summaryrefslogtreecommitdiff
path: root/docs/history
Commit message (Collapse)AuthorAgeFilesLines
* Merge from stableHEADmasterEli Collins2020-10-081-2/+4
|\
| * bumped to 1.7.4, marking for release1.7.4Eli Collins2020-10-081-2/+4
| |
* | Merge from stableEli Collins2020-10-081-0/+27
|\ \ | |/ | | | | | | | | | | As part of merge: * various: reverted the py26 compat fixes from rev 5e2f92012412 * test utils: stripped out "has_real_subtest" compat from rev c732a9e2a582, since now on py35+, which always has .subTest() method
| * passlib.ext.django: Updated UTs to work with latest django releaseEli Collins2020-10-071-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (should fix long-standing issue 98) * test_ext_django: - Simplified "stock config" setup code. It now gets it's "sha_rounds" value from the django source, so we don't have to manually update it every time django changes their default. This should require less maintenance across minor django releases. (Should fix issue 98, and prevent recurrence) - Updated tests to account for quirks in how encoded hashes are handled. Specifically: None, "", and invalid hashes all cause subtly different behaviors across django versions. tests pass against django 1.8 - 3.1. - split "empty hash" test out from the loop it shared with "null hash" test, since the two behave differently. * tox: expanded envlist to explicitly test a bunch more django versions (1.8 - 3.1); and remove some needless "django 2.x + py2" tests * passlib.apps: reformatted django CryptContext declarations; added one for django 2.1 (which dropped "django_bcrypt" it's default list) * passlib.ext.django: - added internal "quirks" helper as central place to track minor edge-case changes between django versions. - passlib_to_django() helper now falls back to searching hasher classes directly, even if patch isn't installed. this allows it to work for django hashers that have been removed from django's default list.
| * bugfix: python2.6 compat fixes -- a few "{}" set constructors slipped in.Eli Collins2020-10-071-0/+5
| |
| * passlib.context: now raises UnknownHashError() if hash can't be identified.Eli Collins2020-10-071-0/+12
| | | | | | | | this inherits from ValueError, and has same text, so backwards compatible.
* | cleanup old python compat - assorted minor cleanups & fixes from conversionEli Collins2020-10-061-0/+4
| |
* | docs & setup: updates text & setup requirements to indicate we need minimumEli Collins2020-10-062-8/+11
| | | | | | | | of Python 3.5.
* | Merge from stableEli Collins2020-10-062-5/+118
|\ \ | |/
| * bumped to 1.7.3; updated docs for release1.7.3Eli Collins2020-10-062-4/+4
| |
| * passlib.hash: added ldap_salted_sha256 & ldap_salted_512 (issue 124)Eli Collins2020-10-051-0/+7
| |
| * passlib.handlers: cases where crypt() returns malformed hashEli Collins2020-10-051-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | now return a single unified InternalBackendError() class, instead of AssertionError. This change has a couple of parts: * assert statements replaced with permanent checks, since crypt() is unpredictable enough that we need to have this always on, even if production runs code in "-O2" mode. * added debug_only_repr() helper which allows including sensitive stuff like salts & hash digests within error tracebacks -- will only do so when global flag is enabled; and that's currently only set by unittest suite. * added new InternalBackendError() exception class (a RuntimeError subclass); which is raised instead of an AssertionError.
