DeprecationWarning: flask_bcrypt.check_password_hash uses now deprecated werkzeug.security.safe_str_cm
msarfati opened this issue · comments
flask_bcrypt.check_password_hash
uses the method werkzeug.security.safe_str_cm
that has been marked deprecated.
Line 235 in 0a1e8fe
https://github.com/pallets/werkzeug/blob/af160e0b6b7ddd81c22f1652c728ff5ac72d5c74/src/werkzeug/security.py#L103
(snippet as of the time of this post:)
def safe_str_cmp(a: str, b: str) -> bool:
"""This function compares strings in somewhat constant time. This
requires that the length of at least one string is known in advance.
Returns `True` if the two strings are equal, or `False` if they are not.
.. deprecated:: 2.0
Will be removed in Werkzeug 2.1. Use
:func:`hmac.compare_digest` instead.
.. versionadded:: 0.7
"""
warnings.warn(
"'safe_str_cmp' is deprecated and will be removed in Werkzeug"
" 2.1. Use 'hmac.compare_digest' instead.",
DeprecationWarning,
stacklevel=2,
)
Have you guys made any plans to move to using hmac.compare_digest
, as Werkzeug recommends? If not, I can submit a PR.
A PR would be appreciated. Thank you.
@maxcountryman I've submitted a PR to address this issue: #70
Closed with #70.