From 5bd6deb8144cb24caa51e82c7682f706ecc09a6c Mon Sep 17 00:00:00 2001 From: Eli Collins Date: Wed, 11 Apr 2012 17:49:09 -0400 Subject: clarify behavior for secret=None and hash=None * passing a non-string secret or non-string hash to any CryptContext or handler method will now reliably result in a TypeError. previously, passing hash=None to many handler identify() and verify() methods would return False, while others would raise a TypeError. other handler methods would alternately throw ValueError or TypeError when passed a value that wasn't unicode or bytes. the various CryptContext methods also behaved inconsistently, depending on the behavior of the underlying handler. all of these behaviors are gone, they should all raise the same TypeError. * redid many of the from_string() methods to verify the hash type. * moved secret type & size validation to GenericHandler's encrypt/genhash/verify methods. this cheaply made the secret validation global to all hashes, and lets _calc_digest() implementations trust that the secret is valid. * updated the CryptContext and handler unittests to verify the above behavior is adhered to. --- CHANGES | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'CHANGES') diff --git a/CHANGES b/CHANGES index c329398..866d845 100644 --- a/CHANGES +++ b/CHANGES @@ -84,6 +84,14 @@ Release History legacy config files may need to escape raw ``%`` characters in order to load successfully. + * The main CryptContext methods (e.g. :meth:`~CryptContext.encrypt`, + and :meth:`~CryptContext.verify`) will now consistently raise + a :exc:`TypeError` when called with ``hash=None`` or another + non-string type, to match the :doc:`password-hash-api`. + Under previous releases, they might return ``False``, + raise :exc:`ValueError`, or raise :exc:`TypeError`, + depending on the specific method and context settings. + Utils .. currentmodule:: passlib.utils.handlers -- cgit v1.2.1