arcanis/ahriman
1
0
Fork 0
mirror of https://github.com/arcan1s/ahriman.git synced 2025-07-14 22:45:47 +00:00
Code Issues Projects Releases Wiki Activity

chore: replace passlib with bcrypt

Browse Source 
passlib uses deprecated crypt module which is deprecated and scheduled
for removal in 3.13. Unfortunately, this module seems to be
unmaintained, so this commit replaces passlib with bcrypt, unfortunately
breaking current passwords
This commit is contained in:
Evgenii Alekseev
2024-10-05 15:59:51 +03:00
parent 910d178c71
commit cd0ac7a7bd
12 changed files with 66 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/ahriman/models/user.py
View File

@ -17,8 +17,9 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import bcrypt
from dataclasses import dataclass, replace
from passlib.hash import sha512_crypt
from secrets import token_urlsafe as generate_password
from typing import Self
@ -67,8 +68,6 @@ class User:
packager_id: str | None = None
key: str | None = None
_HASHER = sha512_crypt
def __post_init__(self) -> None:
"""
remove empty fields
@ -101,10 +100,9 @@ class User:
bool: ``True`` in case if password matches, ``False`` otherwise
"""
try:
verified: bool = self._HASHER.verify(password + salt, self.password)
return bcrypt.checkpw((password + salt).encode("utf8"), self.password.encode("utf8"))
except ValueError:
verified = False # the absence of evidence is not the evidence of absence (c) Gin Rummy
return verified
return False # the absence of evidence is not the evidence of absence (c) Gin Rummy
def hash_password(self, salt: str) -> Self:
"""
@ -120,8 +118,8 @@ class User:
# in case of empty password we leave it empty. This feature is used by any external (like OAuth) provider
# when we do not store any password here
return self
password_hash: str = self._HASHER.hash(self.password + salt)
return replace(self, password=password_hash)
password_hash = bcrypt.hashpw((self.password + salt).encode("utf8"), bcrypt.gensalt())
return replace(self, password=password_hash.decode("utf8"))
def verify_access(self, required: UserAccess) -> bool:
"""