CPI
/
ordr2
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

included passlib for password hashing

rework
Holger Frey 7 years ago
parent
93dc403dd6
commit
04fea4e7cd
3 changed files with 46 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      development.ini
  2. 36
      ordr/security.py
  3. 1
      setup.py

9
development.ini
Unescape View File

@ -19,6 +19,15 @@ sqlalchemy.url = sqlite:///%(here)s/ordr.sqlite
retry.attempts = 3 retry.attempts = 3
# passlib settings
# setup the context to support only argon2 for the moment
passlib.schemes = argon2, bcrypt
# default encryption scheme is argon2
passlib.default = argon2
# flag every encryption method as deprecated except the first one
passlib.deprecated = auto
# By default, the toolbar only appears for clients from IP addresses # By default, the toolbar only appears for clients from IP addresses
# '127.0.0.1' and '::1'. # '127.0.0.1' and '::1'.
# debugtoolbar.hosts = 127.0.0.1 ::1 # debugtoolbar.hosts = 127.0.0.1 ::1

36
ordr/security.py
Unescape View File

@ -0,0 +1,36 @@
from passlib.context import CryptContext
from pyramid.settings import aslist, asbool
password_context = CryptContext()
def crypt_context_settings_to_string(settings, prefix='passlib.'):
''' returns a passlib context setting as a INI-formatted content
:param dict settings: settings for the crypt context
:param str prefix: prefix of the settings keys
:rtype: (str) config string in INI format for CryptContext.load()
This looks at first like a dump hack, but the parsing of all possible
context settings is quite a task. Since passlib has a context parser
included, this seems the most reliable way to do it.
'''
config_lines = ['[passlib]']
for ini_key, value in settings.items():
if ini_key.startswith(prefix):
context_key = ini_key.replace(prefix, '')
config_lines.append(f'{context_key} = {value}')
return '\n'.join(config_lines)
def includeme(config):
''' initializing authentication, authorization and password hash settings
Activate this setup using ``config.include('ordr2.security')``.
'''
settings = config.get_settings()
# configure the passlib context manager for hashing user passwords
config_str = crypt_context_settings_to_string(settings, prefix='passlib.')
password_context.load(config_str)

1
setup.py
Unescape View File

@ -9,6 +9,7 @@ with open(os.path.join(here, 'CHANGES.txt')) as f:
CHANGES = f.read() CHANGES = f.read()
requires = [ requires = [
'passlib',
'plaster_pastedeploy', 'plaster_pastedeploy',
'pyramid >= 1.9a', 'pyramid >= 1.9a',
'pyramid_debugtoolbar', 'pyramid_debugtoolbar',