summaryrefslogtreecommitdiff
path: root/passlib/ext
Commit message (Collapse)AuthorAgeFilesLines
* deprecating the 'vary_rounds' option -- *very* little security benefit,Eli Collins2016-06-101-1/+0
| | | | | | | and not worth the amount of code it requires to support it. * stripped out vary_rounds from all internal presets * added deprecation warning if it's ever used
* .encrypt() method renamed to .hash(), other api cleanupsEli Collins2016-06-102-18/+8
| | | | | | | | | | | | | | | | .encrypt() ---------- hash.encrypt() & context.encrypt() have been renamed to .hash(). this should take care of the long-standing issue 21 (the poor naming of .encrypt). per docs, legacy aliases will remain in place until passlib 2.0. .genhash() / .genconfig() ------------------------- taking advantage of this reorganization to also deprecate .genconfig() and .genhash() -- they're not really useful in a modern system, nor as needed for historical support as initially thought: .genconfig() will be retired completely in passlib 2.0; .genhash() is rolled into the new .hash() method along with .encrypt().
* passlib.ext.django: dropped support for django 1.6-1.7, per passlib 1.6.6 ↵Eli Collins2016-02-092-27/+17
| | | | | | | | | announcement motivation is that django hashers framework has matured greatly as of django 1.8, and dropping all prior versions not only eases support burden, but opens up opportunity for integration via less invasive method in a future passlib release, using django 1.8 as a common base.
* Merge with stableEli Collins2016-02-092-30/+169
|\
| * passlib.ext.django: fixes so we're compatible with django 1.9, fixes issue 68Eli Collins2016-02-082-31/+175
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | failures were mostly in the unittests, not in passlib proper. however, to get things working, ended up making some internal improvements to django integration. * passlib.ext.django now patches get_hashers() for django 1.8+ * the (still internal) _PasslibHasherWrapper, which wraps a passlib hash in a django-hasher-compatible api, got an overhaul: - 'rounds' and 'iterations' attributes now populated from underlying passlib hasher, so inspecting them gives sane result. - now autohandles 'rounds' vs 'iterations' to match expected django api. - bugfix: correct OrderedDict import removed in django 1.9 - .must_update() now mimics django's semantics, using wrapped handler.parse_rounds(). previously just always returned False. - NOTE: all these changes bring this thing much closer to be able to provide passlib handlers TO django, rather than having to patch entire django framework. * unittests - django 1.7+: populate django apps before test; required as of 1.9 - added rounds settings required for 1.9 test to function - django tests integratio - now keeps context in sync for all hashers, not just pbkdf2_sha256; needed to pass some django 1.9 tests. * django 1.8 is LTS, and <= 1.7 is EOLed, per https://www.djangoproject.com/download/; so now planning to drop django 1.6 / 1.7 support in passlib 1.7.
* | passlib.ext.django cleanupsEli Collins2015-07-222-47/+37
| | | | | | | | | | | | | | | | | | | | | | | | * stripped out support for django 1.4/1.5; removes a TON of edge cases we no longer need. * added formal MIN_DJANGO_VERSION constant, moved version check to models._apply() so test cases don't throw error if older django is present. * monkeypatcher now supports passed wrapped function as first argument, simplifies imports & calls w/in models.py
* | Merge from stableEli Collins2015-01-271-5/+10
|\ \ | |/
| * bugfix: passlib.ext.django: clarified & tweaked logic for when we passEli Collins2015-01-251-5/+10
| | | | | | | | | | | | | | | | | | | | | | make_password()'s salt parameter on to the hash (fixes issue 52). old behavior would incorrectly pass explicit salt provided for hash that didn't need one; a situation that only occurs in django 1.4.0-1.4.5's unittests, and was corrected in django 1.4.6's. new behavior separates out a couple of the cases we were trying to handle, handles them separately, has better comment explaining what's going on.
