summaryrefslogtreecommitdiff
path: root/passlib/context.py
Commit message (Collapse)AuthorAgeFilesLines
* CryptPolicy deprecated, part2 - updated rest of library to use CryptContext ↵Eli Collins2012-04-171-12/+30
| | | | directly
* _CryptRecord cleaned up a little internally, default_rounds clipping logic ↵Eli Collins2012-04-171-138/+182
| | | | tweaked a little
* deprecated CryptPolicy, moved all of it's features into CryptContext (part 1)Eli Collins2012-04-171-682/+1508
| | | | | | | | | | * this should simplify the api for users, CryptPolicy encapsulated an implementation detail they didn't need to deal with. * config file parsing is a lot stricter, easier for apps to add custom hacks * CryptContext instances can now be reconfigured much easier. * loads should be faster. (breaking changes into multiple commits)
* issue warning if app requests even bsdi_crypt roundsEli Collins2012-04-131-0/+8
|
* assorted bugfixes, tweaks, and tests added; based on coverage examinationEli Collins2012-04-121-1/+1
| | | | | | | * test os_crypt backend has functional fallback * test handler methods accept all unicode/bytes combinations for secret & hash * fixed some incorrect error messages & types being caught & raised * other minor cleanups
* ran full UTs, found and fixed a few bugs introduced in last few commits.Eli Collins2012-04-111-1/+2
|
* clarify behavior for secret=None and hash=NoneEli Collins2012-04-111-21/+21
| | | | | | | | | | | | | | | | | | | | | | | * passing a non-string secret or non-string hash to any CryptContext or handler method will now reliably result in a TypeError. previously, passing hash=None to many handler identify() and verify() methods would return False, while others would raise a TypeError. other handler methods would alternately throw ValueError or TypeError when passed a value that wasn't unicode or bytes. the various CryptContext methods also behaved inconsistently, depending on the behavior of the underlying handler. all of these behaviors are gone, they should all raise the same TypeError. * redid many of the from_string() methods to verify the hash type. * moved secret type & size validation to GenericHandler's encrypt/genhash/verify methods. this cheaply made the secret validation global to all hashes, and lets _calc_digest() implementations trust that the secret is valid. * updated the CryptContext and handler unittests to verify the above behavior is adhered to.
* removed default policy file & objectEli Collins2012-04-091-43/+8
| | | | | | | was using default policy to store recommended defaults for hashes, but it only affects CryptContext objects, and users seem to frequent using the handler objects directly - so going to store recommended defaults in the handler from now on.
* updated test support & py3 compat code from an external libraryEli Collins2012-03-121-4/+3
| | | | | | | | | | | | | | | | passlib.tests ------------- * deprecated support for unittest 1... accumulated too many backports, planning to require unittest2 in next release. * case_prefix renamed to shortDescription * test case now archives & clears warning registry state in addition to warning filter state passlib.utils.compat -------------------- * a bunch of the bytes-related functions were renamed for clarity * NativeStringIO alias added * trange alias merged into irange
* misc bugfixes dealing with changes from last 8 or so commitsEli Collins2012-03-111-2/+5
|
* MergeEli Collins2012-02-081-5/+5
|\
| * renamed passlib.exc warning classesEli Collins2012-02-081-6/+6
| |
* | deprecating min_verify_time option; doesn't meaningfully increase security, ↵Eli Collins2012-01-191-4/+10
|/ | | | and adds code complexity
* split exceptions/warnings to separate module; added some additional warning ↵Eli Collins2012-01-181-6/+7
| | | | classes to make filtering easier
* import cleanupsEli Collins2012-01-181-6/+5
| | | | | | | | | | | | | | | * moved bytes compat functions from utils to utils.compat (bord, bjoin, bjoin_ints, bjoin_elems, ujoin) * renamed bord -> belem_ord for clarify * a bunch of to_native_str() always use ascii, and have fixed input types (always bytes or always unicode). these don't need overhead of to_native_str(), so replaced those calls with two new funcs: compat.bascii_to_str() / compat.uascii_to_str() * cleaned up a lot of imports from utils/utils.compat to pull from correct module * simplified the to_string() logic of a bunch of handlers to reduce unicode<->byte transitions
* lots of work on scram hashEli Collins2012-01-091-7/+15
| | | | | | | | | | | | | | | | | | | | | | | | | handler ------- * added 'scram' to default registry list * handler 'algs' keyword now parsed & validated correctly * digest names normalized -> IANA spec * saslprep() integrated into code * added config string format related ------- * added documentation (still needs cleaning up though) * added majority of UTs, still need to add a few edge cases other ----- * redid context->handler deprecation link - code now looks for handler._deprecated_detector(settings) to generate a callable, should be more efficient, and allow errors to be throw at bind-time instead of call-time. * pbkdf2() function now treats keylen = -1 as request for keylen = PRF digest size.
* renamed utils.timer -> utils.tickEli Collins2012-01-051-3/+3
|
* context tweaks:Eli Collins2012-01-021-8/+13
| | | | | | * _generate_rounds disables if 'rounds' specified in policy settings for hash. * KeyError will now be thrown if policy specifies setting not supported by handler. * set stacklevel for rounds bound warning so it matches where encrypt() was called.
