brcypt support broken for 2.0.0

Issue #56 resolved
Former user created an issue

(Imported from Google Code)

Jonathan.Banafato wrote:

What steps will reproduce the problem?
$ pip install bcrypt==2.0.0 passlib==1.6.2
$ python
>>> from passlib.hash import bcrypt
>>> bcrypt.encrypt('foo')

What is the expected output? What do you see instead?
Expected: hash value
Actual (Python 2 or bcryptsystem?
passlib==1.6.2, python 3.x, Mac OS X 10.10.3

Please provide any additional information below.
This is happening because of a change in bcrypt. passlib differentiates bcrypt from py-bcrypt using if not hasattr(_bcrypt, "_ffi"):. bcrypt 2.0.0 has several code organizational changes, one of which affects this check. Changing the line to if not (hasattr(_bcrypt, "_ffi") or hasattr(_bcrypt, "_bcrypt")): should handle both versions gracefully.

Comments (4)

  1. Anonymous

    (Imported from Google Code)

    Jonathan.Banafato wrote:

    I'm not sure that's related. The check to import the correct library is failing because of a breaking change in bcrypt introduced at version 2.0.0. Even uascii_to_str is not behaving properly, it's still going to use the wrong library to do the hashing.

  2. Eli Collins repo owner
    • assigned issue to True
    • marked as major
    • changed status to resolved
    • changed Milestone to 1.6.3

    (Imported from Google Code)

    Thanks for catching this!

    Confirmed it myself - Passlib is misdetecting bcrypt 2.0 as pybcrypt. The TypeError is just a sideffect of pybcrypt and bcrypt having different call signatures.

    I've got fix which reworks the detection to presume bcrypt by default, and does a explicit check for py-bcrypt, using some less ambiguous attributes.

    It should be pushed to the stable branch by the end of the day; and will be in Passlib 1.6.3, which will be out by the end of the week (there's a few other bugfixes piled up).

  3. Log in to comment