| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
"native_string_types" aliases
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
realized can do this now that we're requiring python3 >= 3.3.
had to keep u() helper around for u(r"") instances, since py3 doesn't have ur"".
but switched it to use ascii decoding for py2, to make sure things are clean.
|
| |
|
|
| |
submodule
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
* tweaked passlib's format to follow argon2 and
use explicit param names + normal base64 encoding
* added support for openwall's $7$ format
* moved hash tests to separate file
|
| |
|
|
|
| |
* factored out parallel count code into ParallelismMixin (to share w/ argon2)
* added basic .using() & .needs_update() support for block_size, parallelism
|
| |
|
|
|
|
| |
validate_default_value()
and norm_integer() helpers.
|
| |
|
|
|
|
|
|
|
|
| |
which provides a more generic & flexible framework than HasManyBackends.
* has_backend() now a wrapper for set_backend(), which now accepts a dryrun flag.
* loaders can now return arbitrary objects, classes can control how they operate.
* loaders can now be dryrun aware.
* bcrypt hasher, scrypt hasher, and scrypt module updated to use new api
* fuzz tester now correctly restored backend after use
|
| |
|
|
|
| |
this basically reversed rev 5c41b0153d4f; after using it a bit more,
decided the name didn't indicate as well what the method was doing.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
callers should use handler.replace(**settings).hash() instead.
this is being done because it greatly streamlines the internals of the .hash()
implementation, and allows some redundant configuration parsing to be extracted
from the .hash() methods and merged in with existing code in .replace().
this also opens things up for alternate code architectures for implementing new hashers,
making it easier to wrap existing libraries (e.g. argon2).
internals
---------
* replaced a bunch of internal .hash(**settings) calls
* GenericHandler
- stripped out 'relaxed' keyword from constructor, since it's no longer
passed by hash() etc.
- _norm_checksum() now only invoked if checksum is specified (simplifies logic).
keeping support for 'relaxed' mode, but only as explicit keyword.
- removed some unused comments about .from_string() & .to_string()
* HasSalt mixin:
- .replace() now supports 'salt' keyword, creates variant
which has a fixed salt string.
- 'salt size' keyword removed from ctor, now handled by .replace() call
- _norm_salt() converted to class method so it can be
used by .replace() 'salt' keyword code.
- per-instance bits of _norm_salt() relocated to HasSalt.__init__ proper
- _generate_salt() converted to class method, since no longer depends on instance config.
* HasRounds mixin:
- similar to HasSalt, relocates per-instance bits of _norm_rounds()
into HasRounds.__init__() proper.
- remainder of _norm_rounds() turned into class method, merged
with ._clip_to_valid_rounds() helper to reduce duplication.
- _generate_rounds() converted to class method, since no longer depends on instance config.
hashers
-------
* fshp: added support for 'variant' keyword to replace()
* unix_disabled: added support for 'marker' keyword to replace(), added UTs.
* cisco_type7: to match HasSalt, added support for 'salt' keyword to replace(), added UTs.
* sha256/512_crypt: now uses custom salt & rounds parsing, rather than relaxed kwd,
to handle correctable-but-invalid config strings.
unittests
---------
* removed checks for PasslibConfigWarning when setting hash(rounds=) out of policy bounds,
since that now *is* setting the policy.
* adapted some handler ctor to deal w/ lack of 'relaxed' kwd
docs
----
* updated docstrings listing hash() keywords for each scheme to list them
as .replace() keywords.
* updated example code to use .replace()
* fleshed out api docs about the change
|
| |
|
|
| |
handling config string generation from all handler.to_string() implementations.
|
| |
|
|
| |
to match stdlib's convention (for things like str, namedtuple, etc)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
after further consideration (while implementing a handler for argon2),
decided that rolling .genconfig() and .genhash() into the .hash() method
(as was done in rev 1f7421b35b75) put too much complexity into the .hash() method.
this commit walks back those portions of rev 1f7421b35b75 -- .genconfig()
and .genhash() are now implemented for each handler directly.
however, going a little further and completely deprecating .genconfig()
and .genhash() support entirely -- decided there's no need for them in
the public api whatsoever. apps shouldn't need/use them, and the unittests
can use their own workarounds.
* removed "config" keyword from handler.hash() ifc
* removed support for config=None from handler.genhash() -- nothing should use it
now that handler.genconfig() always returns a string.
* marked .genhash() and .genconfig() as completely deprecated, w/ no alternative
* uts: factored out calls which need config only into a .do_stub_encrypt() helper,
as replacement for internal uses of .genconfig()
|
|
|
* scrypt kdf code
- relocated scrypt kdf code to passlib.crypto.scrypt
- py3 compat fixes
- split UTs out into separate file
- removed "non-power of 2" support, not needed.
- added wrapper which can toggle between builtin backend,
and extenrnal scrypt package.
- factored out n/r/p validation code so it can be used independantly
of calling kdf itself.
* passlib.handlers.scrypt: added scrypt handler which wraps the kdf.
- added some custom test strings, as well as adapted some reference values
from the scrypt whitepaper.
- added documentation page
- integrated scrypt kdf wrapper w/ hash's HasManyBackends api
|