* CryptContext can now run passwords through SASLPrep via "passprep" options ↵Eli Collins2012-01-021-2/+60
| | | | [issue 24]
* mvt code now uses time.clock() under win32Eli Collins2011-12-281-12/+5
|
* removed Undef singleton, private _NOTSET singletons are cleaner.Eli Collins2011-12-281-1/+1
|
* misc fixes for py3 compatEli Collins2011-12-281-8/+9
|
* updated some commentsEli Collins2011-12-281-12/+9
|
* Merge from defaultEli Collins2011-12-281-502/+869
|\
| * CryptPolicy rewrite part 2Eli Collins2011-12-271-585/+658
| | | | | | | | | | | | | | | | | | | | * refactoring policy kwd parsing & separation with crypt context * internal record objects now part of context instead of policy. * min_verify_time now handled by record objects, now optimized away entirely if not used. * new interface to policy is currently private, will probably delay deprecated / revising public interface until next release. * creating policy & context objects is now 30% faster. * shortened code path when calling context objects now 14% faster.
| * typoEli Collins2011-12-221-1/+1
| |
| * large rewrite of how CryptPolicy is parsed and compiled; should result in ↵Eli Collins2011-12-221-324/+611
| | | | | | | | *much* shorter codepath when calling CryptContext.encrypt(), etc
* | couple of minor tweaks - basic unittests pass 2.7 & 3.2Eli Collins2011-12-061-3/+3
| |
* | added compat.unicode imports in a number of placesEli Collins2011-12-061-2/+2
| | | | | | | | | | | | | | | | this distinguishes the types, so that for isinstance() tests... * 'unicode' always means the unicode type * 'bytes' always means the bytes type * 'str' always means the native string type
* | added compat.aliased lazy-loading module, aliases for BytesIO/StringIOEli Collins2011-12-061-34/+29
| |
* | moved sys_bits to compat, added exc_err, removed utils.py32_langEli Collins2011-12-061-3/+3
| |
* | replaced (int,long) instance checks with compat.int_typesEli Collins2011-12-061-2/+2
| |
* | added compatibility module (passlib.utils.compat)Eli Collins2011-12-061-12/+8
|/ | | | | | | | | exports specialized range & map aliases, and some dict helpers * all dict.iteritems() calls replaced with compat.iteritems(dict) * all xrange() calls replaced with compat.irange() * all range() calls replaced with compat.trange() and compat.lrange() as appropriate * all map() calls replaced with compat.lmap()
* Merge 1.5.3 bugfixesEli Collins2011-10-081-60/+6
|\
| * Merge fixes from release-1.5Eli Collins2011-09-191-60/+6
| |\
| | * beginning 1.6 devEli Collins2011-08-251-60/+6
| | | | | | | | | | | | | | | * removed previously deprecated support for ConfigParser interpolated files * removed previously deprecated support for set_backend(None)
* | | minor documentation updatesEli Collins2011-10-071-1/+1
| | |
* | | bcrypt padding work:Eli Collins2011-10-071-0/+5
|/ / | | | | | | | | | | | | | | * added changelog entry re: issue & fix * bcrypt now warns about padding bits in digest as well * bcrypt.normhash() now normalizes salt padding bits, digest padding bits, and rounds zero-padding * hash_needs_update() will now flag unclean bcrypt hashes as needing an update * UTs for hash_needs_update(), and digest padding bit handling
* | fixed small bug in CryptPolicy.iter_config() related to deprecation optionsEli Collins2011-09-141-4/+8
| |
* | added documentation for verify_and_updateEli Collins2011-09-141-1/+48
|/
* provide fallbackEli Collins2011-08-121-3/+30
|
* bugfix to CryptContext.verify [issue 17]Eli Collins2011-08-101-1/+2
| | | | | | | * fixed formatting error thrown by CryptContext.verify when issuing min_verify_time warning * rewrote CryptContext.verify's min_verify_time UT to: - use mock hash handler - verify that appropriate warning is issued when going overtime
* ConfigParser deprecation tweaksEli Collins2011-07-111-5/+15
| | | | | | * Py3.2 renamed SafeConfigParser -> ConfigParser, we now import that to silence deprecation warnings * Py3.2 deprecated parser.readfp() in favor of read_file() * added py3k_lang, py32_lang constants to simplify future checks
* tried to clarify variable names w/in policy parsing codeEli Collins2011-07-101-23/+45
|
* misc documentation tweaksEli Collins2011-06-301-12/+12
|
* basic work to make CryptContext unicode aware.Eli Collins2011-06-161-34/+91
| | | | | | * updated CryptContext UTs as well. * also added some general unicode<->bytes helpers to utils (needs UTs). * also a few 2to3 conditional hints added to CryptContext so passlib can load
* bugfix: changed CryptPolicy to use SafeConfigParser (as it really should ↵Eli Collins2011-06-041-5/+59
| | | | | | | | have all along) * this may break parsing of some files which have "vary_rounds = 10%", that should now read "vary_rounds = 10%%". * currently detecting that case, and falling back to old behavior + userwarning * passlib 1.6 will let this be fatal.
* large rework of documentation; mainly to give more room to LDAP hashes, and ↵Eli Collins2011-04-291-1/+10
| | | | document ldap CRYPT hashes
* added LazyCryptContext - delays parsing policy & loading handlers until ↵Eli Collins2011-04-081-1/+65
| | | | actually used
* bugfix: typo in border case of min_verify_timeEli Collins2011-03-301-1/+1
|
View Lorry Controller Status