checksum(), hiding the last of the private ↵Eli Collins2012-02-081-4/+4
| | | | methods of most handlers
* large refactor of GenericHandler internalsEli Collins2012-02-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | strict keyword -------------- * GenericHandler's "strict" keyword had poorly defined semantics; replaced this with "use_defaults" and "relaxed" keywords. Most handlers' from_string() method specified strict=True. This is now the default behavior, use_defaults=True is enabled only for encrypt() and genconfig(). relaxed=True is enabled only for specific handlers (and unittests) whose code requires it. This *does* break backward compat with passlib 1.5 handlers, but this is mostly and internal class. * missing required settings now throws a TypeError instead of a ValueError, to be more in line with std python behavior. * The norm_xxx functions provided by the GenericHandler mixins (e.g. norm_salt) have been renamed to _norm_xxx() to reflect their private nature; and converted from class methods to instance methods, to simplify their call signature for subclassing. misc ---- * rewrote GenericHandler unittests to use constructor only, instead of poking into norm_salt/norm_rounds internals. * checksum/salt charset checks speed up using set comparison * some small cleanups to FHSP implementation
* misc bugfixes from round of changesEli Collins2012-01-181-3/+3
| | | | | | | | | * added str_to_[ub]ascii to wrap hexdigest() calls * fixed some h64big calls I missed * some py3 fixes * removed utils.compat.aliases, using overlay to replace real compat module instead (to agree w/ imports already in code)
* import cleanupsEli Collins2012-01-181-5/+6
| | | | | | | | | | | | | | | * moved bytes compat functions from utils to utils.compat (bord, bjoin, bjoin_ints, bjoin_elems, ujoin) * renamed bord -> belem_ord for clarify * a bunch of to_native_str() always use ascii, and have fixed input types (always bytes or always unicode). these don't need overhead of to_native_str(), so replaced those calls with two new funcs: compat.bascii_to_str() / compat.uascii_to_str() * cleaned up a lot of imports from utils/utils.compat to pull from correct module * simplified the to_string() logic of a bunch of handlers to reduce unicode<->byte transitions
* renamed the utils.handlers.XX_CHARS constants to match utils.XX_CHARS (old ↵Eli Collins2012-01-181-2/+2
| | | | aliases kept for now)
* clarified border case where verify() accepted configuration strings instead ↵Eli Collins2012-01-091-3/+2
| | | | of throwing ValueError for some handlers
* deprecated to_hash_str, replaced all instances with to_native_strEli Collins2011-12-281-3/+3
| | | | | | decided that to_hash_str will always return native string, feature of hashes being returned as unicode under python 2 is better done through a CryptContext option.
* ran a custom 2to3 fixer to replace all u"" with u() and add an import from ↵Eli Collins2011-12-061-11/+11
| | | | compat.u
* added compat.unicode imports in a number of placesEli Collins2011-12-061-0/+1
| | | | | | | | this distinguishes the types, so that for isinstance() tests... * 'unicode' always means the unicode type * 'bytes' always means the bytes type * 'str' always means the native string type
* bugfix: django_des_crypt now accepts all H64_CHARS in salt [issue 22]Eli Collins2011-09-121-23/+52
| | | | | | * also added more django-related unittests * django_des_crypt now uses des_crypt handler instead of raw_des_crypt function * django_des_crypt now detects salt char mismatches in hash
* added documentation for Django hashes & contextEli Collins2011-07-101-5/+55
|
* django workEli Collins2011-06-301-109/+42
| | | | | | | * django hashes cleaned up, UTs added * added passlib.apps.django_context for reading existing django hashes * added experimental django plugin "passlib.ext.django" which monkeypatches django to use pbkdf2_sha256 (and many other features) * not listing in changelog or documenting just yet, needs more testing
* added in-progress work on django hashesEli Collins2011-06-221-0/+211
View Lorry Controller Status