diff options
author | Eli Collins <elic@assurancetechnologies.com> | 2016-06-29 11:43:07 -0400 |
---|---|---|
committer | Eli Collins <elic@assurancetechnologies.com> | 2016-06-29 11:43:07 -0400 |
commit | 501ee83d2602e497e704760c97b6916ef2633888 (patch) | |
tree | cee41f6def33ce513c8bb40fea86dd3d6cf329b3 /passlib/exc.py | |
parent | 165283cc679059ed16dbf38897bbe07f7ed163c3 (diff) | |
download | passlib-501ee83d2602e497e704760c97b6916ef2633888.tar.gz |
passlib.hash: Improved handling of hashes which truncate passwords
* Added PasswordHash.truncate_size info attribute, to detect hashes
which truncate the password.
* All such hashes (bcrypt, des_crypt, some others) now accept a "truncate_error"
option, allowing them to be switched from silent truncation to throwing
an error instead. This option is also supported by CryptContext.
* tests/HandlerCase:
- removed .secret_size config flag, can now just read handler.truncate_size instead.
- reworked truncation tests to use new API, and test 'truncate_error' policy support.
Diffstat (limited to 'passlib/exc.py')
-rw-r--r-- | passlib/exc.py | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/passlib/exc.py b/passlib/exc.py index 35ca816..1cdb860 100644 --- a/passlib/exc.py +++ b/passlib/exc.py @@ -39,6 +39,20 @@ class PasswordSizeError(ValueError): # this also prevents a glibc crypt segfault issue, detailed here ... # http://www.openwall.com/lists/oss-security/2011/11/15/1 +class PasswordTruncateError(PasswordSizeError): + """ + Error raised if password would be truncated by hash. + This derives from :exc:`PasswordSizeError` and :exc:`ValueError`. + + Hashers such as :class:`~passlib.hash.bcrypt` can be configured to raises + this error by setting ``truncate_error=True``. + + .. versionadded:: 1.7 + """ + def __init__(self, cls): + msg = ("Password too long (%s truncates to %d characters)" % + (cls.name, cls.truncate_size)) + ValueError.__init__(self, msg) class PasslibSecurityError(RuntimeError): """ |