summaryrefslogtreecommitdiff
path: root/passlib
Commit message (Collapse)AuthorAgeFilesLines
* Merge from defaultironpython-support-devEli Collins2012-04-1739-3074/+6635
|\
| * updated tox config, moved GAE helper into tests module to silence tox warningEli Collins2012-04-171-0/+37
| |
| * changed bcrypt's os_crypt backend to try alternatives before bailing.Eli Collins2012-04-173-9/+10
| |
| * reworked fuzz verifier system, so that we can skip $2x$ hashes during bcrypt ↵Eli Collins2012-04-172-66/+93
| | | | | | | | crypt() testing
| * disabling saslprep() support under Jython - it lacks the stringprep moduleEli Collins2012-04-177-63/+46
| |
| * a bunch of bugfixes found during unittestingEli Collins2012-04-178-19/+55
| | | | | | | | | | | | | | | | | | | | * bsdi_crypt apparently available on openbsd 4.9 * typo fixes * ConfigParser apparently only uses OrderedDict for >= PY27, adjusted CryptContext test accordingly * fixed test that depended on sha256_crypt.default_rounds * handle os_crypt backend w/ no fallback (bcrypt) * let _norm_rounds accept longs
| * retuned default_rounds for a few hashes based on benchmarksEli Collins2012-04-174-12/+16
| |
| * added deprecation detector so CryptContext will upgrade bsdi_crypt hashes ↵Eli Collins2012-04-171-0/+13
| | | | | | | | with even rounds
| * CryptPolicy deprecation, part 4 - updated context testsEli Collins2012-04-175-762/+2176
| | | | | | | | | | | | * moved test_context to test_context_deprecated, to ensure pre-1.6 behavior is retained, at least until 1.8 * new test_context merges CryptPolicy tests into CryptContextTest
| * CryptPolicy deprecated, part2 - updated rest of library to use CryptContext ↵Eli Collins2012-04-1711-38/+58
| | | | | | | | directly
| * _CryptRecord cleaned up a little internally, default_rounds clipping logic ↵Eli Collins2012-04-171-138/+182
| | | | | | | | tweaked a little
| * deprecated CryptPolicy, moved all of it's features into CryptContext (part 1)Eli Collins2012-04-171-682/+1508
| | | | | | | | | | | | | | | | | | | | * this should simplify the api for users, CryptPolicy encapsulated an implementation detail they didn't need to deal with. * config file parsing is a lot stricter, easier for apps to add custom hacks * CryptContext instances can now be reconfigured much easier. * loads should be faster. (breaking changes into multiple commits)
| * bugfix: set des_crypt.checksum_size, so it will now reject hashes with ↵Eli Collins2012-04-173-9/+17
| | | | | | | | missing chars
| * updated passlib.apache module's api - more flexible to use, changed some ↵Eli Collins2012-04-176-484/+1138
| | | | | | | | ambiguous method names
| * issue warning if app requests even bsdi_crypt roundsEli Collins2012-04-133-1/+29
| |
| * work on des_crypt familyEli Collins2012-04-134-675/+865
| | | | | | | | | | * cleaned up source of des_crypt variants and DES util functions * DES utils functions now have tighter input validation, full UT coverage
| * assorted bugfixes, tweaks, and tests added; based on coverage examinationEli Collins2012-04-1218-179/+453
| | | | | | | | | | | | | | * test os_crypt backend has functional fallback * test handler methods accept all unicode/bytes combinations for secret & hash * fixed some incorrect error messages & types being caught & raised * other minor cleanups
| * scram hash: improved UTs to cover some edge cases, full-verify now throws ↵Eli Collins2012-04-122-7/+28
| | | | | | | | error for inconsistent hashes.
* | wrote out all the known issues; made an attempt at deal w/ unicode-v-bytes ↵Eli Collins2012-04-122-30/+88
| | | | | | | | issues, will try again some other time
* | starting branch to add ironpython supportEli Collins2012-04-122-3/+30
|/ | | | * adds hack to disable saslprep() since stringprep is missing
* ran full UTs, found and fixed a few bugs introduced in last few commits.Eli Collins2012-04-1115-34/+48
|
* rearranged some test casesEli Collins2012-04-112-45/+113
|
* clarify behavior for secret=None and hash=NoneEli Collins2012-04-1127-294/+278
| | | | | | | | | | | | | | | | | | | | | | | * passing a non-string secret or non-string hash to any CryptContext or handler method will now reliably result in a TypeError. previously, passing hash=None to many handler identify() and verify() methods would return False, while others would raise a TypeError. other handler methods would alternately throw ValueError or TypeError when passed a value that wasn't unicode or bytes. the various CryptContext methods also behaved inconsistently, depending on the behavior of the underlying handler. all of these behaviors are gone, they should all raise the same TypeError. * redid many of the from_string() methods to verify the hash type. * moved secret type & size validation to GenericHandler's encrypt/genhash/verify methods. this cheaply made the secret validation global to all hashes, and lets _calc_digest() implementations trust that the secret is valid. * updated the CryptContext and handler unittests to verify the above behavior is adhered to.
* replaced some common string ops with util funcs (repeat_string, ↵Eli Collins2012-04-108-30/+37
| | | | right_pad_string)
* tightened OS crypt backend testsEli Collins2012-04-107-36/+229
| | | | | | | | | * split os_crypt tests into separate mixin * tests now require os_crypt backends to detect some simple incorrect returns from crypt() - e.g. returning wrong ident prefix, wrong size, etc - added relevant asserts to all os_crypt backends * tests now check if platform crypt detection is functioning correctly via platform_crypt_support dict in tests.
