summaryrefslogtreecommitdiff
path: root/passlib/handlers/misc.py
Commit message (Collapse)AuthorAgeFilesLines
* python compat cleanup -- use magic super() callsEli Collins2020-10-061-1/+1
|
* cleanup old python compat - assorted minor cleanups & fixes from conversionEli Collins2020-10-061-1/+1
|
* cleanup old python compat -- replaced "unicode" alias in favor of "str"Eli Collins2020-10-061-2/+2
|
* cleanup old python compat -- unified "unicode_or_bytes" aliasesEli Collins2020-10-061-2/+2
|
* compat cleanup: replaced all u("") instances with u""Eli Collins2017-02-171-4/+4
| | | | | | | realized can do this now that we're requiring python3 >= 3.3. had to keep u() helper around for u(r"") instances, since py3 doesn't have ur"". but switched it to use ascii decoding for py2, to make sure things are clean.
* general: went ahead and removed a bunch of deprecated features that were ↵Eli Collins2016-11-281-56/+2
| | | | | | | | | scheduled for removal in v1.8. this removes CryptPolicy, unix_fallback, some old HtpasswdFile methods, and more. tests were updated as well. see history/1.8 for a complete list.
* docs: minor wording corrections, replaced 'encrypt' with 'hash' in a bunch ↵Eli Collins2016-11-251-2/+2
| | | | of places.
* Enhanced disabled hash managementEli Collins2016-06-261-3/+30
| | | | | | | | | | | | | | | | | | * PasswordHash.is_disabled flag now present, to programmatically detect disabled hashers (unix_disabled, etc) * CryptContext now offers methods for disabling, enabling, and testing hashes to see if they're tied to a real hash or not. * disabled hashers now offer .disable() and .enable() helpers, as backend for CryptContext methods. * django_disabled now appends random alphanumeric string, per Django. * adjusted HandlerCase: - checks handler.is_disabled, - handle django_disabled via disabled_contains_salt flag - tests .disable() and .enable() api if present
* renamed PasswordHandler.replace() back to PasswordHandler.using()Eli Collins2016-06-151-4/+4
| | | | | this basically reversed rev 5c41b0153d4f; after using it a bit more, decided the name didn't indicate as well what the method was doing.
* PasswordHash.hash() api shift: deprecating passing settings kwds into hash() --Eli Collins2016-06-151-11/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | callers should use handler.replace(**settings).hash() instead. this is being done because it greatly streamlines the internals of the .hash() implementation, and allows some redundant configuration parsing to be extracted from the .hash() methods and merged in with existing code in .replace(). this also opens things up for alternate code architectures for implementing new hashers, making it easier to wrap existing libraries (e.g. argon2). internals --------- * replaced a bunch of internal .hash(**settings) calls * GenericHandler - stripped out 'relaxed' keyword from constructor, since it's no longer passed by hash() etc. - _norm_checksum() now only invoked if checksum is specified (simplifies logic). keeping support for 'relaxed' mode, but only as explicit keyword. - removed some unused comments about .from_string() & .to_string() * HasSalt mixin: - .replace() now supports 'salt' keyword, creates variant which has a fixed salt string. - 'salt size' keyword removed from ctor, now handled by .replace() call - _norm_salt() converted to class method so it can be used by .replace() 'salt' keyword code. - per-instance bits of _norm_salt() relocated to HasSalt.__init__ proper - _generate_salt() converted to class method, since no longer depends on instance config. * HasRounds mixin: - similar to HasSalt, relocates per-instance bits of _norm_rounds() into HasRounds.__init__() proper. - remainder of _norm_rounds() turned into class method, merged with ._clip_to_valid_rounds() helper to reduce duplication. - _generate_rounds() converted to class method, since no longer depends on instance config. hashers ------- * fshp: added support for 'variant' keyword to replace() * unix_disabled: added support for 'marker' keyword to replace(), added UTs. * cisco_type7: to match HasSalt, added support for 'salt' keyword to replace(), added UTs. * sha256/512_crypt: now uses custom salt & rounds parsing, rather than relaxed kwd, to handle correctable-but-invalid config strings. unittests --------- * removed checks for PasslibConfigWarning when setting hash(rounds=) out of policy bounds, since that now *is* setting the policy. * adapted some handler ctor to deal w/ lack of 'relaxed' kwd docs ---- * updated docstrings listing hash() keywords for each scheme to list them as .replace() keywords. * updated example code to use .replace() * fleshed out api docs about the change
* renamed handler.using() method to handler.replace(),Eli Collins2016-06-131-1/+1
| | | | to match stdlib's convention (for things like str, namedtuple, etc)
* handler.genconfig() / .genhash() deprecated entirelyEli Collins2016-06-131-11/+27
| | | | | | | | | | | | | | | | | | | | | | after further consideration (while implementing a handler for argon2), decided that rolling .genconfig() and .genhash() into the .hash() method (as was done in rev 1f7421b35b75) put too much complexity into the .hash() method. this commit walks back those portions of rev 1f7421b35b75 -- .genconfig() and .genhash() are now implemented for each handler directly. however, going a little further and completely deprecating .genconfig() and .genhash() support entirely -- decided there's no need for them in the public api whatsoever. apps shouldn't need/use them, and the unittests can use their own workarounds. * removed "config" keyword from handler.hash() ifc * removed support for config=None from handler.genhash() -- nothing should use it now that handler.genconfig() always returns a string. * marked .genhash() and .genconfig() as completely deprecated, w/ no alternative * uts: factored out calls which need config only into a .do_stub_encrypt() helper, as replacement for internal uses of .genconfig()
* passlib.utils: consteq() now an alias for hmac.compare_digest() on python ↵Eli Collins2016-06-111-2/+2
| | | | 3.3 and up
* bugfix: plaintext, htdigest, unix_disabled hashes: added missing .using() ↵Eli Collins2016-06-101-2/+4
| | | | | | | | | | | implementation these all derived directly from PasswordHash, and lacked a working .using(). * added UT to check for a working .using() method * factored out GenericHandler's .using() into another base class which these three hashes could inherit from.
