Passlib¶
Extension for password contexts via Passlib.
Support validation of multiple hashing algorithms to allow for easy migration from one algorithm to another.
Example:
from invenio.ext.passlib import password_context
hash = password_context.encrypt("mypassword")
password_context.verify("mypassword", hash)
password_context.needs_update(hash)
Invenio legacy support:
from invenio.ext.passlib import password_context
hash = password_context.encrypt(
"mypassword",
scheme="invenio_aes_encrypted_email",
user="info@invenio-software.org",
)
password_context.verify(
"mypassword", hash
scheme="invenio_aes_encrypted_email",
user="info@invenio-software.org",
)
password_context.needs_update(hash)
Configuration Settings¶
Invenio’s default password hashing algorithms can be modified using the following application settings:
PASSLIB_SCHEMES | List of supported password hashing schemes. The default password hashing scheme is the first item in the list. Default: [‘sha512_crypt’, ‘invenio_aes_encrypted_email’] |
PASSLIB_DEPRECATED_SCHEMES | List of password hashing schemes that are deprecated (which results in the users’ hash being automatically upgrade on next login). Note, all deprecated scheme must also be present in PASSLIB_SCHEMES. Default: [‘invenio_aes_encrypted_email’] |