summaryrefslogtreecommitdiff
path: root/docs
Commit message (Collapse)AuthorAgeFilesLines
* disabling saslprep() support under Jython - it lacks the stringprep moduleEli Collins2012-04-171-0/+5
|
* a bunch of bugfixes found during unittestingEli Collins2012-04-171-1/+1
| | | | | | | | | | * bsdi_crypt apparently available on openbsd 4.9 * typo fixes * ConfigParser apparently only uses OrderedDict for >= PY27, adjusted CryptContext test accordingly * fixed test that depended on sha256_crypt.default_rounds * handle os_crypt backend w/ no fallback (bcrypt) * let _norm_rounds accept longs
* CryptPolicy deprecation, part 5 - updated docs, changelog, benchmark scriptEli Collins2012-04-175-88/+113
|
* updated passlib.apache module's api - more flexible to use, changed some ↵Eli Collins2012-04-171-13/+20
| | | | ambiguous method names
* issue warning if app requests even bsdi_crypt roundsEli Collins2012-04-131-10/+17
|
* work on des_crypt familyEli Collins2012-04-132-2/+2
| | | | | * cleaned up source of des_crypt variants and DES util functions * DES utils functions now have tighter input validation, full UT coverage
* clarify behavior for secret=None and hash=NoneEli Collins2012-04-111-9/+10
| | | | | | | | | | | | | | | | | | | | | | | * passing a non-string secret or non-string hash to any CryptContext or handler method will now reliably result in a TypeError. previously, passing hash=None to many handler identify() and verify() methods would return False, while others would raise a TypeError. other handler methods would alternately throw ValueError or TypeError when passed a value that wasn't unicode or bytes. the various CryptContext methods also behaved inconsistently, depending on the behavior of the underlying handler. all of these behaviors are gone, they should all raise the same TypeError. * redid many of the from_string() methods to verify the hash type. * moved secret type & size validation to GenericHandler's encrypt/genhash/verify methods. this cheaply made the secret validation global to all hashes, and lets _calc_digest() implementations trust that the secret is valid. * updated the CryptContext and handler unittests to verify the above behavior is adhered to.
* ldap salted digest improvementsEli Collins2012-04-091-3/+12
| | | | | | * support variable salt size of 4-16 bytes [issue 30]. * throw correct error when invalid base64 encoding is encountered. * added some test vectors for the above.
* *all* hashes now throw PasswordSizeError if password is larger than 4096 ↵Eli Collins2012-04-091-0/+1
| | | | chars; to prevent DOS issues.
* removed default policy file & objectEli Collins2012-04-091-8/+0
| | | | | | | was using default policy to store recommended defaults for hashes, but it only affects CryptContext objects, and users seem to frequent using the handler objects directly - so going to store recommended defaults in the handler from now on.
* bcrypt workEli Collins2012-03-121-0/+1
| | | | | | | * added code to shoehorn $2$-support wrapper for bcryptor backend * added PasslibSecurityWarning when builtin backend is enabled (still considered whether it should be enabled by default) * py3 compat fix for repair_unused
* updated passlib.ext.django; made some notes about django 1.4Eli Collins2012-03-121-32/+33
| | | | (may not support django 1.4 until passlib 1.7)
* doc tweaksEli Collins2012-03-124-7/+19
|
* updated test support & py3 compat code from an external libraryEli Collins2012-03-121-9/+9
| | | | | | | | | | | | | | | | passlib.tests ------------- * deprecated support for unittest 1... accumulated too many backports, planning to require unittest2 in next release. * case_prefix renamed to shortDescription * test case now archives & clears warning registry state in addition to warning filter state passlib.utils.compat -------------------- * a bunch of the bytes-related functions were renamed for clarity * NativeStringIO alias added * trange alias merged into irange
* added some notesEli Collins2012-03-101-18/+0
|
* doc tweaksEli Collins2012-03-103-16/+14
|
* various bcrypt improvementsEli Collins2012-03-101-3/+33
| | | | | | | | | | | | * studied crypt_blowfish's 8bit bug - verified none of passlib's backends were affected - added recognition (but not support) for crypt_blowfish's $2x$ hash prefix - added support for crypt_blowfish's $2y$ hash prefix - note in docs about Passlib's current handling of crypt_blowfish 8bit issues. * refactored bcrypt's salt-unused-bits repair code into Base64Engine.repair_unused(), making the code cleaner and more isolated. a bunch more tests. * added bcrypt64 (bcrypt-base64 variant) to utils * added LazyBase64Engine to reduce memory / startup time
* cleanup of scram hash; improved norm_digest_name() and moved it to utils.pbkdf2Eli Collins2012-03-102-16/+46
|
* did rewrite of unix_fallback as unix_disabled; unix_fallback is now deprecatedEli Collins2012-03-104-57/+50
|
* added Window's DCC hashes (aka mscache / mscash) version 1 & 2Eli Collins2012-03-103-2/+206
|
* renamed nthash -> bsd_nthash; added real nthash implementedEli Collins2012-03-104-33/+58
| | | | | | | after some thought, realized the 'nthash' name should implement the raw hash. since bsd_nthash was very rarely used, it shouldn't present backwards incompatibility issues at this point to go ahead and rename it.
