summaryrefslogtreecommitdiff
path: root/docs/lib
Commit message (Collapse)AuthorAgeFilesLines
* Merge from stableEli Collins2020-10-081-8/+12
|\ | | | | | | | | | | | | As part of merge: * various: reverted the py26 compat fixes from rev 5e2f92012412 * test utils: stripped out "has_real_subtest" compat from rev c732a9e2a582, since now on py35+, which always has .subTest() method
| * passlib.ext.django: Updated UTs to work with latest django releaseEli Collins2020-10-071-8/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (should fix long-standing issue 98) * test_ext_django: - Simplified "stock config" setup code. It now gets it's "sha_rounds" value from the django source, so we don't have to manually update it every time django changes their default. This should require less maintenance across minor django releases. (Should fix issue 98, and prevent recurrence) - Updated tests to account for quirks in how encoded hashes are handled. Specifically: None, "", and invalid hashes all cause subtly different behaviors across django versions. tests pass against django 1.8 - 3.1. - split "empty hash" test out from the loop it shared with "null hash" test, since the two behave differently. * tox: expanded envlist to explicitly test a bunch more django versions (1.8 - 3.1); and remove some needless "django 2.x + py2" tests * passlib.apps: reformatted django CryptContext declarations; added one for django 2.1 (which dropped "django_bcrypt" it's default list) * passlib.ext.django: - added internal "quirks" helper as central place to track minor edge-case changes between django versions. - passlib_to_django() helper now falls back to searching hasher classes directly, even if patch isn't installed. this allows it to work for django hashers that have been removed from django's default list.
* | passlib.hash.bcrypt: remove support for "bcryptor" backendEli Collins2020-10-061-7/+0
| |
* | docs & setup: updates text & setup requirements to indicate we need minimumEli Collins2020-10-061-6/+0
| | | | | | | | of Python 3.5.
* | Merge from stableEli Collins2020-10-068-28/+49
|\ \ | |/
| * docs / sha crypt: commented out the "implicit_rounds" param in docs,Eli Collins2020-10-061-3/+3
| | | | | | | | | | it's not actually supported by using(), and isn't needed for users (issue 121)
| * passlib.hash: added ldap_salted_sha256 & ldap_salted_512 (issue 124)Eli Collins2020-10-053-2/+7
| |
| * passlib.handlers: cases where crypt() returns malformed hashEli Collins2020-10-051-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | now return a single unified InternalBackendError() class, instead of AssertionError. This change has a couple of parts: * assert statements replaced with permanent checks, since crypt() is unpredictable enough that we need to have this always on, even if production runs code in "-O2" mode. * added debug_only_repr() helper which allows including sensitive stuff like salts & hash digests within error tracebacks -- will only do so when global flag is enabled; and that's currently only set by unittest suite. * added new InternalBackendError() exception class (a RuntimeError subclass); which is raised instead of an AssertionError.
| * bcrypt / os_crypt backend: now throws new PasswordValueError()Eli Collins2020-05-121-0/+2
| | | | | | | | | | | | | | | | | | when encoding issue is found, to separate this from an unexpected error when calling crypt.crypt() (these will still raise MissingBackendError). also tweaked internal safe_verify() helper to catch errors thrown by os_crypt backend (MissingBackendError would previously slip through, causing spurious UT failures)
| * passlib.hash.bcrypt_sha256: now uses hmac-sha256 instead of plain sha256Eli Collins2020-02-162-14/+27
| | | | | | | | (fixes issue 114)
| * passlib.hash.bcrypt: added notes re: final salt characterEli Collins2020-02-171-0/+2
| |
| * docs: various minor updatesEli Collins2020-02-162-9/+6
| |
* | Merge from stableEli Collins2019-11-222-4/+12
|\ \ | |/
| * bcrypt: deprecated support for "py-bcrypt" and "bcryptor" backendsEli Collins2019-11-221-2/+10
| |
| * docs: minor text & build issuesEli Collins2019-11-191-2/+2
| | | | | | | | | | | | * fix some typos * silence unrefrenced footnote warnings (expected, can fix later) * add intersphinx config to link to py3 stdlib
* | Merge from stableEli Collins2019-11-111-4/+9
|\ \ | |/
| * passlib.crypto.scrypt: add support for hashlib.scrypt() backend (fixes issue 86)Eli Collins2019-11-111-4/+9
| |
* | Merge from stableEli Collins2019-11-103-21/+11
|\ \ | |/
| * docs: updated password generation section to endorse 'zxcvbn' over alternate ↵Thomas “graingert” Grainger2019-03-041-2/+2
| | | | | | | | forks
| * docs: updated password generation section to endorze 'zxcvbn-python' over ↵Eli Collins2017-06-061-15/+5
| | | | | | | | alternate forks
| * docs: updated rounds in bcrypt examples (fixes issue #91)Eli Collins2017-06-062-6/+6
| |
* | passlib.context: removed deprecated 'harden_verify' kwdEli Collins2017-01-301-13/+0
| |
* | Merge with stableEli Collins2017-01-306-78/+153
|\ \ | |/
| * passlib.apache: updated internal commentsEli Collins2017-01-301-1/+1
| |
| * passlib.hash.bsdi_crypt.rst edited online with BitbucketJohn McLaughlin2017-01-291-1/+1
| | | | | | | | (grafted from 2a0ee135a56568ff8442cdbc2775adc1ae8f304f)
| * bugfix: passlib.hash.cisco_pix & cisco_asa: major overhaul of internal ↵Eli Collins2017-01-303-56/+140
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | implementation, fixed a number of edge cases where we were generating the wrong thing. tests ----- * expanded test vectors, and ran them against an ASA 9.6 system. marked out all vectors that were verified on 9.6 system. found that user appending, and various size thresholds, weren't being performed correctly by cisco_pix & cisco_asa -- certain hashes generated prior to this will be "unverifiable" by a Cisco system. * consolidated shared pix & asa tests into common base class. * added test for "spoil_digest" codepath that's been added to cisco_pix _calc_digest() (see below). hashers ------- * cisco_pix & cisco_asa now reject too-large passwords, and silently return False when verifying them; to match Cisco behavior. updated truncate policy flags to match new behavior. * overhaul of _calc_checksum(), to fix identified issues, lay out guesses & reasoning, and added some citations. docs ---- * updated docs to list new algorithm, and conditions where the old code would generate a bad hash. * general cleanup of doc layout for these hashes * updated "Cisco Hashes" section to give better listing of known hash formats.
| * Per issue 83, all "harden_verify" code is now deprecated & a noop.Eli Collins2017-01-291-22/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | will be removed completely in 1.8. Rationale: Aside from the arguments in issue 83, performed a timing analysis, and decided harden_verify framework wasn't going to be easily workable to prevent a timing attack anyways (see attached admin/plot_verify_timing.py script). Changes: * dummy_verify() has been kept around, but now uses .verify() against a dummy hash, which is guaranteed to have correct timing (though wastes cpu cycles). * Removed most harden_verify code, treating it as NOOP just like min_verify_time. Similarly, removed most documentation references to.
| * passlib.crypto.scrypt: reworked backend loader internalsEli Collins2017-01-231-1/+1
| | | | | | | | | | | | | | | | | | | | * reworked backends so they're more pluggable. * added _has_backend() helper for UTs to use, instead of _load_backend() hack, which wasn't respecting dryrun flag. this is mainly in preparation for issue 86: adding backend to support stdlib's hashlib.scrypt().
* | passlib.hash.bsdi_crypt.rst edited online with BitbucketJohn McLaughlin2017-01-291-1/+1
| |
* | Merge with stableEli Collins2017-01-221-2/+5
|\ \ | |/
| * docs: update bcrypt docs to indicate correct default scheme (fixes issue 85)Eli Collins2017-01-221-2/+5
| | | | | | | | also corrects some other bits in bcrypt docs.
* | general: went ahead and removed a bunch of deprecated features that were ↵Eli Collins2016-11-284-30/+4
|/ | | | | | | | | scheduled for removal in v1.8. this removes CryptPolicy, unix_fallback, some old HtpasswdFile methods, and more. tests were updated as well. see history/1.8 for a complete list.
* docs: wording tweaks, emphasized 1.7 changes in hash tutorial, added note ↵Eli Collins2016-11-271-8/+6
| | | | about saslprep()
* docs: minor wording corrections, replaced 'encrypt' with 'hash' in a bunch ↵Eli Collins2016-11-2531-43/+43
| | | | of places.
