summaryrefslogtreecommitdiff
path: root/passlib/utils/__init__.py
Commit message (Collapse)AuthorAgeFilesLines
* cleanup old python compat -- removed join_byte_elems() and ↵Eli Collins2020-10-061-4/+4
| | | | join_byte_values() wrappers
* cleanup old python compat -- removed byte_elem_value() wrapperEli Collins2020-10-061-2/+2
|
* cleanup old python compat -- replaced "unicode" alias in favor of "str"Eli Collins2020-10-061-20/+19
|
* cleanup old python compat -- unified "unicode_or_bytes" aliasesEli Collins2020-10-061-2/+2
|
* cleanup old python compat -- removed "unicode_or_str" and ↵Eli Collins2020-10-061-4/+4
| | | | "native_string_types" aliases
* cleanup old python compat -- removed suppress_cause() and error_from() wrappersEli Collins2020-10-061-1/+1
|
* cleanup old python compat -- removed izip() wrapperEli Collins2020-10-061-1/+0
|
* cleanup old python compat -- removed nextgetter() wrapperEli Collins2020-10-061-1/+1
|
* cleanup old python compat -- removed imap() / lmap() aliasesEli Collins2020-10-061-1/+1
|
* cleanup old python compat -- removed irange() aliasEli Collins2020-10-061-1/+1
|
* cleanup old python compat -- removed PY2 & PY3 conditionalsEli Collins2020-10-061-77/+35
|
* Merge from stableEli Collins2020-10-061-27/+189
|\
| * bugfix: passlib.utils: add stub safe_crypt() control flags when crypt() ↵Eli Collins2020-10-061-0/+3
| | | | | | | | | | | | isn't available. (needed for windows)
| * passlib.utils: add thread lock to fix some UT failures.Eli Collins2020-10-051-3/+24
| |
| * passlib.handlers.bcrypt: safe_verify() calls should test for NotImplementedEli Collins2020-10-051-1/+1
| | | | | | | | | | before boolean; bool(NotImplemented) is deprecated as of python 3.9 (fixes issue 125)
| * utils.safe_crypt(): turns out pypy3's crypt() *does* support raw bytes.Eli Collins2020-10-031-17/+48
| | | | | | | | | | | | | | | | so instead of assuming safe_crypt() can only take UTF8 under py3, and anything under py2; code is now tied to "crypt_accepts_bytes" flag which does quick capability-detection when module loads. this updates the changes from rev 67c619208229
| * bugfix: bcrypt os_crypt backend: fix some more crypt.crypt() utf8 encoding ↵Eli Collins2020-05-121-8/+83
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | issues which were causing it to fail to generate a hash. bcrypt ------ * _norm_digest(): fixed some PasslibValueError()s being thrown by os_crypt backend during UT fuzz verifier. These were due to non-UTF8 input being provided to crypt.crypt()... even though secret itself was UTF8 safe! This was because secret was being truncated/repeated as part of various backend bug workarounds; and the truncate/repeat operations weren't being done in manner that respected UTF8 character boundaries. This has now been fixed via _require_valid_utf8_bytes flag (which has been set for os_crypt backend), that enables utf8-safe mode of operation. utils ----- * added utf8_truncate() and utf8_repeat_string() helpers, for bcrypt fixes above. * simplified repeat_string() internals
| * tests / bcrypt: bcrypt_os_crypt_test now strips out non-UTF8 test vectors ↵Eli Collins2020-05-121-0/+13
| | | | | | | | | | | | under py3, since these can't be passed through crypt.crypt()
| * bugfix: bcrypt os_crypt backend wasn't being detected properly under py3;Eli Collins2020-05-121-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | due to a few interlocking issues. passlib.utils: test_crypt() shouldn't accept hash=<bytes>, because equality comparison with str will always fail under py3. * test_crypt() now enforces hash=<unicode_or_str> as input. it previously allowed hash=bytes, but equality comparison with unicode (output by safe_crypt) would always return False under python 3. * bcrypt's TEST_HASH_2A constant was stored bytes, which was causing os_crypt detection to fail due to test_crypt() bug above. changed to use native str. sidewnote: this would have been caught by UTs, except for bug in test_82_crypt_support() that was fixed in rev 43bae3f786b7.