* minor constant & comment tweaksEli Collins2012-04-104-12/+9
|
* md5_crypt / sha2-crypt cleanupEli Collins2012-04-104-512/+489
| | | | | * tried to clarify documentation & alg for builtin md5_crypt / sha2-crypt backends * replaced regex parser in sha2-crypt with index-based one - less redundant, and should be faster.
* parse_mc3/render_mc3 helpers now handle rounds str<->int, consolidated a ↵Eli Collins2012-04-103-90/+101
| | | | bunch of redundant code
* passlib.exc: added constructors for common errors, should normalize error ↵Eli Collins2012-04-1019-115/+184
| | | | messages
* ldap salted digest improvementsEli Collins2012-04-092-12/+69
| | | | | | * support variable salt size of 4-16 bytes [issue 30]. * throw correct error when invalid base64 encoding is encountered. * added some test vectors for the above.
* fixed issue 29 - m2crypto crash may be triggered by keylen > 32, not > 41 as ↵Eli Collins2012-04-091-5/+7
| | | | I previously thought
* *all* hashes now throw PasswordSizeError if password is larger than 4096 ↵Eli Collins2012-04-097-1/+53
| | | | chars; to prevent DOS issues.
* removed default policy file & objectEli Collins2012-04-093-76/+11
| | | | | | | was using default policy to store recommended defaults for hashes, but it only affects CryptContext objects, and users seem to frequent using the handler objects directly - so going to store recommended defaults in the handler from now on.
* misc bugfixesEli Collins2012-03-127-32/+85
| | | | | | | | | | | * removed cisco_type7 config string, conflicted w/ empty password * fixed unicode type issue in cisco_type7, win32.nthash * bsdi_crypt.min_rounds now 1 (0 results in identical hashes) * fixed unicode type issue in UPASS_TABLE tests for plaintext, ldap_plaintext * relocated test vectors from test_win32 to lmhash/nthash * 8bit test for UnsaltedHash * fuzz testing expanded to use 5-99 char passwords, and 1/10000 are empty *
* bcrypt workEli Collins2012-03-124-43/+101
| | | | | | | * added code to shoehorn $2$-support wrapper for bcryptor backend * added PasslibSecurityWarning when builtin backend is enabled (still considered whether it should be enabled by default) * py3 compat fix for repair_unused
* updated passlib.ext.django; made some notes about django 1.4Eli Collins2012-03-124-17/+35
| | | | (may not support django 1.4 until passlib 1.7)
* doc tweaksEli Collins2012-03-122-11/+12
|
* updated test support & py3 compat code from an external libraryEli Collins2012-03-1220-363/+439
| | | | | | | | | | | | | | | | passlib.tests ------------- * deprecated support for unittest 1... accumulated too many backports, planning to require unittest2 in next release. * case_prefix renamed to shortDescription * test case now archives & clears warning registry state in addition to warning filter state passlib.utils.compat -------------------- * a bunch of the bytes-related functions were renamed for clarity * NativeStringIO alias added * trange alias merged into irange
* misc bugfixes dealing with changes from last 8 or so commitsEli Collins2012-03-116-16/+27
|
* bugfix: change some context tests to use phpass instead of bsd_nthash or bcryptEli Collins2012-03-112-15/+18
|
* added hack to clear warnings registry so assertWarningList() tests will pass ↵Eli Collins2012-03-117-32/+53
| | | | reliably
* to_bytes, to_unicode, to_native_str: added special TypeErrors for None, ↵Eli Collins2012-03-102-8/+18
| | | | other small tweaks
* safe_crypt() now handles "*0" and similar error returns from crypt()Eli Collins2012-03-102-12/+31
|
* added some notesEli Collins2012-03-104-4/+18
|
* various bcrypt improvementsEli Collins2012-03-105-126/+318
| | | | | | | | | | | | * studied crypt_blowfish's 8bit bug - verified none of passlib's backends were affected - added recognition (but not support) for crypt_blowfish's $2x$ hash prefix - added support for crypt_blowfish's $2y$ hash prefix - note in docs about Passlib's current handling of crypt_blowfish 8bit issues. * refactored bcrypt's salt-unused-bits repair code into Base64Engine.repair_unused(), making the code cleaner and more isolated. a bunch more tests. * added bcrypt64 (bcrypt-base64 variant) to utils * added LazyBase64Engine to reduce memory / startup time
* cleanup of scram hash; improved norm_digest_name() and moved it to utils.pbkdf2Eli Collins2012-03-104-323/+345
|
* did rewrite of unix_fallback as unix_disabled; unix_fallback is now deprecatedEli Collins2012-03-105-15/+118
|
* added Window's DCC hashes (aka mscache / mscash) version 1 & 2Eli Collins2012-03-103-4/+194
|
* renamed nthash -> bsd_nthash; added real nthash implementedEli Collins2012-03-104-53/+121
| | | | | | | after some thought, realized the 'nthash' name should implement the raw hash. since bsd_nthash was very rarely used, it shouldn't present backwards incompatibility issues at this point to go ahead and rename it.
* added support for lmhashEli Collins2012-03-104-5/+143
|
View Lorry Controller Status