-
-
Notifications
You must be signed in to change notification settings - Fork 367
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Crypt deprecation warning from passlib #1325
Comments
Indeed, but as we mentioned in #1301, there is nothing much we can do until |
As it seems quite unlikely passlib will receive any updates (it has been unmaintained for some years now), would it be possible to use bcrypt directly instead of relying on passlib? Or evalute possible alternatives? |
Indeed it doesn't seem to be a good idea to rely on passlib anymore. |
Perhaps this option could be considered? #1345 |
passlib will never be fixed unless fixed there or forked. |
It seems that @frankie567, the main maintainer of this projet, decided to create a passlib alternative of its own 3 weeks ago. He published on its blog a post explaining why he created this project, and that he wants to have pwdlib used in I created a PasswordHelper using pwdlib in the meantime. If someone needs it, here it is: import secrets
import string
import pwdlib
from fastapi_users.password import PasswordHelperProtocol
class PasswordHelper(PasswordHelperProtocol):
def __init__(self, context=None) -> None:
self.context = context
if self.context is None:
self.context = pwdlib.PasswordHash.recommended()
def verify_and_update(self, plain_password: str, hashed_password: str) -> Tuple[bool, str]:
return self.context.verify_and_update(password=plain_password, hash=hashed_password)
def hash(self, password: str) -> str:
return self.context.hash(password)
@staticmethod
def _generate_password(length):
alphabet = string.ascii_letters + string.digits
password = ''.join(secrets.choice(alphabet) for _ in range(length))
return password
def generate(self) -> str:
return self._generate_password(20) If you need a drop-in replacement, you will need the support of bcrypt, and you should use the following as a context: self.context = PasswordHash((
Argon2Hasher(),
BcryptHasher(),
)) see https://frankie567.github.io/pwdlib/guide/#password-hashing In any case, thank you @frankie567 🙏 |
Hi @hasB4K 👋 That's indeed the plan, just didn't have time to tackle it yet 😊 |
Like @MatthewScholefield said here #1301 (comment), it seems that there is some news on the passlib side here. I guess wait and see 🤷 🤞 |
Indeed, but I think I'll still move forward |
I understand and I'm looking forward to what you're building there. If the relevant issues with passlib get fixed before your own lib is ready, it would still be nice if the passlib update finds its way into fastapi-users in the meantime. Thank you for all your work! |
I made the move and this is now fixed as of As I mention above, if you still want to use |
Describe the bug
Using passlib, which internally imports
crypt
, now gives a deprecation warning:The text was updated successfully, but these errors were encountered: