Comments (13)
fwenzel
commented on September 24, 2024
@tallowen wrote some code to dynamically generate hashers for HMAC/Bcrypt, there might be something broken there.
from django-sha2.
tallowen
commented on September 24, 2024
Give me a day - i'll look into this tomorrow
On Wed, Jun 6, 2012 at 3:16 PM, Fred Wenzel <
[email protected]
wrote:
@tallowen wrote some code to dynamically generate hashers for HMAC/Bcrypt,
there might be something broken there.
Reply to this email directly or view it on GitHub:
#14 (comment)
Owen Coutts
University of Waterloo
Email: [email protected]
Phone: 206.651.4004
from django-sha2.
kumar303
commented on September 24, 2024
fwiw I only saw this when upgrading an old app to the new Playdoh. I did not see this error when configuring the latest Playdoh out of the box.
from django-sha2.
tallowen
commented on September 24, 2024
Hmm. For some reason the password hasher isn't being created. Its created dynamically at import time - it creates one per hmac_key in the settings. This probably means that django_sha2 isn't seeing the hmac_keys properly but I'm not sure why that would be the case.
from django-sha2.
talebbits
commented on September 24, 2024
To produce:
- Create new project
- run syncdb
- add superusers
Traceback (most recent call last):
File "./manage.py", line 10, in <module>
execute_from_command_line(sys.argv)
File "***/lib/python2.7/site-packages/django/core/management/__init__.py", line 443, in execute_from_command_line
utility.execute()
File "***/lib/python2.7/site-packages/django/core/management/__init__.py", line 382, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "***/lib/python2.7/site-packages/django/core/management/base.py", line 196, in run_from_argv
self.execute(*args, **options.__dict__)
File "***/lib/python2.7/site-packages/django/core/management/base.py", line 232, in execute
output = self.handle(*args, **options)
File "***/lib/python2.7/site-packages/django/core/management/base.py", line 371, in handle
return self.handle_noargs(**options)
File "***/lib/python2.7/site-packages/south/management/commands/syncdb.py", line 90, in handle_noargs
syncdb.Command().execute(**options)
File "***/lib/python2.7/site-packages/django/core/management/base.py", line 232, in execute
output = self.handle(*args, **options)
File "***/lib/python2.7/site-packages/django/core/management/base.py", line 371, in handle
return self.handle_noargs(**options)
File "***/lib/python2.7/site-packages/django/core/management/commands/syncdb.py", line 110, in handle_noargs
emit_post_sync_signal(created_models, verbosity, interactive, db)
File "***/lib/python2.7/site-packages/django/core/management/sql.py", line 189, in emit_post_sync_signal
interactive=interactive, db=db)
File "***/lib/python2.7/site-packages/django/dispatch/dispatcher.py", line 172, in send
response = receiver(signal=self, sender=sender, **named)
File "***/lib/python2.7/site-packages/django/contrib/auth/management/__init__.py", line 73, in create_superuser
call_command("createsuperuser", interactive=True, database=db)
File "***/lib/python2.7/site-packages/django/core/management/__init__.py", line 150, in call_command
return klass.execute(*args, **defaults)
File "***/lib/python2.7/site-packages/django/core/management/base.py", line 232, in execute
output = self.handle(*args, **options)
File "***/lib/python2.7/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 124, in handle
User.objects.db_manager(database).create_superuser(username, email, password)
File "***/lib/python2.7/site-packages/django/contrib/auth/models.py", line 164, in create_superuser
u = self.create_user(username, email, password)
File "***/lib/python2.7/site-packages/django/contrib/auth/models.py", line 159, in create_user
user.set_password(password)
File "***/lib/python2.7/site-packages/django/contrib/auth/models.py", line 294, in set_password
self.password = make_password(raw_password)
File "***/lib/python2.7/site-packages/django/contrib/auth/hashers.py", line 62, in make_password
hasher = get_hasher(hasher)
File "***/lib/python2.7/site-packages/django/contrib/auth/hashers.py", line 107, in get_hasher
load_hashers()
File "***/lib/python2.7/site-packages/django/contrib/auth/hashers.py", line 84, in load_hashers
raise ImproperlyConfigured("hasher not found: %s" % backend)
django.core.exceptions.ImproperlyConfigured: hasher not found: django_sha2.hashers.bcrypt2011_01_01from django-sha2.
l-hedgehog
commented on September 24, 2024
Looks like this error can be fixed by merge this change mozilla/playdoh@abafbf0 into older settings/local.py
from django-sha2.
kumar303
commented on September 24, 2024
if you put that in settings/local.py then you've disabled the HMAC key (since it's commented out). I also got it working that way but for an app I knew I didn't need bcrypt for since it didn't work with users.
from django-sha2.
fwenzel
commented on September 24, 2024
Did you guys narrow this down yet? Looks like the dynamic generation of hashers is not run, perhaps?
from django-sha2.
mindcruzer
commented on September 24, 2024
If you look at hashers.py in django.contrib.auth the code that would import the dynamically generated password hasher looks like this:
# django.contrib.auth.hashers
...
try:
mod_path, cls_name = backend.rsplit('.', 1)
mod = importlib.import_module(mod_path)
hasher_cls = getattr(mod, cls_name)
except (AttributeError, ImportError, ValueError):
raise ImproperlyConfigured("hasher not found: %s" % backend)
...The key here is that it's catching ImportError, but which import error?
# django_sha2.hashers
import base64
import hmac
import hashlib
import logging
import bcrypt
from django.conf import settings
from django.contrib.auth.hashers import (BCryptPasswordHasher,
BasePasswordHasher, mask_hash)
from django.utils.crypto import constant_time_compare
from django.utils.encoding import smart_str
from django.utils.datastructures import SortedDict
...The odd one out is bcrypt, so my guess would be that this error is just occurring because py-bcrypt hasn't been installed. Sure enough, this is what was causing the error for me. This also explains why commenting out the HMAC_KEYS makes the whole thing work. If there are no HMAC_KEYS, django_sha2.hashers never gets executed, and thus there is no ImportError raised. Maybe add a reminder in the docs to install py-bcrypt.
from django-sha2.
kumar303
commented on September 24, 2024
Catching any and all import errors here is confusing
from django-sha2.
kumar303
commented on September 24, 2024
Everytime I hit this I have to google for this issue to remember how to fix it :( Dear future self, in summary, here's what to check:
- Does
import bcryptsucceed in your environment? - Is
HMAC_KEYSdefined and is it not an empty dict? - In the exact settings file you define
HMAC_KEYSare you also callingget_password_hashers(...)underneath it?
from django-sha2.
groovecoder
commented on September 24, 2024
fwiw, I hit this error when HMAC_KEYS was empty.
from django-sha2.
gene1wood
commented on September 24, 2024
This error occurred for me with an empty and a populated HMAC_KEYS. I did what @kumar303 suggested and ran import bcrypt which errored out. I then installed bcrypt on Ubuntu with
sudo apt-get install python-bcrypt
So which package is it that needs to have this dependency added to it's dependency list? Is this a Django issue or a Playdoh issue? (or something else)
from django-sha2.
Related Issues (11)
- create_superuser does not use sha256 HOT 1
- Unicode passwords break sha512 hashing
- Make a PyPI release HOT 5
- Django 1.3 tests don't pass with current master HOT 1
- Django 1.9 support HOT 1
- Setup problems HOT 5
- Remove empty backends HOT 1
- Leave get_hexdigest untouched and just monkeypatch user object. HOT 1
- Update to latest HMAC key on login HOT 1
- Add setting to auto-update existing Django passwords to django-sha2 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-sha2.