| * passlib.utils: have safe_crypt() catch OSError thrown by crypt() -- py39 compatEli Collins2020-03-281-1/+9
| | | | | | | | (fixes issue 115)
| * passlib.utils: have safe_crypt() check if crypt() is returning bytesEli Collins2020-02-171-0/+5
| | | | | | | | (fixes issue 113)
* | Merge from stableEli Collins2019-11-221-0/+4
|\ \ | |/
| * bugfix: argon2: replace directive with equivalent that will work under ↵Eli Collins2019-11-191-0/+4
| | | | | | | | | | | | py26/33/34 (dict comprehensions and b"" % format directives both cause issues)
* | Merge from stableEli Collins2019-11-101-12/+12
|\ \ | |/
| * additional py38 compat fixesEli Collins2019-11-091-0/+1
| |
| * Fix for Python 3.8Alan Pevec2019-07-121-3/+8
| | | | | | | | | | | | | | This was a deprecation when running in Python 3.7: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it will stop working if isinstance(source, collections.Sequence):
| * Remove time.clock(), deprecated in 3.8Alan Pevec2019-07-111-9/+3
| | | | | | | | | | | | | | | | | | The function time.clock(), used in passlib/utils/__init__.py has been removed. It was deprecated since Python 3.3. More info: https://docs.python.org/3.8/whatsnew/3.8.html#api-and-feature-removals To make the code both Python 2 and 3 compatible, use timeit.default_timer
* | compat cleanup: replaced all u("") instances with u""Eli Collins2017-02-171-7/+7
| | | | | | | | | | | | | | realized can do this now that we're requiring python3 >= 3.3. had to keep u() helper around for u(r"") instances, since py3 doesn't have ur"". but switched it to use ascii decoding for py2, to make sure things are clean.
* | general: went ahead and removed a bunch of deprecated features that were ↵Eli Collins2016-11-281-3/+0
|/ | | | | | | | | scheduled for removal in v1.8. this removes CryptPolicy, unix_fallback, some old HtpasswdFile methods, and more. tests were updated as well. see history/1.8 for a complete list.
* docs: fixed docstring for utils.saslprep()Eli Collins2016-11-271-2/+5
|
* docs: wording tweaks, emphasized 1.7 changes in hash tutorial, added note ↵Eli Collins2016-11-271-0/+2
| | | | about saslprep()
* passlib.utils: add py3 version of accepts_keyword()Eli Collins2016-11-221-4/+24
| | | | which doesn't use deprecated inspect.getargspec()
* passlib.utils: relocated a bunch of binary encoding helpers to .utils.binary ↵Eli Collins2016-11-221-707/+6
| | | | submodule
* passlib.utils: relocated a bunch of properties & decorators to .utils.decorEli Collins2016-11-221-173/+9
|
* passlib.registry: consolidated some internal helpers from various placesEli Collins2016-11-191-0/+1
| | | | | * moved has_active_backend() from UTs to .registry * moved os_crypt backend support helper from .hosts to .registry
* totp: TOTP.normalize_token() turned into hybrid method, made public;Eli Collins2016-11-101-0/+19
| | | | TOTP.normalize_time() turned into class method, made public.
* utils.handlers: factored out mixin monkeypatching code from BackendMixin,Eli Collins2016-11-101-0/+84
| | | | fleshed out some edge cases in new update_mixin_classes() helper.
