wutta/wuttjamaican
3
0
Fork 0
Code Issues Activity

feat: use bcrypt directly instead of passlib

Browse source 
apparently passlib has not been updated in years, and the combo with
latest bcrypt v5 was causing errors

https://github.com/pyca/bcrypt/issues/1082
https://github.com/pyca/bcrypt/issues/1079
https://foss.heptapod.net/python-libs/passlib/-/issues/196
This commit is contained in:
Lance Edgar 2025-10-19 12:58:34 -05:00
parent 050a6002da
commit 101dbdc96b
3 changed files with 10 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

3
pyproject.toml
View file

@ -26,6 +26,7 @@ classifiers = [
] ]
requires-python = ">= 3.8" requires-python = ">= 3.8"
dependencies = [ dependencies = [
"bcrypt",
"humanize", "humanize",
'importlib-metadata; python_version < "3.10"', 'importlib-metadata; python_version < "3.10"',
"importlib_resources ; python_version < '3.9'", "importlib_resources ; python_version < '3.9'",
@ -39,7 +40,7 @@ dependencies = [
[project.optional-dependencies] [project.optional-dependencies]
db = ["SQLAlchemy", "alembic", "alembic-postgresql-enum", "passlib"] db = ["SQLAlchemy", "alembic", "alembic-postgresql-enum"]
docs = ["Sphinx", "sphinxcontrib-programoutput", "enum-tools[sphinx]", "furo"] docs = ["Sphinx", "sphinxcontrib-programoutput", "enum-tools[sphinx]", "furo"]
tests = ["pylint", "pytest", "pytest-cov", "tox"] tests = ["pylint", "pytest", "pytest-cov", "tox"]

17
src/wuttjamaican/auth.py
View file

@ -29,18 +29,11 @@ This defines the default :term:`auth handler`.
import secrets import secrets
import uuid as _uuid import uuid as _uuid
import bcrypt
from wuttjamaican.app import GenericHandler from wuttjamaican.app import GenericHandler
# nb. this only works if passlib is installed (part of 'db' extra)
try:
from passlib.context import CryptContext
except ImportError: # pragma: no cover
pass
else:
password_context = CryptContext(schemes=["bcrypt"])
class AuthHandler(GenericHandler): # pylint: disable=too-many-public-methods class AuthHandler(GenericHandler): # pylint: disable=too-many-public-methods
""" """
Base class and default implementation for the :term:`auth Base class and default implementation for the :term:`auth
@ -143,7 +136,7 @@ class AuthHandler(GenericHandler): # pylint: disable=too-many-public-methods
:returns: ``True`` if password matches; else ``False``. :returns: ``True`` if password matches; else ``False``.
""" """
return password_context.verify(password, user.password) return bcrypt.checkpw(password.encode("utf-8"), user.password.encode("utf-8"))
def get_role(self, session, key): def get_role(self, session, key):
""" """
@ -419,7 +412,9 @@ class AuthHandler(GenericHandler): # pylint: disable=too-many-public-methods
:param password: New password in plain text. :param password: New password in plain text.
""" """
user.password = password_context.hash(password) user.password = bcrypt.hashpw(
password.encode("utf-8"), bcrypt.gensalt()
).decode("utf-8")
def get_role_administrator(self, session): def get_role_administrator(self, session):
""" """

4
tests/test_app.py
View file

@ -415,8 +415,8 @@ app_title = WuttaTest
self.assertEqual(ver, version("SQLAlchemy")) self.assertEqual(ver, version("SQLAlchemy"))
# can also specify the dist # can also specify the dist
ver = self.app.get_version(dist="passlib") ver = self.app.get_version(dist="progress")
self.assertEqual(ver, version("passlib")) self.assertEqual(ver, version("progress"))
def test_make_title(self): def test_make_title(self):
text = self.app.make_title("foo_bar") text = self.app.make_title("foo_bar")