feat: use bcrypt directly instead of passlib
apparently passlib has not been updated in years, and the combo with latest bcrypt v5 was causing errors https://github.com/pyca/bcrypt/issues/1082 https://github.com/pyca/bcrypt/issues/1079 https://foss.heptapod.net/python-libs/passlib/-/issues/196
This commit is contained in:
		
							parent
							
								
									050a6002da
								
							
						
					
					
						commit
						101dbdc96b
					
				
					 3 changed files with 10 additions and 14 deletions
				
			
		|  | @ -26,6 +26,7 @@ classifiers = [ | |||
| ] | ||||
| requires-python = ">= 3.8" | ||||
| dependencies = [ | ||||
|         "bcrypt", | ||||
|         "humanize", | ||||
|         'importlib-metadata; python_version < "3.10"', | ||||
|         "importlib_resources ; python_version < '3.9'", | ||||
|  | @ -39,7 +40,7 @@ dependencies = [ | |||
| 
 | ||||
| 
 | ||||
| [project.optional-dependencies] | ||||
| db = ["SQLAlchemy", "alembic", "alembic-postgresql-enum", "passlib"] | ||||
| db = ["SQLAlchemy", "alembic", "alembic-postgresql-enum"] | ||||
| docs = ["Sphinx", "sphinxcontrib-programoutput", "enum-tools[sphinx]", "furo"] | ||||
| tests = ["pylint", "pytest", "pytest-cov", "tox"] | ||||
| 
 | ||||
|  |  | |||
|  | @ -29,18 +29,11 @@ This defines the default :term:`auth handler`. | |||
| import secrets | ||||
| import uuid as _uuid | ||||
| 
 | ||||
| import bcrypt | ||||
| 
 | ||||
| from wuttjamaican.app import GenericHandler | ||||
| 
 | ||||
| 
 | ||||
| # nb. this only works if passlib is installed (part of 'db' extra) | ||||
| try: | ||||
|     from passlib.context import CryptContext | ||||
| except ImportError:  # pragma: no cover | ||||
|     pass | ||||
| else: | ||||
|     password_context = CryptContext(schemes=["bcrypt"]) | ||||
| 
 | ||||
| 
 | ||||
| class AuthHandler(GenericHandler):  # pylint: disable=too-many-public-methods | ||||
|     """ | ||||
|     Base class and default implementation for the :term:`auth | ||||
|  | @ -143,7 +136,7 @@ class AuthHandler(GenericHandler):  # pylint: disable=too-many-public-methods | |||
| 
 | ||||
|         :returns: ``True`` if password matches; else ``False``. | ||||
|         """ | ||||
|         return password_context.verify(password, user.password) | ||||
|         return bcrypt.checkpw(password.encode("utf-8"), user.password.encode("utf-8")) | ||||
| 
 | ||||
|     def get_role(self, session, key): | ||||
|         """ | ||||
|  | @ -419,7 +412,9 @@ class AuthHandler(GenericHandler):  # pylint: disable=too-many-public-methods | |||
| 
 | ||||
|         :param password: New password in plain text. | ||||
|         """ | ||||
|         user.password = password_context.hash(password) | ||||
|         user.password = bcrypt.hashpw( | ||||
|             password.encode("utf-8"), bcrypt.gensalt() | ||||
|         ).decode("utf-8") | ||||
| 
 | ||||
|     def get_role_administrator(self, session): | ||||
|         """ | ||||
|  |  | |||
|  | @ -415,8 +415,8 @@ app_title = WuttaTest | |||
|         self.assertEqual(ver, version("SQLAlchemy")) | ||||
| 
 | ||||
|         # can also specify the dist | ||||
|         ver = self.app.get_version(dist="passlib") | ||||
|         self.assertEqual(ver, version("passlib")) | ||||
|         ver = self.app.get_version(dist="progress") | ||||
|         self.assertEqual(ver, version("progress")) | ||||
| 
 | ||||
|     def test_make_title(self): | ||||
|         text = self.app.make_title("foo_bar") | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue