-
Notifications
You must be signed in to change notification settings - Fork 156
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AttributeError: module 'bcrypt' has no attribute '__about__' with new 4.1.1 version #684
Comments
This is an issue with how passlib attempts to read a version (for logging only) and fails because it's loading modules that no longer exist in bcrypt 4.1.x. I'd suggest filing an issue against them for this. |
Yep, passlib seems to be abandoned and the new bcrypt doesn't work with it. Needs to force |
As the OP indicates here, passlib will work with latest bcrypt, it simply emits a warning. You should be able to silence that warning with a logging configuration. |
Props to the opener of the issue on passlib: https://foss.heptapod.net/python-libs/passlib/-/issues/190 Edited to add: silencing the warning via logging config worked fine for me, hat-tip to @alex
|
Changes: - Reinstate the `bcrypt` option for `password_hash` This has been done since `node_exporter` expects hashed password for basic authentication to be created with `brypt`. I initially removed because the following appears when running the `monitoring_client` role: ``` AttributeError: module 'bcrypt' has no attribute '__about__' ``` The play proceeds and `node_exporter` is correctly installed. I tried pinning `bcrypt` to `4.0.1` as suggested in pyca/bcrypt#684 but the traceback still appears. Without `bcrypt` the `node_exporter` service fails to start.
git clean -xdf tar zcvf ../python-passlib_1.7.4.orig.tar.gz --exclude=.git . debuild -uc -us cp python-passlib.spec ../python-passlib_1.7.4-1.spec cp ../python*-passlib*1.7.4*.{gz,xz,spec,dsc} /osc/home\:alvistack/python-libs-passlib-1.7.4/ rm -rf ../python*-passlib*1.7.4*.* See https://foss.heptapod.net/python-libs/passlib/-/issues/190 See pyca/bcrypt#684 Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
Like others have pointed, passlib is not actively updated and it has dependencies that have changed behaviour over time.
I resolved it by removing the passlib module and simply using the bcrypt directly for hashing and verification :
Reference: #https://www.geeksforgeeks.org/hashing-passwords-in-python-with-bcrypt/ |
just downgrade your bcrypt. i did it to 3.2.2. it works. it has __about attribute. hope my comment helps. |
And go without updates for a security-relevant library? 😬 |
git clean -xdf tar zcvf ../python-passlib_1.7.4.orig.tar.gz --exclude=.git . debuild -uc -us cp python-passlib.spec ../python-passlib_1.7.4-1.spec cp ../python*-passlib*1.7.4*.{gz,xz,spec,dsc} /osc/home\:alvistack/python-libs-passlib-1.7.4/ rm -rf ../python*-passlib*1.7.4*.* See https://foss.heptapod.net/python-libs/passlib/-/issues/190 See pyca/bcrypt#684 Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
issue : pyca/bcrypt#684 passlib seems to be unmaintained! so i rewrite the hash and verify password my self with pure bcrypt.
I like this. Not a fan of using inactive libraries especially for straightforward things like this. |
* Update trove from branch 'master' to 3367c25e770c45e2a51040566b85329b6003246c - stop using passlib passlib is unmaintained and has not had a release since 2020 a recent bcrypt release just broke passlib see pyca/bcrypt#684 trove's use of passlib is pretty tirval so this change just removes it as a depency and delegate the random password generation in trove.common.utils to the generate_random_key function in the trove.common.crypto_utils module Change-Id: I6b6c64147c627025d5f89db6032d1c54445df94f
passlib is unmaintained and has not had a release since 2020 a recent bcrypt release just broke passlib see pyca/bcrypt#684 trove's use of passlib is pretty tirval so this change just removes it as a depency and delegate the random password generation in trove.common.utils to the generate_random_key function in the trove.common.crypto_utils module Change-Id: I6b6c64147c627025d5f89db6032d1c54445df94f
- 새로운 도메인 User와 관련된 기능 추가 - schema, crud, router 코드 생성 - main.py에 user router 연결 - 사용자 정보 중복 상황을 다루기 위한 유효성 검사 반영 - 비밀번호 암호화를 위한 passlib 사용 - passlib와 bcrypt 간의 버전 문제가 있는 듯 하다. - pyca/bcrypt#684 - 이메일 정보 포맷 확인을 위한 Pydantic 확장 - pip install pydantic[email]
This works around an issue with it detecting and reporting the bcrypt version. See pyca/bcrypt#684.
i dont know how but it solved not only this problem, but also the one with not finding my 'app' package when importing from it. Thank You! |
Anyway to solve this issue ? Environement : python = ">=3.10,<4.0"
passlib = "^1.7.4"
fastapi = "^0.111.0" It's like passlib is not compatible maybe because passlib not being maintained anymore? |
You can remove passlib module and manually use bcrypt like this: #684 (comment). And If anyone gets an error like this:
you can find information on how to resolve it here. |
Thank you for SO link. It solved the |
For bcrypt 4.1.1, I get this error/warning when I run this code (code which is in FastAPI documentation)
I have passlib 1.7.4
output
It's not breaking anything, because code still runs.
This is not the case with bcrypt 4.0.1
The text was updated successfully, but these errors were encountered: