diff options
-rw-r--r-- | admin/benchmarks.py | 14 | ||||
-rw-r--r-- | docs/lib/passlib.context-options.rst | 8 | ||||
-rw-r--r-- | passlib/apps.py | 9 | ||||
-rw-r--r-- | passlib/context.py | 51 | ||||
-rw-r--r-- | passlib/default.cfg | 27 | ||||
-rw-r--r-- | setup.py | 2 |
6 files changed, 19 insertions, 92 deletions
diff --git a/admin/benchmarks.py b/admin/benchmarks.py index f2f89e2..45756d5 100644 --- a/admin/benchmarks.py +++ b/admin/benchmarks.py @@ -4,10 +4,11 @@ this is a *very* rough benchmark script hacked together when the context parsing was being sped up. it could definitely be improved. """ #============================================================================= -# init app env +# init script env #============================================================================= import os, sys -sys.path.insert(0, os.path.join(os.path.dirname(__file__), os.path.pardir)) +root_dir = os.path.join(os.path.dirname(__file__), os.path.pardir) +sys.path.insert(0, root_dir) #============================================================================= # imports @@ -66,16 +67,15 @@ class AnotherHandler(BlankHandler): #============================================================================= def setup_policy(): import os - from passlib.context import _load_default_policy, CryptPolicy, \ - __file__ as mpath - cpath = os.path.abspath(os.path.join(os.path.dirname(mpath), "default.cfg")) + from passlib.context import CryptPolicy + test_path = os.path.join(root_dir, "passlib", "tests", "sample_config_1s.cfg") def test_policy_creation(): - with open(cpath, "rb") as fh: + with open(test_path, "rb") as fh: policy1 = CryptPolicy.from_string(fh.read()) yield test_policy_creation - default = _load_default_policy() + default = CryptPolicy.from_path(test_path) def test_policy_composition(): policy2 = default.replace( schemes = [ "sha512_crypt", "sha256_crypt", "md5_crypt", diff --git a/docs/lib/passlib.context-options.rst b/docs/lib/passlib.context-options.rst index 042b64a..4f0bcbe 100644 --- a/docs/lib/passlib.context-options.rst +++ b/docs/lib/passlib.context-options.rst @@ -217,14 +217,6 @@ of the category string it wants to use, and add an additional separator to the k the need to use a different hash for a particular category can instead be acheived by overridden the ``default`` context option. -Default Policy -============== -PassLib defines a library-default policy, providing (hopefully) sensible defaults for new contexts. -When a new CryptContext is created, a policy is generated from it's constructor arguments, which is then composited -over the library-default policy. You may optionally override the default policy used by overriding the ``policy`` keyword -of CryptContext. This default policy object may be imported as :data:`passlib.context.default_policy`, -or viewed in the source code under ``$SOURCE/passlib/default.cfg``. - Sample Policy File ================== A sample policy file: diff --git a/passlib/apps.py b/passlib/apps.py index 8040b46..55dbea5 100644 --- a/passlib/apps.py +++ b/passlib/apps.py @@ -106,15 +106,12 @@ postgres_context = LazyCryptContext(["postgres_md5"]) #phpass & variants #========================================================= def _create_phpass_policy(**kwds): - "helper to make bcrypt default ONLY if it's available" - from passlib.context import default_policy - if hash.bcrypt.has_backend(): - kwds['default'] = 'bcrypt' - return default_policy.replace(**kwds) + "helper to choose default alg based on bcrypt availability" + kwds['default'] = 'bcrypt' if hash.bcrypt.has_backend() else 'phpass' + return kwds phpass_context = LazyCryptContext( schemes=["bcrypt", "phpass", "bsdi_crypt"], - default="phpass", #NOTE: <-- overridden by create_policy create_policy=_create_phpass_policy, ) diff --git a/passlib/context.py b/passlib/context.py index 8522a69..e5667c1 100644 --- a/passlib/context.py +++ b/passlib/context.py @@ -15,11 +15,6 @@ import re from time import sleep from warnings import warn #site -try: - from pkg_resources import resource_string -except ImportError: - #not available eg: under GAE - resource_string = None #libs from passlib.exc import PasslibConfigWarning from passlib.registry import get_crypt_handler, _validate_handler_name @@ -737,31 +732,6 @@ class _UncompiledCryptPolicy(CryptPolicy): self.__class__ = CryptPolicy self._compile() -#--------------------------------------------------------- -#load default policy from default.cfg -#--------------------------------------------------------- -def _load_default_policy(): - "helper to try to load default policy from file" - #if pkg_resources available, try to read out of egg (common case) - if resource_string: - try: - return CryptPolicy.from_string(resource_string("passlib", "default.cfg")) - except IOError: - log.warn("error reading passlib/default.cfg, is passlib installed correctly?") - pass - - #failing that, see if we can read it from package dir - path = os.path.abspath(os.path.join(os.path.dirname(__file__), "default.cfg")) - if os.path.exists(path): - with open(path, "rb") as fh: - return CryptPolicy.from_string(fh.read()) - - #give up - this is not desirable at all, could use another fallback. - log.error("can't find passlib/default.cfg, is passlib installed correctly?") - return CryptPolicy() - -default_policy = _load_default_policy() - #========================================================= # helpers for CryptContext #========================================================= @@ -1169,23 +1139,18 @@ class _CryptRecord(object): class CryptContext(object): """Helper for encrypting passwords using different algorithms. - :param policy: - optionally override the default policy CryptContext starts with before options are added. - - If not specified, the new instance will inherit a set of default options (such as rounds, etc) - from the passlib default policy (importable as :data:`passlib.context.default_policy`). + :param \*\*kwds: - If explicitly set to ``None``, the new instance will not inherit from the default policy, - and will contain only the configuration specified by any additional keywords. + ``schemes`` and all other keywords are passed to the CryptPolicy constructor, + or to :meth:`CryptPolicy.replace`, if a policy has also been specified. - Alternately, a custom CryptPolicy instance can be passed in, + :param policy: + Optionally you can pass in an existing CryptPolicy instance, which allows loading the policy from a configuration file, combining multiple policies together, and other features. - :param kwds: - - ``schemes`` and all other keywords are passed to the CryptPolicy constructor, - or to :meth:`CryptPolicy.replace`, if a policy has also been specified. + The options from this policy will be used as defaults, + which will be overridden by any keywords passed in explicitly. .. automethod:: replace @@ -1222,7 +1187,7 @@ class CryptContext(object): #=================================================================== #init #=================================================================== - def __init__(self, schemes=None, policy=default_policy, **kwds): + def __init__(self, schemes=None, policy=None, **kwds): # XXX: add a name for the contexts, to help out repr? # XXX: add ability to make policy readonly for certain instances, # eg the builtin passlib ones? diff --git a/passlib/default.cfg b/passlib/default.cfg deleted file mode 100644 index 0fa4836..0000000 --- a/passlib/default.cfg +++ /dev/null @@ -1,27 +0,0 @@ -[passlib] -# -# this is the PassLib default policy configuration, used by CryptContext -# objects which don't have an explicit base policy specified. -# the goal of this default configuration is not to set any preferred schemes, -# but provide sane defaults (eg rounds) for all the supported algorithms. -# - -#TODO: need to generate min rounds for specific cpu speed & verify time limitations - -all.vary_rounds = 10%% - -bsdi_crypt.default_rounds = 30000 -bcrypt.default_rounds = 10 -sha1_crypt.default_rounds = 30000 -sun_md5_crypt.default_rounds = 30000 -sha256_crypt.default_rounds = 30000 -sha512_crypt.default_rounds = 30000 - -ldap_bsdi_crypt.default_rounds = 30000 -ldap_bcrypt.default_rounds = 10 -ldap_sha1_crypt.default_rounds = 30000 -ldap_sun_md5_crypt.default_rounds = 30000 -ldap_sha256_crypt.default_rounds = 30000 -ldap_sha512_crypt.default_rounds = 30000 - -phpass.default_rounds = 10 @@ -146,7 +146,7 @@ setup( "passlib.utils", "passlib._setup", ], - package_data = { "passlib": ["*.cfg" ], "passlib.tests": ["*.cfg"] }, + package_data = { "passlib.tests": ["*.cfg"] }, zip_safe=True, #metadata |