| * passlib.handlers.bcrypt: safe_verify() calls should test for NotImplementedEli Collins2020-10-051-0/+3
| | | | | | | | | | before boolean; bool(NotImplemented) is deprecated as of python 3.9 (fixes issue 125)
| * docs: added notices that python 2 support will be dropped in 1.8 (issue 119)Eli Collins2020-10-032-3/+20
| |
| * docs: minor adjusted to doc languageEli Collins2020-05-121-12/+13
| |
| * bugfix: bcrypt os_crypt backend: fix some more crypt.crypt() utf8 encoding ↵Eli Collins2020-05-121-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | issues which were causing it to fail to generate a hash. bcrypt ------ * _norm_digest(): fixed some PasslibValueError()s being thrown by os_crypt backend during UT fuzz verifier. These were due to non-UTF8 input being provided to crypt.crypt()... even though secret itself was UTF8 safe! This was because secret was being truncated/repeated as part of various backend bug workarounds; and the truncate/repeat operations weren't being done in manner that respected UTF8 character boundaries. This has now been fixed via _require_valid_utf8_bytes flag (which has been set for os_crypt backend), that enables utf8-safe mode of operation. utils ----- * added utf8_truncate() and utf8_repeat_string() helpers, for bcrypt fixes above. * simplified repeat_string() internals
| * bcrypt / os_crypt backend: now throws new PasswordValueError()Eli Collins2020-05-121-0/+7
| | | | | | | | | | | | | | | | | | when encoding issue is found, to separate this from an unexpected error when calling crypt.crypt() (these will still raise MissingBackendError). also tweaked internal safe_verify() helper to catch errors thrown by os_crypt backend (MissingBackendError would previously slip through, causing spurious UT failures)
| * bugfix: bcrypt: test vector for "8bit bug" wasn't UTF8 safe,Eli Collins2020-05-121-1/+1
| | | | | | | | | | | | | | | | | | | | which makes os_crypt backend always fail, since crypt.crypt() can only be made to handle UTF8 byte strings. * replaced "\xA3" test vector with "\xD1\x91" (from same openwall source); since the latter is valid UTF8. * added new test vector to UT suite
| * bugfix: bcrypt os_crypt backend wasn't being detected properly under py3;Eli Collins2020-05-121-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | due to a few interlocking issues. passlib.utils: test_crypt() shouldn't accept hash=<bytes>, because equality comparison with str will always fail under py3. * test_crypt() now enforces hash=<unicode_or_str> as input. it previously allowed hash=bytes, but equality comparison with unicode (output by safe_crypt) would always return False under python 3. * bcrypt's TEST_HASH_2A constant was stored bytes, which was causing os_crypt detection to fail due to test_crypt() bug above. changed to use native str. sidewnote: this would have been caught by UTs, except for bug in test_82_crypt_support() that was fixed in rev 43bae3f786b7.
| * passlib.tests: fixed bug where HandlerCase.test_82_crypt_support() wasn'tEli Collins2020-05-111-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | being run on systems where "os_crypt" backend detected as missing. This was because of conflict with create_backend_case(), which marks ALL methods as skipped if backend isn't present. Reworked so certain methods can be marked as "run anyways". In particular, we want platform_crypt_support checks to always run, since they're there as sanity check that our "os_crypt" detection routines are actually working in the first place :) Also rewrote test_82_crypt_support() contents to add some code comments.
| * docs: updated some urls, styling tweaks, bumped copyright yearEli Collins2020-05-111-1/+5
| |
| * admin: updated more repository links; as well as links to cloud_spthemeEli Collins2020-05-042-2/+2
| | | | | | | | (which is also moving)
| * admin: relocating repository & issue tracker from bitbucket to heptapodEli Collins2020-05-021-0/+14
| | | | | | | | | | | | * updated all relevant urls * added announcement to changelog & index page * added "thanks" section for Octobus, CleverCloud, and ReadTheDocs :)
| * reworked lookup_hash() and create_hex_digest() internals to work betterEli Collins2020-05-021-0/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | on FIPS systems (issue 116). * lookup_hash(): - moved all hash consturctor error checks / handling into HashInfo object, which simplifies lookup_hash() internals - [minor] added "required" kwd, inverse of the now-deprecated "return_unknown" kwd - [minor] now caches unknown/unsupported HashInfo records. * HashInfo: - now catches ValueErrors thrown by hash constructor, and special-cased detection of "disabled for fips" errors. - stub instances now have constructor that throws UnknownHashError, instead of being None. calling code should detect stub instances via the new "not info.supported" instead of testing for "info.const is None". * create_hex_digest() now defaults to creating handlers w/ mock hash func when it's not present (e.g. due to FIPS). this should let them be imported; and defer the errors until they're actually used. * added _set_mock_fips_mode() and some helps to make lookup_hash() fake a FIPS mode system (per traceback provided in issue comments). used this to make some preliminary UTs for the digest & hasher changes above.
| * passlib.ext.django: fix import that was removed in django 3Eli Collins2020-03-281-0/+2
| |
| * passlib.utils: have safe_crypt() catch OSError thrown by crypt() -- py39 compatEli Collins2020-03-281-0/+3
| | | | | | | | (fixes issue 115)
| * passlib.hash.bcrypt_sha256: now uses hmac-sha256 instead of plain sha256Eli Collins2020-02-161-0/+14
| | | | | | | | (fixes issue 114)
| * passlib.utils: have safe_crypt() check if crypt() is returning bytesEli Collins2020-02-171-0/+3
| | | | | | | | (fixes issue 113)
* | Merge from stableEli Collins2019-11-221-3/+25
|\ \ | |/
| * docs: update for releaseEli Collins2019-11-221-2/+2
| |
| * bcrypt: deprecated support for "py-bcrypt" and "bcryptor" backendsEli Collins2019-11-221-0/+7
| |
| * general: Python 2.6 & 3.3 support deprecated -- added notes in docsEli Collins2019-11-221-0/+13
| |
| * docs: updated build dependanciesEli Collins2019-11-121-1/+3
| |
* | Merge from stableEli Collins2019-11-111-0/+10
|\ \ | |/
| * passlib.crypto.scrypt: add support for hashlib.scrypt() backend (fixes issue 86)Eli Collins2019-11-111-0/+5
| |
| * passlib.apache: adjust default context to use "2y" bcrypt hashes instead of "2b"Eli Collins2019-11-111-0/+5
| | | | | | | | | | | | | | (fixes issue 95). also added UT which checks behavior against locally-installed 'htpasswd' tool (if available).