* bugfix: utils.memoized_property(): preserve function's docstringEli Collins2016-10-031-0/+1
|
* argon2, bcrypt: reworked how backends are managed.Eli Collins2016-06-301-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These two classes have very complex backends, with lots of tests, and backends that override multiple methods. Instead of awkwardly patching a bunch of things on the class when backend is loaded, redid these to use new strategy: A base class (e.g. _BCryptCommon) is defined with all the common code, and subclasses are defined for each backend (e.g. _PyBCryptBackend). .set_backend() now dynamically modifies the bases of the hash class to include the appropriate backend-specific subclass; allowing each backend to easily override any methods it needs to. Changes: * Abstracted out the cls.__bases__ modifying code into SubclassBackendMixin * Argon2 class split into multiple backend classes; removes need for monkeypatching & redecorate_method() hack * Bcrypt class split into multiple backend classes. * Refactored bcrypt backend compatibility workaround tests: - now initialized once for each backend, results stored in mixin class. should make UTs switch backends MUCH faster - tests for known bugs against all ident variants, in case behaior is different between them. - bug checks test for incorrect AND correct hashes, to detect unexpected behaviors - wraparound bug still handled for 2a, but now fatal for 2y/2by - 2b ident now preferred as fallback if supported
* bugfix: accidentally committed some unwanted bits in rev 9e6da28bc687Eli Collins2016-06-291-16/+1
| | | | | | | * that commit made some small changes to utils.genseed() to improve extraction of state from RNG. keeping that, but fixing typo in template. * reverting some commented out notes that also got committed
* docs: added warnings about future plans, merged 1.6.6 changelog into 1.7Eli Collins2016-06-291-3/+24
| | | | (there will never be a 1.6.6)
* CryptContext: added "harden_verify" supportEli Collins2016-06-291-10/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | v1.6 deprecated the "min_verify_time" feature, since it required admins to awkwardly hard-code the amount of time they wanted .verify() to take. This was a useful feature, though, since it provided the ability for contexts to mask which accounts had older, weaker, hashes. This commit adds in a replacement feature: CryptContext now supports a "harden_verify" flag, which causes it to autocalculate how long the default hash should take, and make sure to spend at least that much time. Another improvement is that this autocalc is performed at the context level, not per hash like min_verify_time was, making it overall more reliable. It also offers a new "context.dummy_verify()" call for faking the delay for missing accounts. Changes: * Added "harden_verify" option to CryptContext, along with code to autocalculate min_verify_time delay via timing when context is first accessed. XXX: this timing code needs some battle-testing, and may be adjusted later. * Added .dummy_verify() method, integrated it into .verify() and .verify_and_update(). * updated warnings & docs to report harden_verify as replacement for "min_verify_time" option. * to help workflow for adding delay on missing accounts, .verify() and .verify_and_update() now support passing in hash=None, and treat it as "never verifying"
* passlib.hash: Improved handling of hashes which truncate passwordsEli Collins2016-06-291-0/+27
| | | | | | | | | | | | | | * Added PasswordHash.truncate_size info attribute, to detect hashes which truncate the password. * All such hashes (bcrypt, des_crypt, some others) now accept a "truncate_error" option, allowing them to be switched from silent truncation to throwing an error instead. This option is also supported by CryptContext. * tests/HandlerCase: - removed .secret_size config flag, can now just read handler.truncate_size instead. - reworked truncation tests to use new API, and test 'truncate_error' policy support.
* bugfix: py27 xrange() doesn't handle things greater than C long;Eli Collins2016-06-261-0/+30
| | | | fixed some places where > 32 bit values caused error under py27/win32.
* utils: pinned down unicode/bytes handling for ab64/b64s helpersEli Collins2016-06-221-8/+23
|
* utils: b64s & ab64 helper methods replaced with faster versionsEli Collins2016-06-201-29/+20
| | | | | avoiding base64.b64_decode()'s really slow altchars implementation, and eliminating extra wrapper layer, by calling binascii.b2a_base64() directly.
* docs: misc cleanups & todosEli Collins2016-06-201-0/+5
|
* scrypt: hash format changedEli Collins2016-06-201-0/+10
| | | | | | | * tweaked passlib's format to follow argon2 and use explicit param names + normal base64 encoding * added support for openwall's $7$ format * moved hash tests to separate file
* passlib.hash.argon2: support for Argon2 hash formatEli Collins2016-06-171-3/+27
| | | | | | | | | | * passlib.handlers.argon2 module contains 'argon2' hasher class, for both argon2_cffi & argon2pure packages as backends. * added UTs from argon2 clib source, as well as some from argon2_cffi, and some more custom hashes. * UT harness: added limit so salt range test doesn't eat up all the memory under argon2.
* utils.handlers: split out most of HasManyBackends into separate BackendMixin,Eli Collins2016-06-171-0/+6
| | | | | | | | | | which provides a more generic & flexible framework than HasManyBackends. * has_backend() now a wrapper for set_backend(), which now accepts a dryrun flag. * loaders can now return arbitrary objects, classes can control how they operate. * loaders can now be dryrun aware. * bcrypt hasher, scrypt hasher, and scrypt module updated to use new api * fuzz tester now correctly restored backend after use
View Lorry Controller Status