* added support for lmhashEli Collins2012-03-102-0/+164
|
* added support for Cisco PIX & Type 7 hashesEli Collins2012-03-104-6/+315
| | | | | | | | * Cisco Type 5 appears to be same as md5_crypt * added requires_user=False support to HandlerCase * added more through salt-generation test (since cisco_pix has only 4 bits of salt) * added HandlerCase test to ensure user is used as salt
* added mssql 2000/2005 hashes; enhanced HandlerCase's password case sensitive ↵Eli Collins2012-03-103-0/+193
| | | | test
* utils.handlers framework reworked; removed a bunch of boilerplate codeEli Collins2012-03-091-5/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | * StaticHandler is now subclass of GenericHandler - _calc_checksum() should be implemented instead of encrypt(). (compatibility stub added so old code should continue to work) - _norm_hash() no longer needs to handle ->unicode conversion - default from_string() contains a bunch of features, including stripping a known prefix, etc. * context kwds now pulled into constructor, so GenericHandler supports context kwds properly; HasUserContext mixin added to support common 'user' context kwd * identify_regexp & identify_prefix removed, functionality rolled into default GenericHandler.identify() implementation. - default identify checks _hash_regex as potential way to identify hashes * HasStubChecksum removed, functionality rolled into GenericHandler * HasRawChecksum now just sets a flag, functionality moved into GenericHandler * HasManyIdents._parse_ident() helper added to valid & split identifier from hashes. * GenericHandler._norm_checksum() is now strict about unicode / bytes
* base HandlerCase class reworkedEli Collins2012-03-091-1/+1
| | | | | | | | | | | | * reworked warning-matching code into assertWarningList() method * reorganized HandlerCase hash tests based on cross-cutting topic, not per-function; this combined many tests together to eliminate redundant setup * added test of reported rounds limits * added better fuzz testing - tests random passwords & options using encrypt(), and verifies against any all available backends * added flags to properly support 'disabled' handlers, and other border cases. * added tests for password & user case-sensitivity * restores warning filters after every test
* MergeEli Collins2012-02-0818-66/+74
|\
| * renamed calc_checksum() -> _calc_checksum(), hiding the last of the private ↵Eli Collins2012-02-081-2/+2
| | | | | | | | methods of most handlers
| * renamed passlib.exc warning classesEli Collins2012-02-082-3/+3
| |
| * documentation updates for last two commitsEli Collins2012-02-0817-62/+70
| |
* | deprecating min_verify_time option; doesn't meaningfully increase security, ↵Eli Collins2012-01-192-12/+10
|/ | | | and adds code complexity
* simplified crypt.crypt() wrappersEli Collins2012-01-191-1/+1
| | | | | | | * safe_crypt() improved - accepts unicode/bytes for salt, checks for NULL, returns None on failure * added test_crypt() wrapper to simplify backend checks. * removed native=True from most to_string() implementations, unused now. * updated UTs
* split exceptions/warnings to separate module; added some additional warning ↵Eli Collins2012-01-183-4/+21
| | | | classes to make filtering easier
* documentation updates for latest round of changesEli Collins2012-01-188-85/+114
|
* deprecated unused int<->bytes utilsEli Collins2012-01-181-2/+0
|
* replaced utils.h64 module with utils.Base64Engine instanceEli Collins2012-01-1812-38/+104
| | | | | | | | | | | * new utils.Base64Engine() provides flexible class for encoding arbitrary base64 charmaps. it should also be a bit faster than the old h64 module. * predefined 'h64' instance has mostly the same methods as the old h64 module which it takes the place off - so imports should be unaffected. (the only the exception of the xxx_dc_xxx methods, which now use the 'h64big' instance) * replaced utils._blowfish base64 encoding with custom Base64Engine instance to reduce code duplication. * more through unittests for Base64Engine.
* added example hashes to scram documentation, other doc tweaksEli Collins2012-01-102-38/+45
|
* lots of work on scram hashEli Collins2012-01-092-0/+137
| | | | | | | | | | | | | | | | | | | | | | | | | handler ------- * added 'scram' to default registry list * handler 'algs' keyword now parsed & validated correctly * digest names normalized -> IANA spec * saslprep() integrated into code * added config string format related ------- * added documentation (still needs cleaning up though) * added majority of UTs, still need to add a few edge cases other ----- * redid context->handler deprecation link - code now looks for handler._deprecated_detector(settings) to generate a callable, should be more efficient, and allow errors to be throw at bind-time instead of call-time. * pbkdf2() function now treats keylen = -1 as request for keylen = PRF digest size.
* clarified border case where verify() accepted configuration strings instead ↵Eli Collins2012-01-091-4/+8
| | | | of throwing ValueError for some handlers
* minor doc changesEli Collins2012-01-021-5/+4
|
* CryptContext can now run passwords through SASLPrep via "passprep" options ↵Eli Collins2012-01-021-0/+31
| | | | [issue 24]
* deprecated to_hash_str, replaced all instances with to_native_strEli Collins2011-12-281-4/+0
| | | | | | decided that to_hash_str will always return native string, feature of hashes being returned as unicode under python 2 is better done through a CryptContext option.
* Merge from defaultEli Collins2011-12-281-4/+2
|\
| * large rewrite of how CryptPolicy is parsed and compiled; should result in ↵Eli Collins2011-12-221-4/+2
| | | | | | | | *much* shorter codepath when calling CryptContext.encrypt(), etc
* | removed 2to3 translation step from setupEli Collins2011-12-061-10/+1
|/
* updated documentation to use some cloud_sptheme 1.3 featuresEli Collins2011-12-024-16/+28
| | | | | * escaped {} literals in *samp* roles - used on some doc pages * google analytics integration for pypi docs
* all verify() methods now use "constant time" comparison function (see ↵Eli Collins2011-12-011-0/+1
| | | | CHANGELOG for details)
* minor documentation changesEli Collins2011-12-013-19/+22
|
* Merge 1.5.3 bugfixesEli Collins2011-10-082-4/+4
|\
| * Merge fixes from release-1.5Eli Collins2011-09-192-4/+4
| |\
View Lorry Controller Status