CryptContext.verify() should only pass keywords listed in hash.context_kwds

Issue #63 resolved
Nick Sloan created an issue

I have a CryptContext that has two hashes, one of which (HashA) supports a context keyword foo, and another (HashB) which does not.

When calling context.verify(..., foo="test"), HashB's verify will raise an exception in the from_string method due to the unexpected keyword argument. It seems like CryptContext ought to be inspecting the context_kwds of a handler to see if it supports the arguments that it is about to pass.

Supporting a legacy password scheme will be difficult without being able to use context keywords.

Comments (6)

  1. Eli Collins repo owner

    Good idea! I should be able to have that added in the 1.7 release.

    There's actually an todo item at the top of the source to CryptContext.verify() about this exact thing; it just needed a kick to get going.

    I'm sorry to say I can't think of a good way to work around this problem in the existing release; but I'll update this issue if I do think of one, and when I get this implemented in the default / development branch.

  2. Eli Collins repo owner

    CryptContext: callers can now provider contextual keywords for any hash in the context, and they will only be passed on for the hashes that support them (fixes issue 63).

    → <<cset b172b1dfd8b6>>

  3. Log in to comment