CryptContext "deprecated" and "default" border cases not handled correctly by compiler

Issue #39 resolved
Eli Collins
repo owner created an issue
(Imported from Google Code)

[affects Passlib 1.6, possibly earlier releases]

The CryptContext compiler stage has a couple of border cases it doesn't handle correctly...

1. If there is no explicit default, CryptContext should pick the first *non-deprecated* scheme. It currently picks the first listed scheme, even if it's flagged as deprecated, causing verify_and_update to re-encrypt every time. (reported by Barry Warsaw).

2. The compiler stage should throw an error if an explicit default is flagged as deprecated; otherwise user would get #1's behavior.

3. The compile stage should throw an error if all listed schemes are flagged as deprecated; otherwise user would get #1's behavior or an incorrect error message.

Once fixed, need to add unittests for all these, and update documentation re: #1.

Comments (3)

  1. Log in to comment