summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* bumped to 1.7.3; updated docs for release1.7.3Eli Collins2020-10-065-7/+7
|
* bugfix: passlib.utils: add stub safe_crypt() control flags when crypt() ↵Eli Collins2020-10-061-0/+3
| | | | | | isn't available. (needed for windows)
* docs / sha crypt: commented out the "implicit_rounds" param in docs,Eli Collins2020-10-062-19/+33
| | | | | it's not actually supported by using(), and isn't needed for users (issue 121)
* passlib.tests: silenced some internal warnings; fixed edge case in scrypt test;Eli Collins2020-10-063-25/+4
| | | | removed "gae" from tox suite (no meaningful difference from posix tests)
* passlib.tests.test_ext_django: cleaned up detection of missing django hasher ↵Eli Collins2020-10-064-12/+92
| | | | | | backends; and some related helper methods.
* passlib.utils: add thread lock to fix some UT failures.Eli Collins2020-10-053-6/+58
|
* passlib.hash: added ldap_salted_sha256 & ldap_salted_512 (issue 124)Eli Collins2020-10-059-8/+178
|
* passlib.handlers: cases where crypt() returns malformed hashEli Collins2020-10-0510-43/+105
| | | | | | | | | | | | | | | | | | now return a single unified InternalBackendError() class, instead of AssertionError. This change has a couple of parts: * assert statements replaced with permanent checks, since crypt() is unpredictable enough that we need to have this always on, even if production runs code in "-O2" mode. * added debug_only_repr() helper which allows including sensitive stuff like salts & hash digests within error tracebacks -- will only do so when global flag is enabled; and that's currently only set by unittest suite. * added new InternalBackendError() exception class (a RuntimeError subclass); which is raised instead of an AssertionError.
* passlib.handlers.bcrypt: safe_verify() calls should test for NotImplementedEli Collins2020-10-053-13/+16
| | | | | before boolean; bool(NotImplemented) is deprecated as of python 3.9 (fixes issue 125)
* tox.ini: disable 'rednose' for py34, no longer supportedEli Collins2020-10-031-3/+6
|
* utils.safe_crypt(): turns out pypy3's crypt() *does* support raw bytes.Eli Collins2020-10-032-19/+50
| | | | | | | | so instead of assuming safe_crypt() can only take UTF8 under py3, and anything under py2; code is now tied to "crypt_accepts_bytes" flag which does quick capability-detection when module loads. this updates the changes from rev 67c619208229
* passlib.tests: silence some warnings, fix some MissingBackendError messagesEli Collins2020-10-034-11/+22
| | | | | | | | | * tests now filter out some passlib deprecation warnings * bugfix: @doesnt_require_backend() decorator (rev XXX) now silences MissingBackendError exceptions thrown during HandlerCase.setUp() * simplified some monkeypatching within test_registry
* passlib.tests.test_utils: reworked safe_crypt() test to not have hardcodedEli Collins2020-10-031-30/+59
| | | | des_crypt hashes, for case where OS doesn't have des_crypt support.
* passlib.tests: updated platform_crypt_support to reflect openbsd changes;Eli Collins2020-10-033-8/+25
| | | | also cleaned up comments
* py39 compat - fixed some uneeded escape sequencesEli Collins2020-10-036-12/+12
|
* tests: fixed some minor UT errorsEli Collins2020-10-032-5/+6
| | | | | mainly a few minor test changes that were missed in prior commits (rev 7273b2ca68f3, 2bf6312ecd77)
* docs: added notices that python 2 support will be dropped in 1.8 (issue 119)Eli Collins2020-10-033-7/+24
|
* docs: minor adjusted to doc languageEli Collins2020-05-122-15/+19
|
* registry: tweak get_supported_os_crypt_schemes() warning messageEli Collins2020-05-121-1/+4
| | | | to include platform information.
