bcrypt algo throws error

[solsticedhiver]

# nginx-passwd -f htpasswd -a bcrypt user
Password: 
(trapped) error reading bcrypt version
Traceback (most recent call last):
  File "/usr/lib/python3.11/site-packages/passlib/handlers/bcrypt.py", line 620, in _load_backend_mixin
    version = _bcrypt.__about__.__version__
              ^^^^^^^^^^^^^^^^^
AttributeError: module 'bcrypt' has no attribute '__about__'

[gene-git]

Thanks for report - hmmm ... works fine for me with no error from passlib library. The hashing code I call is from passlib.hash.

I note note that i don't have python-bcrypt installed (do you by chance?) - its not needed.

Here's what I see:

$ nginx-passwd -f htpasswd -a bcrypt user
 Password file not found : htpasswd
Password: 

$ cat htpasswd 
user:$2b$12$h7MgxyoVJgyEnFXt6UygA.OOeplMjCVqt6wIGI1Rcn4d3pBjAATu6

Lets try figure out why yours throws error.

1) What version of passlib do you have? Mine is

python-passlib 1.7.4-6

2) Assume nginx_passwd version 2.3.1?

3) wonder still about python-bcrypt since its optional; dep of python-passlib

[gene-git]

Also that line in passlib looks like its catchingthe exception - logs a warning and marks version unknown and continues ... did it actually fail for you or just a warning? Still curious since I don't get the warning.

[gene-git]

Can you run this standalone test program and see if it works for you? It checks if passlib bcrypt hashing works.

It simply uses passlib to make a password hash of a string - once with bcrypt and once with argon2 - and prints the results.

#!/usr/bin/python
#
# Check if bcrypt hash works

from passlib.hash import bcrypt
from passlib.hash import argon2

test_string = 'Happy birthday'

bcrypt_hash = bcrypt.hash(test_string)
argon2_hash = argon2.hash(test_string)

print(f' Test string: {test_string}')
print(f' bcyrpt hash: {bcrypt_hash}')
print(f' argon2 hash: {argon2_hash}')

[solsticedhiver]

So the log above is not a warning; it fails and abort. Edit: oops: it does not abort. it works, but is a warning; yes, like you said. somehow, I did not see it,the first time

Yes, I have python-bcrypt installed. It was a dep of another package. Without python-bcrypt isntalled, it works. Either your test sccript or nginx-passwd.

It is somehow python-bcrypt interfering;

[solsticedhiver]

well, it's invalid. may be hide the warning

[gene-git]

It does seem to be a bit of a problem with passlib vs bcrypt (aka python-bcrypt). Its unclear which of the 2 is buggy - but sure seems like they don't get along for some reason.

[gene-git]

I dont see offhand how to work around (in my code) what looks like a passlib / bcrypt bug.

Open to ideas - i can certainly add a test for buggy bcrypt implementation - but still need to find a way to work around it.

[gene-git]

Just saw your last comment that it actually worked in spite of warning. Thats good - better than not working :)

[gene-git]

Thanks for letting me know

[gene-git]

Can you do me a favor and see if this test prevents the warning from showing up?

#!/usr/bin/python
#
# Check if bcrypt hash works
from passlib.hash import bcrypt

log = logging.getLogger('passlib.handlers.bcrypt')
log.setLevel(logging.CRITICAL)

test_string = 'Happy birthday'

bcrypt_hash = bcrypt.hash(test_string)

print(f' Test string: {test_string}')
print(f' bcyrpt hash: {bcrypt_hash}')

[solsticedhiver]

yes! No warning. But I had to add import logging for it to work ;-)

[gene-git]

Ah right - i forgot the import - thanks ! Ok looks like adding this to my hash module will work.

thank you for your help.

[gene-git]

Thank you for all your help - I pushed 2.4.0 with the logging fix.