* .encrypt() method renamed to .hash(), other api cleanupsEli Collins2016-06-101-37/+11
| | | | | | | | | | | | | | | | .encrypt() ---------- hash.encrypt() & context.encrypt() have been renamed to .hash(). this should take care of the long-standing issue 21 (the poor naming of .encrypt). per docs, legacy aliases will remain in place until passlib 2.0. .genhash() / .genconfig() ------------------------- taking advantage of this reorganization to also deprecate .genconfig() and .genhash() -- they're not really useful in a modern system, nor as needed for historical support as initially thought: .genconfig() will be retired completely in passlib 2.0; .genhash() is rolled into the new .hash() method along with .encrypt().
* renamed compat helper 'base_string_types' -> 'unicode_or_bytes_types' for ↵Eli Collins2015-01-231-4/+4
| | | | clarity.
* removed a LOT of compatibility shims -- dropped python 2.5, 3.0, and 3.1 ↵Eli Collins2015-01-101-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | support; as well as PyPy 1.x and Jython 2.5. shims removed ------------- * b() shim replaced with b'' (py25) * 'bytes' alias no longer needed (py25) * callable() shim no longer needed (py30,31) * PY_MIN_32 flag replaced with PY3 flag (py30,31) * removed 'abc' module stub used by passlib.ifc (py25) * removed chain_from_iterable() backport (py25) * tests: removed catch_warnings() backport, replaced refs with real warnings.catch_warnings() (py25) * tests: removed unittest2 backports (py25, py30, py31) -- now throw hard error if unittest2 not present under py26 (the only release remaining which lacks the unittest2 features) * removed SUPPORTS_DIR_METHOD conditional (py25, pypy 1.x) * some other minor workarounds other ----- * added check in passlib.compat which now throws error telling user version isn't supported (to prevent spurious errors later)
* massive cleanup of documentation typos, thanks to Thomas Waldmann (issue 27, ↵Eli Collins2013-12-271-1/+1
| | | | comment 7) (transplant of r1f5b8860b743 from default branch)
* project-wide whitespace & comment cleanup (it's been a couple of years)Eli Collins2012-08-011-14/+13
|
* unix_disabled updated to accept only certain strings, rather than act as ↵Eli Collins2012-04-301-27/+59
| | | | wildcard
* mass rename of old alias for PasswordHash interfaceEli Collins2012-04-271-2/+2
|
* merging rewrite of all hash documentation, and password hash apiEli Collins2012-04-271-7/+13
| | | | | | | * password hash api rewritten to center around PasswordHash abstract class * extended walkthrough and documentation for PasswordHash interface * pared down the per-hash examples, added links to PasswordHash * updates docs and warnings
* finally added abstract base class for the password hash interface -- ↵Eli Collins2012-04-271-2/+2
| | | | | | passlib.ifc.PasswordHash (also had to make some tweaks to fix class repr due to ABCMeta)
* made support for encoding context keyword uniformEli Collins2012-04-271-16/+21
| | | | | | - plaintext, ldap_plaintext, lmhash, htdigest all support it - also expose default_encoding attribute - moved HasEncodingContext from lmhash to handlers
* renamed 'errname' to 'param' for to_unicode, etc; to match some of the other ↵Eli Collins2012-04-271-2/+2
| | | | helper functions
* assorted bugfixes, tweaks, and tests added; based on coverage examinationEli Collins2012-04-121-0/+2
| | | | | | | * test os_crypt backend has functional fallback * test handler methods accept all unicode/bytes combinations for secret & hash * fixed some incorrect error messages & types being caught & raised * other minor cleanups
* clarify behavior for secret=None and hash=NoneEli Collins2012-04-111-23/+23
| | | | | | | | | | | | | | | | | | | | | | | * passing a non-string secret or non-string hash to any CryptContext or handler method will now reliably result in a TypeError. previously, passing hash=None to many handler identify() and verify() methods would return False, while others would raise a TypeError. other handler methods would alternately throw ValueError or TypeError when passed a value that wasn't unicode or bytes. the various CryptContext methods also behaved inconsistently, depending on the behavior of the underlying handler. all of these behaviors are gone, they should all raise the same TypeError. * redid many of the from_string() methods to verify the hash type. * moved secret type & size validation to GenericHandler's encrypt/genhash/verify methods. this cheaply made the secret validation global to all hashes, and lets _calc_digest() implementations trust that the secret is valid. * updated the CryptContext and handler unittests to verify the above behavior is adhered to.