* bugfix: bcrypt os_crypt backend: fix some more crypt.crypt() utf8 encoding ↵Eli Collins2020-05-124-11/+237
| | | | | | | | | | | | | | | | | | | | | | | | | issues which were causing it to fail to generate a hash. bcrypt ------ * _norm_digest(): fixed some PasslibValueError()s being thrown by os_crypt backend during UT fuzz verifier. These were due to non-UTF8 input being provided to crypt.crypt()... even though secret itself was UTF8 safe! This was because secret was being truncated/repeated as part of various backend bug workarounds; and the truncate/repeat operations weren't being done in manner that respected UTF8 character boundaries. This has now been fixed via _require_valid_utf8_bytes flag (which has been set for os_crypt backend), that enables utf8-safe mode of operation. utils ----- * added utf8_truncate() and utf8_repeat_string() helpers, for bcrypt fixes above. * simplified repeat_string() internals
* bcrypt: silenced "2a wraparound bug" detection warning for os_crypt backend;Eli Collins2020-05-121-5/+13
| | | | since it's expected to be present (e.g. on OpenBSD) for backward compatibility.
* tests / bcrypt: bcrypt_os_crypt_test now strips out non-UTF8 test vectors ↵Eli Collins2020-05-122-2/+20
| | | | | | under py3, since these can't be passed through crypt.crypt()
* bcrypt / os_crypt backend: now throws new PasswordValueError()Eli Collins2020-05-124-18/+78
| | | | | | | | | when encoding issue is found, to separate this from an unexpected error when calling crypt.crypt() (these will still raise MissingBackendError). also tweaked internal safe_verify() helper to catch errors thrown by os_crypt backend (MissingBackendError would previously slip through, causing spurious UT failures)
* bugfix: bcrypt: test vector for "8bit bug" wasn't UTF8 safe,Eli Collins2020-05-123-10/+32
| | | | | | | | | | which makes os_crypt backend always fail, since crypt.crypt() can only be made to handle UTF8 byte strings. * replaced "\xA3" test vector with "\xD1\x91" (from same openwall source); since the latter is valid UTF8. * added new test vector to UT suite
* bugfix: bcrypt os_crypt backend wasn't being detected properly under py3;Eli Collins2020-05-123-5/+16
| | | | | | | | | | | | | | | | | | due to a few interlocking issues. passlib.utils: test_crypt() shouldn't accept hash=<bytes>, because equality comparison with str will always fail under py3. * test_crypt() now enforces hash=<unicode_or_str> as input. it previously allowed hash=bytes, but equality comparison with unicode (output by safe_crypt) would always return False under python 3. * bcrypt's TEST_HASH_2A constant was stored bytes, which was causing os_crypt detection to fail due to test_crypt() bug above. changed to use native str. sidewnote: this would have been caught by UTs, except for bug in test_82_crypt_support() that was fixed in rev 43bae3f786b7.
* passlib.tests.utils: simplified OsCryptMixin's "alt hasher" test harness code.Eli Collins2020-05-122-15/+27
| | | | | | | | | removed two config flags (alt_safe_crypt_handler, has_os_crypt_fallback) in favor of making the exceptions just subclass & override the base methods. did this for bcrypt (retaining old functionality), and for bcrypt_sha256 (which fixes spurious errors when running tests on systems w/ os_crypt support, like OpenBSD).
* passlib.tests: fixed bug where HandlerCase.test_82_crypt_support() wasn'tEli Collins2020-05-113-23/+72
| | | | | | | | | | | | being run on systems where "os_crypt" backend detected as missing. This was because of conflict with create_backend_case(), which marks ALL methods as skipped if backend isn't present. Reworked so certain methods can be marked as "run anyways". In particular, we want platform_crypt_support checks to always run, since they're there as sanity check that our "os_crypt" detection routines are actually working in the first place :) Also rewrote test_82_crypt_support() contents to add some code comments.
