Giters

maxcountryman / flask-bcrypt

Flask-Bcrypt is a Flask extension that provides bcrypt hashing utilities for your application.

Home Page:http://readthedocs.org/docs/flask-bcrypt/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Source code on github and pypi differs

mahenzon opened this issue · comments

commented

I noticed that Flask-Bcrypt==0.7.1 installed from pypi is not the same found in this repo (no matter it's 0.7.1 too https://github.com/maxcountryman/flask-bcrypt/blob/13df85ab1b4d7602a967c7ec1c6707c8cda459c6/flask_bcrypt.py)

here's comparison pypi vs repo (repo is newer)

4,6c4,6
<     
<     A Flask extension providing bcrypt hasing and comparison facilities.
<     
---
> 
>     A Flask extension providing bcrypt hashing and comparison facilities.
> 
28a29,30
> import hashlib
> 
40,41c42,44
<     To this this function, simple import it from the module and use it in a 
<     similar fashion as the method would be used. Here is a quick example::
---
>     To use this function, simply import it from the module and use it in a 
>     similar fashion as the original method would be used. Here is a quick
>     example::
43c46
<         from flask.ext.bcrypt import generate_password_hash
---
>         from flask_bcrypt import generate_password_hash
57,61c60,65
<     
<     To this this function, simple import it from the module and use it in a 
<     similar fashion as the method would be used. Here is a quick example::
<         
<         from flask.ext.bcrypt import check_password_hash
---
> 
>     To use this function, simply import it from the module and use it in a 
>     similar fashion as the original method would be used. Here is a quick
>     example::
> 
>         from flask_bcrypt import check_password_hash
63c67
<     
---
> 
119c123,138
<     
---
> 
>     You may also set the hash version using the `BCRYPT_HASH_PREFIX` field in
>     the configuration of the Flask app. If not set, this will default to `2b`.
>     (See bcrypt for more details)
> 
>     By default, the bcrypt algorithm has a maximum password length of 72 bytes
>     and ignores any bytes beyond that. A common workaround is to hash the
>     given password using a cryptographic hash (such as `sha256`), take its
>     hexdigest to prevent NULL byte problems, and hash the result with bcrypt.
>     If the `BCRYPT_HANDLE_LONG_PASSWORDS` configuration value is set to `True`,
>     the workaround described above will be enabled.
>     **Warning: do not enable this option on a project that is already using
>     Flask-Bcrypt, or you will break password checking.**
>     **Warning: if this option is enabled on an existing project, disabling it
>     will break password checking.**
> 
123a143,144
>     _prefix = '2b'
>     _handle_long_passwords = False
135,139c156,181
<     
<     def generate_password_hash(self, password, rounds=None):
<         '''Generates a password hash using bcrypt. Specifying `rounds` 
<         sets the log_rounds parameter of `bcrypt.gensalt()` which determines 
<         the complexity of the salt. 12 is the default value.
---
>         self._prefix = app.config.get('BCRYPT_HASH_PREFIX', '2b')
>         self._handle_long_passwords = app.config.get(
>             'BCRYPT_HANDLE_LONG_PASSWORDS', False)
> 
>     def _unicode_to_bytes(self, unicode_string):
>         '''Converts a unicode string to a bytes object.
> 
>         :param unicode_string: The unicode string to convert.'''
>         if PY3:
>             if isinstance(unicode_string, str):
>                 bytes_object = bytes(unicode_string, 'utf-8')
>             else:
>                 bytes_object = unicode_string
>         else:
>             if isinstance(unicode_string, unicode):
>                 bytes_object = unicode_string.encode('utf-8')
>             else:
>                 bytes_object = unicode_string
>         return bytes_object
> 
>     def generate_password_hash(self, password, rounds=None, prefix=None):
>         '''Generates a password hash using bcrypt. Specifying `rounds`
>         sets the log_rounds parameter of `bcrypt.gensalt()` which determines
>         the complexity of the salt. 12 is the default value. Specifying `prefix`
>         sets the `prefix` parameter of `bcrypt.gensalt()` which determines the 
>         version of the algorithm used to create the hash.
147a190
>         :param prefix: The algorithm version to use.
154a198,199
>         if prefix is None:
>             prefix = self._prefix
157,158c202,203
<         if PY3 and isinstance(password, str):
<             password = bytes(password, 'utf-8')
---
>         password = self._unicode_to_bytes(password)
>         prefix = self._unicode_to_bytes(prefix)
160,161c205,207
<         if not PY3 and isinstance(password, unicode):
<             password = password.encode('utf-8')
---
>         if self._handle_long_passwords:
>             password = hashlib.sha256(password).hexdigest()
>             password = self._unicode_to_bytes(password)
163c209,210
<         return bcrypt.hashpw(password, bcrypt.gensalt(rounds))
---
>         salt = bcrypt.gensalt(rounds=rounds, prefix=prefix)
>         return bcrypt.hashpw(password, salt)
181,182c228,229
<         if PY3 and isinstance(pw_hash, str):
<             pw_hash = bytes(pw_hash, 'utf-8')
---
>         pw_hash = self._unicode_to_bytes(pw_hash)
>         password = self._unicode_to_bytes(password)
184,185c231,233
<         if PY3 and isinstance(password, str):
<             password = bytes(password, 'utf-8')
---
>         if self._handle_long_passwords:
>             password = hashlib.sha256(password).hexdigest()
>             password = self._unicode_to_bytes(password)
187,192d234
<         if not PY3 and isinstance(pw_hash, unicode):
<             pw_hash = pw_hash.encode('utf-8')
< 
<         if not PY3 and isinstance(password, unicode):
<             password = password.encode('utf-8')
< 
194d235
<

pypi was updated a long time ago and lacks such features as long_passwords and etc

bcrypt==3.2.0
Flask-Bcrypt==0.7.1
commented

Kinda duplicate of #53