| * Fix Django 1.7 compatibilityMichael P. Jung2014-12-041-1/+3
| | | | | | | | (grafted from e9ab0efde79bf018ffabd85eb9afb517462a3cbf)
* | added the official OrderedDict backport, replaced existing refsEli Collins2015-01-101-3/+2
| |
* | stripped out compatibility shims for django 0.9 - 1.3;Eli Collins2015-01-102-104/+63
| | | | | | | | now requiring django >= 1.4
* | removed a LOT of compatibility shims -- dropped python 2.5, 3.0, and 3.1 ↵Eli Collins2015-01-102-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | support; as well as PyPy 1.x and Jython 2.5. shims removed ------------- * b() shim replaced with b'' (py25) * 'bytes' alias no longer needed (py25) * callable() shim no longer needed (py30,31) * PY_MIN_32 flag replaced with PY3 flag (py30,31) * removed 'abc' module stub used by passlib.ifc (py25) * removed chain_from_iterable() backport (py25) * tests: removed catch_warnings() backport, replaced refs with real warnings.catch_warnings() (py25) * tests: removed unittest2 backports (py25, py30, py31) -- now throw hard error if unittest2 not present under py26 (the only release remaining which lacks the unittest2 features) * removed SUPPORTS_DIR_METHOD conditional (py25, pypy 1.x) * some other minor workarounds other ----- * added check in passlib.compat which now throws error telling user version isn't supported (to prevent spurious errors later)
* | Fix Django 1.7 compatibilityMichael P. Jung2014-12-041-1/+3
|/
* style cleanups (transplant of rc94c6072a652 in default)Eli Collins2013-12-272-17/+17
|
* massive cleanup of documentation typos, thanks to Thomas Waldmann (issue 27, ↵Eli Collins2013-12-272-3/+3
| | | | comment 7) (transplant of r1f5b8860b743 from default branch)
* django compatibility part 2Eli Collins2013-12-221-14/+28
| | | | | | | | * added implementation of django 1.6's bcrypt_sha256 hasher, and UTs * added django16 premade context to passlib.apps, made it default django_context * test_ext_django now makes use of django16_context * passlib.ext.django.utils.get_preset_config() now uses django16_context * tox 'django' and 'django-py3' now test bcrypt integration
* django compatibility updates (should fix issue 50)Eli Collins2013-12-202-21/+80
| | | | | | | | | | | | | | | | | | | | | | | | | | | passlib.ext.django & it's tests have gotten out of sync with django, leading to a number of UT failures, as reported in issue 50. tests now pass on django 1.2 through 1.6 passlib.ext.django ------------------ mimic changes in django's hasher logic: * handle unsalted_sha1 hasher (django 1.4.6+) * check_password(): empty hashes return False, rather throw error (django 1.5+ * allow empty passwords (django 1.6+) * generate unusuable password suffixes (django 1.6+) passlib.hash ------------ * django_des_crypt: added "use_duplicate_salt" class attr, allowing tests to enable django 1.4+ style hashes which omit 1st salt. * django_disabled: added support for django 1.6+ random suffixes passlib.tests ------------- * test_ext_django: lots of changes to verify django 1.5/1.6 behavior * test_handlers_django: split django tests out of test_handlers to make it easiers to run django-related tests. * added workaround for encoding glitch in salted_md5 / salted_sha1 hashers (django 1.5+)
* misc fixesEli Collins2012-08-011-1/+1
| | | | | | * hash_needs_update() now issues deprecation warning. * deprecated_function decorator appends CR to docstring if needed. * rng genseed() fallback now gulps down a bunch more entropy
* large number of assorted documentation updatesEli Collins2012-08-012-6/+10
|
* project-wide whitespace & comment cleanup (it's been a couple of years)Eli Collins2012-08-012-28/+28
|
* excluded some branches from coverageEli Collins2012-04-301-2/+2
|
* added some missing tests; fixed a bunch of bugsEli Collins2012-04-282-8/+4
|
* near complete rewrite of django plugin, now making publicEli Collins2012-04-273-271/+708
| | | | | | | | | | | - monkeypatching now formalized w/ a patch manager, and should be *much* more resilient. - patch states reduced greatly, simplified code and tests - now handles django 1.4 correctly - patches hashers module as well (had to write some new wrappers) - added experimental methods GenericHandler.parsehash() to back our wrapper of Hasher.safe_summary() - XXX: doesn't currently import current HASHER state, - XXX: can't import hashers into passlib either -- though left initial notes on this
