| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
| |
isn't available.
(needed for windows)
|
|
|
|
|
| |
it's not actually supported by using(), and isn't needed for users
(issue 121)
|
|
|
|
| |
removed "gae" from tox suite (no meaningful difference from posix tests)
|
|
|
|
|
|
| |
backends;
and some related helper methods.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
now return a single unified InternalBackendError() class,
instead of AssertionError.
This change has a couple of parts:
* assert statements replaced with permanent checks,
since crypt() is unpredictable enough that we need to have this always on,
even if production runs code in "-O2" mode.
* added debug_only_repr() helper which allows including sensitive stuff
like salts & hash digests within error tracebacks -- will only do so
when global flag is enabled; and that's currently only set by unittest suite.
* added new InternalBackendError() exception class (a RuntimeError subclass);
which is raised instead of an AssertionError.
|
|
|
|
|
| |
before boolean; bool(NotImplemented) is deprecated as of python 3.9
(fixes issue 125)
|
| |
|
|
|
|
|
|
|
|
| |
so instead of assuming safe_crypt() can only take UTF8 under py3,
and anything under py2; code is now tied to "crypt_accepts_bytes"
flag which does quick capability-detection when module loads.
this updates the changes from rev 67c619208229
|
|
|
|
|
|
|
|
|
| |
* tests now filter out some passlib deprecation warnings
* bugfix: @doesnt_require_backend() decorator (rev XXX) now silences
MissingBackendError exceptions thrown during HandlerCase.setUp()
* simplified some monkeypatching within test_registry
|
|
|
|
| |
des_crypt hashes, for case where OS doesn't have des_crypt support.
|
|
|
|
| |
also cleaned up comments
|
| |
|
|
|
|
|
| |
mainly a few minor test changes that were missed in prior commits
(rev 7273b2ca68f3, 2bf6312ecd77)
|
| |
|
| |
|
|
|
|
| |
to include platform information.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
issues
which were causing it to fail to generate a hash.
bcrypt
------
* _norm_digest(): fixed some PasslibValueError()s being thrown by os_crypt
backend during UT fuzz verifier. These were due to non-UTF8 input
being provided to crypt.crypt()... even though secret itself was UTF8 safe!
This was because secret was being truncated/repeated as part of
various backend bug workarounds; and the truncate/repeat operations
weren't being done in manner that respected UTF8 character boundaries.
This has now been fixed via _require_valid_utf8_bytes flag
(which has been set for os_crypt backend), that enables
utf8-safe mode of operation.
utils
-----
* added utf8_truncate() and utf8_repeat_string() helpers, for bcrypt fixes above.
* simplified repeat_string() internals
|
|
|
|
| |
since it's expected to be present (e.g. on OpenBSD) for backward compatibility.
|
|
|
|
|
|
| |
under py3,
since these can't be passed through crypt.crypt()
|
|
|
|
|
|
|
|
|
| |
when encoding issue is found, to separate this from an unexpected error
when calling crypt.crypt() (these will still raise MissingBackendError).
also tweaked internal safe_verify() helper to catch errors thrown by
os_crypt backend (MissingBackendError would previously slip through,
causing spurious UT failures)
|
|
|
|
|
|
|
|
|
|
| |
which makes os_crypt backend always fail, since crypt.crypt() can only be
made to handle UTF8 byte strings.
* replaced "\xA3" test vector with "\xD1\x91" (from same openwall source);
since the latter is valid UTF8.
* added new test vector to UT suite
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
due to a few interlocking issues.
passlib.utils: test_crypt() shouldn't accept hash=<bytes>,
because equality comparison with str will always fail under py3.
* test_crypt() now enforces hash=<unicode_or_str> as input.
it previously allowed hash=bytes, but equality comparison
with unicode (output by safe_crypt) would always return False
under python 3.
* bcrypt's TEST_HASH_2A constant was stored bytes, which was causing os_crypt
detection to fail due to test_crypt() bug above. changed to use native str.
sidewnote: this would have been caught by UTs, except for bug in
test_82_crypt_support() that was fixed in rev 43bae3f786b7.
|
|
|
|
|
|
|
|
|
| |
removed two config flags (alt_safe_crypt_handler, has_os_crypt_fallback)
in favor of making the exceptions just subclass & override the base methods.
did this for bcrypt (retaining old functionality),
and for bcrypt_sha256 (which fixes spurious errors when running tests
on systems w/ os_crypt support, like OpenBSD).
|
|
|
|
|
|
|
|
|
|
|
|
| |
being run on systems where "os_crypt" backend detected as missing.
This was because of conflict with create_backend_case(), which marks
ALL methods as skipped if backend isn't present. Reworked so certain methods
can be marked as "run anyways". In particular, we want platform_crypt_support
checks to always run, since they're there as sanity check that our "os_crypt"
detection routines are actually working in the first place :)
Also rewrote test_82_crypt_support() contents to add some code comments.
|
|
|
|
|
| |
set explicit required=False only for digests that go away due to FIPS
(followup to rev 6ac4d1b31761 on issue 116)
|
| |
|
| |
|
|
|
|
|
| |
added HashInfo().unknown helper attr to reduce spam in norm_hash_name(),
made some internal vars less ambiguous
|
|
|
|
| |
(which is also moving)
|
|
|
|
|
|
| |
* updated all relevant urls
* added announcement to changelog & index page
* added "thanks" section for Octobus, CleverCloud, and ReadTheDocs :)
|
|
|
|
| |
so stats can be gathered retreived even if hash isn't available (e.g. FIPS mode)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
on FIPS systems (issue 116).
* lookup_hash():
- moved all hash consturctor error checks / handling into HashInfo object,
which simplifies lookup_hash() internals
- [minor] added "required" kwd, inverse of the now-deprecated "return_unknown" kwd
- [minor] now caches unknown/unsupported HashInfo records.
* HashInfo:
- now catches ValueErrors thrown by hash constructor,
and special-cased detection of "disabled for fips" errors.
- stub instances now have constructor that throws UnknownHashError,
instead of being None. calling code should detect stub instances via
the new "not info.supported" instead of testing for "info.const is None".
* create_hex_digest() now defaults to creating handlers w/ mock hash func
when it's not present (e.g. due to FIPS). this should let them be imported;
and defer the errors until they're actually used.
* added _set_mock_fips_mode() and some helps to make lookup_hash()
fake a FIPS mode system (per traceback provided in issue comments).
used this to make some preliminary UTs for the digest & hasher changes above.
|
|
|
|
|
| |
removing some aliases that weren't needed anymore,
and adding some new ones.
|
| |
|
|
|
|
| |
(fixes issue 115)
|
|
|
|
| |
(fixes issue 114)
|
| |
|
|
|
|
| |
(fixes issue 113)
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
* fix some typos
* silence unrefrenced footnote warnings (expected, can fix later)
* add intersphinx config to link to py3 stdlib
|
|
|
|
|
|
|
|
|
|
| |
* test_ext_django: account for django 1.11 pbkdf2 defaults
* test_handlers_django: looks like django 2 and forward don't expect w
passwords-as-bytes at all, so test suites's "bytes -> str" special case
is now the default / only policy.
* test_handlers_django: django_bcrypt no longer enabled by default as of django 2.2
|
|
|
|
|
|
| |
py26/33/34
(dict comprehensions and b"" % format directives both cause issues)
|