* passlib.exc: added constructors for common errors, should normalize error ↵Eli Collins2012-04-101-3/+3
| | | | messages
* *all* hashes now throw PasswordSizeError if password is larger than 4096 ↵Eli Collins2012-04-091-0/+2
| | | | chars; to prevent DOS issues.
* did rewrite of unix_fallback as unix_disabled; unix_fallback is now deprecatedEli Collins2012-03-101-0/+77
|
* utils.handlers framework reworked; removed a bunch of boilerplate codeEli Collins2012-03-091-19/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | * StaticHandler is now subclass of GenericHandler - _calc_checksum() should be implemented instead of encrypt(). (compatibility stub added so old code should continue to work) - _norm_hash() no longer needs to handle ->unicode conversion - default from_string() contains a bunch of features, including stripping a known prefix, etc. * context kwds now pulled into constructor, so GenericHandler supports context kwds properly; HasUserContext mixin added to support common 'user' context kwd * identify_regexp & identify_prefix removed, functionality rolled into default GenericHandler.identify() implementation. - default identify checks _hash_regex as potential way to identify hashes * HasStubChecksum removed, functionality rolled into GenericHandler * HasRawChecksum now just sets a flag, functionality moved into GenericHandler * HasManyIdents._parse_ident() helper added to valid & split identifier from hashes. * GenericHandler._norm_checksum() is now strict about unicode / bytes
* StaticHandler._norm_hash() should return native str typeEli Collins2012-01-181-10/+9
|
* import cleanupsEli Collins2012-01-181-2/+5
| | | | | | | | | | | | | | | * moved bytes compat functions from utils to utils.compat (bord, bjoin, bjoin_ints, bjoin_elems, ujoin) * renamed bord -> belem_ord for clarify * a bunch of to_native_str() always use ascii, and have fixed input types (always bytes or always unicode). these don't need overhead of to_native_str(), so replaced those calls with two new funcs: compat.bascii_to_str() / compat.uascii_to_str() * cleaned up a lot of imports from utils/utils.compat to pull from correct module * simplified the to_string() logic of a bunch of handlers to reduce unicode<->byte transitions
* clarified border case where verify() accepted configuration strings instead ↵Eli Collins2012-01-091-1/+4
| | | | of throwing ValueError for some handlers
* deprecated to_hash_str, replaced all instances with to_native_strEli Collins2011-12-281-3/+3
| | | | | | decided that to_hash_str will always return native string, feature of hashes being returned as unicode under python 2 is better done through a CryptContext option.
* stripped trailing whitespace from a bunch of filesEli Collins2011-07-081-1/+1
|
* couple of bugfixes after running UTs (cpython 2.5, 2.6, 2.7, 3.1, 3.2; pypy 1.5)Eli Collins2011-06-221-1/+1
|
* StaticHandler now provides internal _norm_hash() method for subclasses to ↵Eli Collins2011-06-221-1/+11
| | | | | | | | override * enhanced StaticHandler.verify method to normalize hash unicode/bytes better * changed various StaticHandler-derived classes to use _norm_hash() instead of re-implementing verify() * oracle, postgres hashes now derive from StaticHandler instead of object.
* converts handlers .digests, .ldap_digests, .misc to be py3 compatEli Collins2011-06-171-5/+3
| | | | * also allows PrefixWrapper test to pass
* misc tweaksEli Collins2011-04-251-1/+1
|
* converted most handlers to use new helper classes.Eli Collins2011-04-051-16/+4
| | | | | | | | | | * converted all ExtendedHandler & MultiBackendHandler subclasses to use GenericHandler + appropriate mixins. * converted most SimpleHandler subclasses to use StaticHandler. * changed some hashes to parse_mc2/mc3 methods: md5_crypt, apr_md5_crypt, most pbkdf2 hashes, sha1_crypt * changed most hashes to coerce unicode hash strings -> ascii * changed some internal attribute names for consistency
* unix_fallback: disabled wildcard support unless explicitly enabledEli Collins2011-03-291-7/+9
| | | | for security purposes, so as not to surprise new users.
* more error statements rewrittenEli Collins2011-03-281-1/+1
|
* replaced "raise exc, msg" with "raise exc(msg)" everywhere (working on py3k ↵Eli Collins2011-03-281-4/+4
| | | | compat, changes made by 2to3)
* big rename: changed base handler class namesEli Collins2011-03-221-3/+3
| | | | | | | | ============================================ renamed the classes in passlib.utils.handlers, for clarity in code: * BaseHash -> SimpleHandler * ExtHash -> ExtendedHandler * BackendExtHash -> MultiBackendHandler
* big rename: driver->handlerEli Collins2011-03-221-0/+89
=========================== Renamed all references from password hash "driver" -> password hash "handler", to be more consistent with existing phrasing. This also required rearranging quite a lot of modules.
View Lorry Controller Status