* | Merge from stableEli Collins2019-11-101-0/+44
|\ \ | |/
| * argon2 -- check for unsupported "argon2" package, or "argon2_cffi" that's ↵Eli Collins2019-11-101-0/+5
| | | | | | | | too old.
| * argon2 -- added support for type "ID" hashes & for generating type "D" hashes.Eli Collins2019-11-101-0/+9
| | | | | | | | | | | | | | | | | | | | * updated requirements to latest version of argon2_cffi & argon2pure; though internal code should work with older versions. * reworked argon2 module internals to handle wider range of hash types; and make default customizable via "type" kwd. * added reference vectors for "D" and "ID" hashes
| * added tests for parsehash() method; fixed argon2 error (fixes issue 97)Eli Collins2019-11-101-0/+4
| | | | | | | | | | | | * UTs now has basic tests for parsehash() method * argon2: excluded some settings kwd aliases from parsehash() call
| * bugfix: passlib.totp: always prepend issuer to URIs (fixes issue 92)Eli Collins2019-11-091-0/+6
| | | | | | | | | | | | For all prior releases of passlib, `TOTP().to_uri()` would only output an "issuer" parameter. Per the KeyURI spec, issuer should also be prepended to the label for backward compatibility.
| * docs: update 1.7.2 changelog for everything added to stable since 1.7.1Eli Collins2019-11-091-0/+17
| |
| * Back out changeset 53dc260cead7 -- restores argon2 to 16 byte hash output.Eli Collins2019-11-091-2/+0
| | | | | | | | | | | | | | | | per followup to original issue (https://bitbucket.org/ecollins/passlib/issues/88#comment-35296567) it was pointed out that citation for 32 byte hash output was out of date, and that argon2_cffi is correctly following the more up-to-date argon2 spec. this restores the stable branch to the 1.7.1 policy of following argon2_cffi's defaults.
| * argon2: set checksum size to 32, per issue 88.Eli Collins2017-03-041-0/+5
| | | | | | | | | | also setting salt length to fixed value, no longer relying on argon2_cffi's upstream settings for this.
* | passlib.context: removed deprecated 'harden_verify' kwdEli Collins2017-01-301-1/+1
| |
* | Merge with stableEli Collins2017-01-301-16/+33
|\ \ | |/
| * bumped to 1.7.1, related doc updates1.7.1Eli Collins2017-01-301-4/+4
| |
| * minor update to docs & ignore fileEli Collins2017-01-301-5/+4
| |
| * bugfix: passlib.hash.cisco_pix & cisco_asa: major overhaul of internal ↵Eli Collins2017-01-301-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | implementation, fixed a number of edge cases where we were generating the wrong thing. tests ----- * expanded test vectors, and ran them against an ASA 9.6 system. marked out all vectors that were verified on 9.6 system. found that user appending, and various size thresholds, weren't being performed correctly by cisco_pix & cisco_asa -- certain hashes generated prior to this will be "unverifiable" by a Cisco system. * consolidated shared pix & asa tests into common base class. * added test for "spoil_digest" codepath that's been added to cisco_pix _calc_digest() (see below). hashers ------- * cisco_pix & cisco_asa now reject too-large passwords, and silently return False when verifying them; to match Cisco behavior. updated truncate policy flags to match new behavior. * overhaul of _calc_checksum(), to fix identified issues, lay out guesses & reasoning, and added some citations. docs ---- * updated docs to list new algorithm, and conditions where the old code would generate a bad hash. * general cleanup of doc layout for these hashes * updated "Cisco Hashes" section to give better listing of known hash formats.
| * PasswordHash: hammered out more of password truncation policy.Eli Collins2017-01-301-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PasswordHash ------------- * .truncate_size now used to indicate general "max password size"; * .truncate_error now defined for all hashers, indicates .hash() policy * added .truncate_verify_reject as companion, indicates corresponding .verify() policy. HandlerTestCase --------------- * expanded test functions to check all combinations of truncation policy flags * fixed fuzzer so it doesn't generate passwords which would throw PasswordSizeError.
View Lorry Controller Status