brcypt support broken for 2.0.0

Issue #56 resolved
Former user created an issue

(Imported from Google Code)

Jonathan.Banafato wrote:

What steps will reproduce the problem?
$ pip install bcrypt==2.0.0 passlib==1.6.2
$ python
>>> from passlib.hash import bcrypt
>>> bcrypt.encrypt('foo')

What is the expected output? What do you see instead?
Expected: hash value
Actual (Python 2 or bcryptsystem?
passlib==1.6.2, python 3.x, Mac OS X 10.10.3

Please provide any additional information below.
This is happening because of a change in bcrypt. passlib differentiates bcrypt from py-bcrypt using if not hasattr(_bcrypt, "_ffi"):. bcrypt 2.0.0 has several code organizational changes, one of which affects this check. Changing the line to if not (hasattr(_bcrypt, "_ffi") or hasattr(_bcrypt, "_bcrypt")): should handle both versions gracefully.

Comments (4)

  1. Former user Account Deleted

    (Imported from Google Code)

    Jonathan.Banafato wrote:

    I'm not sure that's related. The check to import the correct library is failing because of a breaking change in bcrypt introduced at version 2.0.0. Even uascii_to_str is not behaving properly, it's still going to use the wrong library to do the hashing.

  2. Eli Collins repo owner

    (Imported from Google Code)

    Thanks for catching this!

    Confirmed it myself - Passlib is misdetecting bcrypt 2.0 as pybcrypt. The TypeError is just a sideffect of pybcrypt and bcrypt having different call signatures.

    I've got fix which reworks the detection to presume bcrypt by default, and does a explicit check for py-bcrypt, using some less ambiguous attributes.

    It should be pushed to the stable branch by the end of the day; and will be in Passlib 1.6.3, which will be out by the end of the week (there's a few other bugfixes piled up).

  3. Eli Collins repo owner

    consolidated all bcrypt/py-bcrypt detection into _detect_pybcrypt() function; updated logic to correctly handle bcrypt 2.0 (and hopefully be more future proof). fixes issue 56.

    → <<cset 58799472859b>>

  4. Log in to comment