| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| |
| |
| | |
As part of merge:
* various: reverted the py26 compat fixes from rev 5e2f92012412
* test utils: stripped out "has_real_subtest" compat from rev c732a9e2a582,
since now on py35+, which always has .subTest() method
|
| |
| |
| |
| | |
this inherits from ValueError, and has same text, so backwards compatible.
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
"native_string_types" aliases
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
|\ \
| |/ |
|
| | |
|
| | |
|
| | |
|
|\ \
| |/ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
will be removed completely in 1.8.
Rationale:
Aside from the arguments in issue 83, performed a timing analysis,
and decided harden_verify framework wasn't going to be easily workable
to prevent a timing attack anyways (see attached admin/plot_verify_timing.py script).
Changes:
* dummy_verify() has been kept around, but now uses .verify() against a dummy hash,
which is guaranteed to have correct timing (though wastes cpu cycles).
* Removed most harden_verify code, treating it as NOOP just like min_verify_time.
Similarly, removed most documentation references to.
|
|/
|
|
|
|
|
|
|
| |
scheduled
for removal in v1.8.
this removes CryptPolicy, unix_fallback, some old HtpasswdFile methods,
and more. tests were updated as well. see history/1.8 for a complete list.
|
| |
|
|
|
|
| |
submodule
|
| |
|
|
|
|
|
|
| |
now stored in public Hash.deprecated attr of returned hashers,
instead of monkeypatching Hash.needs_update().
this removes some cruft from a bunch of places.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
passlib.ext.django
------------------
* everything in .models relocated to the DjangoContextAdapter() class in .utils.
all that's left in models is a couple of hooks. This consolidates all
the model state into a single object, making it a lot easier to inspect
and optimize.
* consolidated a bunch of (undocumented) helper functions into DjangoTranslator()
class, which now acts as based for DjangoContextAdapter. Translator instances
handle converted passlib <-> django hashers, including caching speed-critical bits.
* wrapper class now has guards against wrong type of hasher being passed in
* wrapper class uses .using() instead of deprecated .hash(**kwds) format.
* updated and confirmed passing tests w/ django 1.10.3
passlib.ext.django tests
------------------------
* split test wrapper for django's internal tests (HashersTest) into separate file,
test_ext_django_source.py, to make it easier to run independantly.
reworked to use patchAttr(wraps=True) rather than less flexible ContextHook() hack
* tries to clean up HashersTest - adapts to django settings,
fixed code syncing .iteration settings back to passlib hashers,
* blocked out some django tests that we can't / won't pass,
documented reasons why.
other
-----
* CryptContext: added temporary hack to access unpatched Hasher.needs_update() method.
* PrefixWrapper: now proxies attr writes if it owns the wrapped hasher.
* test utils: added wrap=True support to patchAttr(), for wrapping arbitrary functions.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rather than base handlers, deprecated some unneeded args.
* .schemes(resolve=True), .default_scheme(resolve=True), .handlers(),
and .identify() -- All these methods now return configured handlers
rather than the base ones, so callers who are inspecting context
get a handler which honors it's configuration.
This required adding a few keywords to these methods,
but leaving them mostly undocumented -- if no one asks for them,
don't have to preserve them when 1.8 updates the context api.
* .hash(), .verify(), .verify_and_update() -- deprecated the 'scheme' keyword:
Nothing but UTs is probably using this, and '.handler().hash()' can be used
as a replacement.
* added context.using() to match hash api, is an alias for context.copy()
|
|
|
|
| |
(there will never be a 1.6.6)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
v1.6 deprecated the "min_verify_time" feature, since it required admins
to awkwardly hard-code the amount of time they wanted .verify() to take.
This was a useful feature, though, since it provided the ability for
contexts to mask which accounts had older, weaker, hashes.
This commit adds in a replacement feature: CryptContext now supports
a "harden_verify" flag, which causes it to autocalculate how long
the default hash should take, and make sure to spend at least that much time.
Another improvement is that this autocalc is performed at the context level,
not per hash like min_verify_time was, making it overall more reliable.
It also offers a new "context.dummy_verify()" call for faking the delay
for missing accounts.
Changes:
* Added "harden_verify" option to CryptContext,
along with code to autocalculate min_verify_time delay via timing
when context is first accessed.
XXX: this timing code needs some battle-testing, and may be adjusted later.
* Added .dummy_verify() method, integrated it into .verify()
and .verify_and_update().
* updated warnings & docs to report harden_verify as replacement
for "min_verify_time" option.
* to help workflow for adding delay on missing accounts,
.verify() and .verify_and_update() now support passing in hash=None,
and treat it as "never verifying"
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* now have whitelist of allowed global settings which will be passed to all hashes.
all other bare options will be passed to CryptContext itself.
* this makes the "all" scheme warnings a bit cleaner -- using the scheme
explicitly will now ALWAYS create a warning, and any non-whitelisted
global hash setting will also create a warning.
* get_scheme_options_with_flag() now filters out any global settings
which don't apply to a particular handler; simplifies a HasRounds
workaround previously in _create_record(), and makes things more rugged.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* PasswordHash.is_disabled flag now present, to programmatically detect
disabled hashers (unix_disabled, etc)
* CryptContext now offers methods for disabling, enabling, and testing
hashes to see if they're tied to a real hash or not.
* disabled hashers now offer .disable() and .enable() helpers,
as backend for CryptContext methods.
* django_disabled now appends random alphanumeric string, per Django.
* adjusted HandlerCase:
- checks handler.is_disabled,
- handle django_disabled via disabled_contains_salt flag
- tests .disable() and .enable() api if present
|
| |
|
|
|
|
|
| |
this basically reversed rev 5c41b0153d4f; after using it a bit more,
decided the name didn't indicate as well what the method was doing.
|
|
|
|
|
| |
made behavior of various bits (rounds etc) default to relaxed=False,
updated UTs accordingly.
|
|
|
|
| |
to match stdlib's convention (for things like str, namedtuple, etc)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
after further consideration (while implementing a handler for argon2),
decided that rolling .genconfig() and .genhash() into the .hash() method
(as was done in rev 1f7421b35b75) put too much complexity into the .hash() method.
this commit walks back those portions of rev 1f7421b35b75 -- .genconfig()
and .genhash() are now implemented for each handler directly.
however, going a little further and completely deprecating .genconfig()
and .genhash() support entirely -- decided there's no need for them in
the public api whatsoever. apps shouldn't need/use them, and the unittests
can use their own workarounds.
* removed "config" keyword from handler.hash() ifc
* removed support for config=None from handler.genhash() -- nothing should use it
now that handler.genconfig() always returns a string.
* marked .genhash() and .genconfig() as completely deprecated, w/ no alternative
* uts: factored out calls which need config only into a .do_stub_encrypt() helper,
as replacement for internal uses of .genconfig()
|
|
|
|
|
|
|
|
|
|
|
| |
as a fallback for 'default_rounds', 'min_rounds', and 'max_rounds'.
this makes it easier to specify a django-style policy of "deprecate all hashes
which have a differing rounds value".
* removed special handling from 'rounds' from CryptContext parser
* tweaked affected CryptContext serialization tests
* added test for new behavior
|
|
|
|
|
|
|
|
|
|
| |
only legitimate use was for 'vary_rounds' option, which is being phased out,
and other uses like 'min_rounds' were a security issue.
* fixed CryptContext() tests to stop uses "all" kwds
* issue dep warning if "all" scheme is used
* issue config warning if anything but "vary_rounds" is used,
since config needs to be changed (regardless of passlib version)
|
|
|
|
|
| |
removed _CryptRecord proxy object completely. CryptContext now just
worked with custom handler instances directly.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
.encrypt()
----------
hash.encrypt() & context.encrypt() have been renamed to .hash().
this should take care of the long-standing issue 21 (the poor naming of .encrypt).
per docs, legacy aliases will remain in place until passlib 2.0.
.genhash() / .genconfig()
-------------------------
taking advantage of this reorganization to also deprecate .genconfig()
and .genhash() -- they're not really useful in a modern system,
nor as needed for historical support as initially thought:
.genconfig() will be retired completely in passlib 2.0;
.genhash() is rolled into the new .hash() method along with .encrypt().
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and moved them to a separate passlib.crypto subpackage.
along with this move, made a few api cleanups:
* unified all code that's looking up hashes
to use new passlib.crypto.lookup_hash() wrapper, which takes
care of hash name normalization, loading fallback implementations,
and alg metadata inspection, all hidden behind a memoized function.
* deprecated pbkdf2() in favor of pbkdf2_hmac() -- only real use,
and new signature matches stdlib function. additionally,
this version is a bit faster, due to some assumptions that
can be made due to the PRF always being HMAC based.
* added compile_hmac() helper which does an even more efficient
job of pre-compiling a keyed HMAC function; this helped speed up pbkdf2 a bit more.
|
|\ |
|
| |
| |
| |
| | |
which abstracts out job of parsing rounds value from hash.
|
| |
| |
| |
| |
| |
| | |
the context,
and they will only be passed on for the hashes that support them (fixes issue 63).
|
| | |
|
| | |
|
|\ \
| |/ |
|
| | |
|
|\ \
| |/ |
|