* CryptPolicy deprecated, part2 - updated rest of library to use CryptContext ↵Eli Collins2012-04-171-2/+2
| | | | directly
* ran full UTs, found and fixed a few bugs introduced in last few commits.Eli Collins2012-04-112-2/+2
|
* clarify behavior for secret=None and hash=NoneEli Collins2012-04-111-2/+2
| | | | | | | | | | | | | | | | | | | | | | | * passing a non-string secret or non-string hash to any CryptContext or handler method will now reliably result in a TypeError. previously, passing hash=None to many handler identify() and verify() methods would return False, while others would raise a TypeError. other handler methods would alternately throw ValueError or TypeError when passed a value that wasn't unicode or bytes. the various CryptContext methods also behaved inconsistently, depending on the behavior of the underlying handler. all of these behaviors are gone, they should all raise the same TypeError. * redid many of the from_string() methods to verify the hash type. * moved secret type & size validation to GenericHandler's encrypt/genhash/verify methods. this cheaply made the secret validation global to all hashes, and lets _calc_digest() implementations trust that the secret is valid. * updated the CryptContext and handler unittests to verify the above behavior is adhered to.
* updated passlib.ext.django; made some notes about django 1.4Eli Collins2012-03-123-15/+28
| | | | (may not support django 1.4 until passlib 1.7)
* split exceptions/warnings to separate module; added some additional warning ↵Eli Collins2012-01-181-3/+7
| | | | classes to make filtering easier
* import cleanupsEli Collins2012-01-182-4/+4
| | | | | | | | | | | | | | | * moved bytes compat functions from utils to utils.compat (bord, bjoin, bjoin_ints, bjoin_elems, ujoin) * renamed bord -> belem_ord for clarify * a bunch of to_native_str() always use ascii, and have fixed input types (always bytes or always unicode). these don't need overhead of to_native_str(), so replaced those calls with two new funcs: compat.bascii_to_str() / compat.uascii_to_str() * cleaned up a lot of imports from utils/utils.compat to pull from correct module * simplified the to_string() logic of a bunch of handlers to reduce unicode<->byte transitions
* added compat.unicode imports in a number of placesEli Collins2011-12-061-1/+2
| | | | | | | | this distinguishes the types, so that for isinstance() tests... * 'unicode' always means the unicode type * 'bytes' always means the bytes type * 'str' always means the native string type
* added get_method_function() to alias meth.im_func / meth.__func__Eli Collins2011-12-061-4/+1
|
* added django 0.9 support to passlib.ext.django & tests (such as may be found ↵Eli Collins2011-09-191-5/+17
| | | | on GAE)
* improvements to passlib.ext.djangoEli Collins2011-09-142-38/+104
| | | | | | | | | | | | | | | | | | | | | | | | | even though it hasn't been officially documented, some people are using it, so... major ----- * DEFAULT_CTX now uses SHA512-Crypt instead of PBKDF2-HMAC-SHA256, this should be natively supported on a larger number of platforms. * added full unittest suite for passlib.ext.django: - checks monkeypatch implementation - checks full plugin behavior - STOCK_CTX is compared against official Django behavior minor ----- * ``set_django_password_context()`` now patches ``django.contrib.auth.models.check_password()`` as well as User methods. * now exposes active context as ``User.password_context`` when patch is enabled. * replacement ``User.check_password`` now handles None and unusable passwords explicitly, even if context doesn't include support for django_disabled.
* added documentation for "passlib.ext.django" django app that upgrades Django ↵Eli Collins2011-07-103-85/+56
| | | | | | to support pbkdf2 * docs & module currently hidden since it hasn't had much testing yet (and may split out into separate package anyway)
* django workEli Collins2011-06-304-0/+261
* django hashes cleaned up, UTs added * added passlib.apps.django_context for reading existing django hashes * added experimental django plugin "passlib.ext.django" which monkeypatches django to use pbkdf2_sha256 (and many other features) * not listing in changelog or documenting just yet, needs more testing
View Lorry Controller Status