mbasanta / passlib

Automatically exported from code.google.com/p/passlib
Other
0 stars 0 forks source link

Incompatibility with bcrypt backend #49

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. pip install passlib
2. pip install bcrypt
3. passlib.hash.bcrypt.encrypt('password')

What is the expected output? What do you see instead?

  The expected output is the hashed password. Instead the 
  traceback below occurs.

What version of the product are you using? On what operating system?

  I've tried this both with the latest release (1.6.1) and with the default branch from source control.

Please provide any additional information below.

  Below is the traceback.

.../python3.3/site-packages/passlib/utils/handlers.py in encrypt(cls, secret, 
**kwds)
    551         validate_secret(secret)
    552         self = cls(use_defaults=True, **kwds)
--> 553         self.checksum = self._calc_checksum(secret)
    554         return self.to_string()
    555 

.../python3.3/site-packages/passlib/handlers/bcrypt.py in 
_calc_checksum_pybcrypt_threadsafe(self, secret)
    277         # used through passlib, this should be safe.
    278         with self._calc_lock:
--> 279             return self._calc_checksum_pybcrypt(secret)
    280 
    281     def _calc_checksum_pybcrypt(self, secret):

.../python3.3/site-packages/passlib/handlers/bcrypt.py in 
_calc_checksum_pybcrypt(self, secret)
    289             raise uh.exc.NullPasswordError(self)
    290         config = self._get_config()
--> 291         hash = _pybcrypt_hashpw(secret, config)
    292         assert hash.startswith(config) and len(hash) == len(config)+31
    293         return str_to_uascii(hash[-31:])

.../python3.3/site-packages/bcrypt/__init__.py in hashpw(password, salt)
     89 def hashpw(password, salt):
     90     if isinstance(password, text_type) or isinstance(salt, text_type):
---> 91         raise TypeError("Unicode-objects must be encoded before 
hashing")
     92 
     93     hashed = _ffi.new("unsigned char[]", 128)

TypeError: Unicode-objects must be encoded before hashing

If you need anything else; let me know.

Original issue reported on code.google.com by leckey.r...@gmail.com on 12 Jun 2013 at 2:58

GoogleCodeExporter commented 9 years ago
Ah, it looks like "pip install bcrypt" is installing a new bcrypt library which 
came out in the last month or so (https://github.com/dstufft/bcrypt). Since 
it's api-compatible with py-bcrypt (http://code.google.com/p/py-bcrypt/), 
passlib detects it as such, but there's apparently a small api difference 
between the two of them, which is causing the bug here.

I would suggest using py-bcrypt, except that 1) I don't think that project 
supports py3 and 2) I don't think it's being very actively maintained right 
now. So it's probably best just to add support for this new library into 
passlib :)

Unless something surprising comes up, I should be able to roll out a bugfix 
release within a week or so (since this is a new bcrypt library, i'll need to 
do some more thorough testing first). 

- Eli

Original comment by elic@astllc.org on 17 Jun 2013 at 7:37

GoogleCodeExporter commented 9 years ago
The new library was also mentioned in issue 40 as being Python3-compatible. But 
with the current 'bcrypt' (1.0.2) I don't see the traceback. Instead it "just 
works".

Original comment by felix.sc...@oss.schwarz.eu on 10 Dec 2013 at 9:48

GoogleCodeExporter commented 9 years ago
Can I assume this might be fixed in 1.6.2?

Original comment by mdw1...@gmail.com on 19 Dec 2013 at 9:14

GoogleCodeExporter commented 9 years ago
Passlib 1.6.2 has been released, and 'bcrypt' should now be working fine. While 
it was probably "just working" for some people, there were a few 
unicode-related errors that should now be ironed out.

Original comment by elic@astllc.org on 27 Dec 2013 at 12:37