* passlib.handlers.digests: make create_hex_digest() required=True by default;Eli Collins2020-05-111-4/+8
| | | | | set explicit required=False only for digests that go away due to FIPS (followup to rev 6ac4d1b31761 on issue 116)
* docs: updated some urls, styling tweaks, bumped copyright yearEli Collins2020-05-116-10/+26
|
* docs: require latest CSP theme versionEli Collins2020-05-043-3/+3
|
* passlib.crypto.digest: followup to rev db4beabafe1b --Eli Collins2020-05-041-6/+16
| | | | | added HashInfo().unknown helper attr to reduce spam in norm_hash_name(), made some internal vars less ambiguous
* admin: updated more repository links; as well as links to cloud_spthemeEli Collins2020-05-046-9/+9
| | | | (which is also moving)
* admin: relocating repository & issue tracker from bitbucket to heptapodEli Collins2020-05-025-4/+45
| | | | | | * updated all relevant urls * added announcement to changelog & index page * added "thanks" section for Octobus, CleverCloud, and ReadTheDocs :)
* passlib.crypto.digests: added hardcoded fallback info for common hashes;Eli Collins2020-05-022-0/+40
| | | | so stats can be gathered retreived even if hash isn't available (e.g. FIPS mode)
* reworked lookup_hash() and create_hex_digest() internals to work betterEli Collins2020-05-027-40/+276
| | | | | | | | | | | | | | | | | | | | | | | | | on FIPS systems (issue 116). * lookup_hash(): - moved all hash consturctor error checks / handling into HashInfo object, which simplifies lookup_hash() internals - [minor] added "required" kwd, inverse of the now-deprecated "return_unknown" kwd - [minor] now caches unknown/unsupported HashInfo records. * HashInfo: - now catches ValueErrors thrown by hash constructor, and special-cased detection of "disabled for fips" errors. - stub instances now have constructor that throws UnknownHashError, instead of being None. calling code should detect stub instances via the new "not info.supported" instead of testing for "info.const is None". * create_hex_digest() now defaults to creating handlers w/ mock hash func when it's not present (e.g. due to FIPS). this should let them be imported; and defer the errors until they're actually used. * added _set_mock_fips_mode() and some helps to make lookup_hash() fake a FIPS mode system (per traceback provided in issue comments). used this to make some preliminary UTs for the digest & hasher changes above.
* passlib.crypto.digests: cleaned up internal digests table;Eli Collins2020-05-022-6/+16
| | | | | removing some aliases that weren't needed anymore, and adding some new ones.
* passlib.ext.django: fix import that was removed in django 3Eli Collins2020-03-282-1/+6
|
* passlib.utils: have safe_crypt() catch OSError thrown by crypt() -- py39 compatEli Collins2020-03-284-2/+15
| | | | (fixes issue 115)
* passlib.hash.bcrypt_sha256: now uses hmac-sha256 instead of plain sha256Eli Collins2020-02-165-45/+300
| | | | (fixes issue 114)
* passlib.hash.bcrypt: added notes re: final salt characterEli Collins2020-02-173-3/+11
|
* passlib.utils: have safe_crypt() check if crypt() is returning bytesEli Collins2020-02-172-0/+8
| | | | (fixes issue 113)
* docs: various minor updatesEli Collins2020-02-163-11/+12
|
* mark release 1.7.21.7.2Eli Collins2019-11-221-1/+1
|
* setup: updated classifiersEli Collins2019-11-221-0/+2
|
* docs: update for releaseEli Collins2019-11-223-4/+4
|
* bcrypt: deprecated support for "py-bcrypt" and "bcryptor" backendsEli Collins2019-11-224-2/+35
|
* general: Python 2.6 & 3.3 support deprecated -- added notes in docsEli Collins2019-11-224-2/+23
|
* docs: minor text & build issuesEli Collins2019-11-193-4/+12
| | | | | | * fix some typos * silence unrefrenced footnote warnings (expected, can fix later) * add intersphinx config to link to py3 stdlib
* tests: django compat fixesEli Collins2019-11-192-14/+12
| | | | | | | | | | * test_ext_django: account for django 1.11 pbkdf2 defaults * test_handlers_django: looks like django 2 and forward don't expect w passwords-as-bytes at all, so test suites's "bytes -> str" special case is now the default / only policy. * test_handlers_django: django_bcrypt no longer enabled by default as of django 2.2
* bugfix: argon2: replace directive with equivalent that will work under ↵Eli Collins2019-11-192-2/+7
| | | | | | py26/33/34 (dict comprehensions and b"" % format directives both cause issues)
View Lorry Controller Status