* docs: marked 1.7 release in changelog, various doc updatesEli Collins2016-11-221-19/+21
|
* passlib.utils: relocated a bunch of binary encoding helpers to .utils.binary ↵Eli Collins2016-11-2214-99/+119
| | | | submodule
* passlib.ext.django: large refactor to make things more isolated & testable.Eli Collins2016-11-221-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | passlib.ext.django ------------------ * everything in .models relocated to the DjangoContextAdapter() class in .utils. all that's left in models is a couple of hooks. This consolidates all the model state into a single object, making it a lot easier to inspect and optimize. * consolidated a bunch of (undocumented) helper functions into DjangoTranslator() class, which now acts as based for DjangoContextAdapter. Translator instances handle converted passlib <-> django hashers, including caching speed-critical bits. * wrapper class now has guards against wrong type of hasher being passed in * wrapper class uses .using() instead of deprecated .hash(**kwds) format. * updated and confirmed passing tests w/ django 1.10.3 passlib.ext.django tests ------------------------ * split test wrapper for django's internal tests (HashersTest) into separate file, test_ext_django_source.py, to make it easier to run independantly. reworked to use patchAttr(wraps=True) rather than less flexible ContextHook() hack * tries to clean up HashersTest - adapts to django settings, fixed code syncing .iteration settings back to passlib hashers, * blocked out some django tests that we can't / won't pass, documented reasons why. other ----- * CryptContext: added temporary hack to access unpatched Hasher.needs_update() method. * PrefixWrapper: now proxies attr writes if it owns the wrapped hasher. * test utils: added wrap=True support to patchAttr(), for wrapping arbitrary functions.
* passlib.handlers.django: added support for django_argon2Eli Collins2016-11-222-13/+68
| | | | | | | * added django_argon2 wrapper & docs * added method for PrefixWrapper to generically preserve custom attrs when creating variants, so .django_name attr is persisted across .using() calls.
* bugfix: docs: added sphinx 'orphan' flag to silence errors about redirect pages.Eli Collins2016-11-201-0/+5
|
* docs: followup to prior commit -- adds stub pages so not to break inbound links.Eli Collins2016-11-201-0/+3
|
* docs: LARGE update to documentation, tutorials added, pages relocatedEli Collins2016-11-2031-1468/+839
| | | | | | | | | | | | | | | | * moved a bunch of pages into 'docs/narr' narrative subsection. added placeholder pages in old locations, to minimize inbound link breakage. * split history into separate pages, was getting way too long. removed toplevel CHANGES file, not feasible under new structure. * passlib.ifc split into reference & tutorial portions, tutorial allowed subsuming a bunch of other hash-usage examples. * added standard fragments for warning about insecure hashes, added them to top of a LOT of hash doc pages. * updated references, various layout tweaks
* passlib.totp: doc fixes, TokenError() no longer requires explicit message,Eli Collins2016-11-191-1/+1
| | | | UsedTokenError now has a default message.
* totp: doc fixes, description of alternate caching strategy, serialization stepEli Collins2016-11-102-18/+122
| | | | | | | | | | | * added description of alternate caching strategy using normalize_token() and storing tokens instead of last_counter * added details of steps for reserializing TOTP objects w/ new secret. * warning that TOTP keys should always be encrypted * fixed some code block markup issues
* totp: TOTP.normalize_token() turned into hybrid method, made public;Eli Collins2016-11-101-7/+9
| | | | TOTP.normalize_time() turned into class method, made public.
* totp: added cache_seconds to TotpMatch repr, fixed py3 bug in UTsEli Collins2016-11-101-1/+1
|
* pwd: updated docs, made default word/charsets public, minor optimizationsEli Collins2016-11-101-12/+43
| | | | | | | | | | | * updated doc strings, documented ZXCBN project urls * wordsets now use lazy-loading dictionary, so dict can be accessed normally, yet still preserve lazy loading behavior behind the scenes. * unique char/word check now caches results, to speed up subsequent calls. *
* docs: updated some docstrings, internal notesEli Collins2016-11-092-1/+8
|
* totp: corrections to tutorialEli Collins2016-11-091-0/+3
|
* totp: huge overhaul of the documentation, tutorial should be finished (?)Eli Collins2016-11-092-169/+387
|
* totp: consolidated key parsing code, clarified AppWallet behavior,Eli Collins2016-11-091-1/+1
| | | | | | | | | | | | | | | | * renamed AppWallet.can_encrypt -> AppWallet.has_secrets, no longer set to False if AES support is missing -- that way if app provides a secret, we either encrypt or throw error, rather than silently not encrypting. * .to_dict()'s "encrypt" keyword now uses None as default, rather than special string "auto" * hmac function now cached across multiple ._generate() calls, making ._find_match() a lot faster. * .key now a property, so that setting it clears encrypt key & hmac cache * factored out encrypted key code into .encrypted_key property.
View Lorry Controller Status