AttributeError: module 'bcrypt' has no attribute '__about__' with new 4.1.1 version

[roland-robert]

For bcrypt 4.1.1, I get this error/warning when I run this code (code which is in FastAPI documentation)
I have passlib 1.7.4

from passlib.context import CryptContext
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
pwd_context.hash('test')   

output

(trapped) error reading bcrypt version
Traceback (most recent call last):
  File "C:\path\venv\Lib\site-packages\passlib\handlers\bcrypt.py", line 620, in _load_backend_mixin
    version = _bcrypt.__about__.__version__
              ^^^^^^^^^^^^^^^^^
AttributeError: module 'bcrypt' has no attribute '__about__'
'$2b$12$dcl0YFoHz6.pL/dtOwbfO.r3CRI416BLq6vJEf0EmT4CHsqqHm7FC'

It's not breaking anything, because code still runs.

This is not the case with bcrypt 4.0.1

[reaperhulk]

This is an issue with how passlib attempts to read a version (for logging only) and fails because it's loading modules that no longer exist in bcrypt 4.1.x. I'd suggest filing an issue against them for this.

https://foss.heptapod.net/python-libs/passlib/-/blob/branch/stable/passlib/handlers/bcrypt.py#L619-623

[hyperknot]

Yep, passlib seems to be abandoned and the new bcrypt doesn't work with it. Needs to force bcrypt==4.0.1 to keep using passlib.

[alex]

As the OP indicates here, passlib will work with latest bcrypt, it simply emits a warning. You should be able to silence that warning with a logging configuration.

[patrick-m-m]

Props to the opener of the issue on passlib: https://foss.heptapod.net/python-libs/passlib/-/issues/190

Edited to add: silencing the warning via logging config worked fine for me, hat-tip to @alex

logging.getLogger('passlib').setLevel(logging.ERROR)

[creativebash]

Like others have pointed, passlib is not actively updated and it has dependencies that have changed behaviour over time.
I recently had this error (below) that indirectly triggered a CORS error on my frontend, due to middleware misinterpretation.

> (trapped) error reading bcrypt version
> Traceback (most recent call last):
>   File "C:\path\venv\Lib\site-packages\passlib\handlers\bcrypt.py", line 620, in _load_backend_mixin
>     version = _bcrypt.__about__.__version__
>               ^^^^^^^^^^^^^^^^^

I resolved it by removing the passlib module and simply using the bcrypt directly for hashing and verification :

import bcrypt

# Hash a password using bcrypt
def hash_password(password):
    pwd_bytes = password.encode('utf-8')
    salt = bcrypt.gensalt()
    hashed_password = bcrypt.hashpw(password=pwd_bytes, salt=salt)
    return hashed_password

# Check if the provided password matches the stored password (hashed)
def verify_password(plain_password, hashed_password):
    password_byte_enc = plain_password.encode('utf-8')
    return bcrypt.checkpw(password = password_byte_enc , hashed_password = hashed_password)

Reference: #https://www.geeksforgeeks.org/hashing-passwords-in-python-with-bcrypt/

[ArjunJayakrishnan]

For bcrypt 4.1.1, I get this error/warning when I run this code (code which is in FastAPI documentation) I have passlib 1.7.4

from passlib.context import CryptContext
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
pwd_context.hash('test')   

output

(trapped) error reading bcrypt version
Traceback (most recent call last):
  File "C:\path\venv\Lib\site-packages\passlib\handlers\bcrypt.py", line 620, in _load_backend_mixin
    version = _bcrypt.__about__.__version__
              ^^^^^^^^^^^^^^^^^
AttributeError: module 'bcrypt' has no attribute '__about__'
'$2b$12$dcl0YFoHz6.pL/dtOwbfO.r3CRI416BLq6vJEf0EmT4CHsqqHm7FC'

It's not breaking anything, because code still runs.

This is not the case with bcrypt 4.0.1

just downgrade your bcrypt. i did it to 3.2.2. it works. it has __about attribute. hope my comment helps.

[bkis]

just downgrade your bcrypt. i did it to 3.2.2. it works. it has __about attribute. hope my comment helps.

And go without updates for a security-relevant library? 😬

[Nikhil22]

I resolved it by removing the passlib module and simply using the bcrypt directly for hashing and verification

I like this. Not a fan of using inactive libraries especially for straightforward things like this.

[ignore501]

Yep, passlib seems to be abandoned and the new bcrypt doesn't work with it. Needs to force bcrypt==4.0.1 to keep using passlib.

i dont know how but it solved not only this problem, but also the one with not finding my 'app' package when importing from it. Thank You!

[melakhvision]

Anyway to solve this issue ?
Fastapi

Environement :

python = ">=3.10,<4.0"
passlib = "^1.7.4"
fastapi = "^0.111.0"

It's like passlib is not compatible maybe because passlib not being maintained anymore?

[antheiz]

Anyway to solve this issue ? Fastapi

Environement :

python = ">=3.10,<4.0"
passlib = "^1.7.4"
fastapi = "^0.111.0"

It's like passlib is not compatible maybe because passlib not being maintained anymore?

You can remove passlib module and manually use bcrypt like this: #684 (comment).

---

And If anyone gets an error like this:

return bcrypt.checkpw(password=password_byte_enc, hashed_password=hashed_password) TypeError: argument 'hashed_password': 'str' object cannot be converted to 'PyBytes'

you can find information on how to resolve it here.

[chetat]

Anyway to solve this issue ? Fastapi
Environement :

python = ">=3.10,<4.0"
passlib = "^1.7.4"
fastapi = "^0.111.0"

It's like passlib is not compatible maybe because passlib not being maintained anymore?

You can remove passlib module and manually use bcrypt like this: #684 (comment).

And If anyone gets an error like this:

return bcrypt.checkpw(password=password_byte_enc, hashed_password=hashed_password) TypeError: argument 'hashed_password': 'str' object cannot be converted to 'PyBytes'

you can find information on how to resolve it here.

Thank you for SO link. It solved the TypeError: argument 'hashed_password': 'str' object cannot be converted to 'PyBytes' error.