Passlib

Extension for password contexts via Passlib.

Support validation of multiple hashing algorithms to allow for easy migration from one algorithm to another.

Example:

from invenio.ext.passlib import password_context
hash = password_context.encrypt("mypassword")
password_context.verify("mypassword", hash)
password_context.needs_update(hash)

Invenio legacy support:

from invenio.ext.passlib import password_context
hash = password_context.encrypt(
    "mypassword",
    scheme="invenio_aes_encrypted_email",
    user="info@invenio-software.org",
 )
password_context.verify(
    "mypassword", hash
    scheme="invenio_aes_encrypted_email",
    user="info@invenio-software.org",
)
password_context.needs_update(hash)

Configuration Settings

Invenio’s default password hashing algorithms can be modified using the following application settings:

PASSLIB_SCHEMES List of supported password hashing schemes. The default password hashing scheme is the first item in the list. Default: [‘sha512_crypt’, ‘invenio_aes_encrypted_email’]
PASSLIB_DEPRECATED_SCHEMES List of password hashing schemes that are deprecated (which results in the users’ hash being automatically upgrade on next login). Note, all deprecated scheme must also be present in PASSLIB_SCHEMES. Default: [‘invenio_aes_encrypted_email’]
class invenio.ext.passlib.Passlib(app=None)

Flask-Passlib integration.

init_app(app)

Initialize application.