diff --git a/backend/venv/lib/python3.12/site-packages/bcrypt-5.0.0.dist-info/INSTALLER b/backend/venv/lib/python3.12/site-packages/bcrypt-5.0.0.dist-info/INSTALLER deleted file mode 100644 index a1b589e..0000000 --- a/backend/venv/lib/python3.12/site-packages/bcrypt-5.0.0.dist-info/INSTALLER +++ /dev/null @@ -1 +0,0 @@ -pip diff --git a/backend/venv/lib/python3.12/site-packages/bcrypt-5.0.0.dist-info/METADATA b/backend/venv/lib/python3.12/site-packages/bcrypt-5.0.0.dist-info/METADATA deleted file mode 100644 index 629a992..0000000 --- a/backend/venv/lib/python3.12/site-packages/bcrypt-5.0.0.dist-info/METADATA +++ /dev/null @@ -1,343 +0,0 @@ -Metadata-Version: 2.4 -Name: bcrypt -Version: 5.0.0 -Summary: Modern password hashing for your software and your servers -Author-email: The Python Cryptographic Authority developers -License: Apache-2.0 -Project-URL: homepage, https://github.com/pyca/bcrypt/ -Classifier: Development Status :: 5 - Production/Stable -Classifier: License :: OSI Approved :: Apache Software License -Classifier: Programming Language :: Python :: Implementation :: CPython -Classifier: Programming Language :: Python :: Implementation :: PyPy -Classifier: Programming Language :: Python :: 3 -Classifier: Programming Language :: Python :: 3 :: Only -Classifier: Programming Language :: Python :: 3.8 -Classifier: Programming Language :: Python :: 3.9 -Classifier: Programming Language :: Python :: 3.10 -Classifier: Programming Language :: Python :: 3.11 -Classifier: Programming Language :: Python :: 3.12 -Classifier: Programming Language :: Python :: 3.13 -Classifier: Programming Language :: Python :: 3.14 -Classifier: Programming Language :: Python :: Free Threading :: 3 - Stable -Requires-Python: >=3.8 -Description-Content-Type: text/x-rst -License-File: LICENSE -Provides-Extra: tests -Requires-Dist: pytest!=3.3.0,>=3.2.1; extra == "tests" -Provides-Extra: typecheck -Requires-Dist: mypy; extra == "typecheck" -Dynamic: license-file - -bcrypt -====== - -.. image:: https://img.shields.io/pypi/v/bcrypt.svg - :target: https://pypi.org/project/bcrypt/ - :alt: Latest Version - -.. image:: https://github.com/pyca/bcrypt/workflows/CI/badge.svg?branch=main - :target: https://github.com/pyca/bcrypt/actions?query=workflow%3ACI+branch%3Amain - -Acceptable password hashing for your software and your servers (but you should -really use argon2id or scrypt) - - -Installation -============ - -To install bcrypt, simply: - -.. code:: console - - $ pip install bcrypt - -Note that bcrypt should build very easily on Linux provided you have a C -compiler and a Rust compiler (the minimum supported Rust version is 1.56.0). - -For Debian and Ubuntu, the following command will ensure that the required dependencies are installed: - -.. code:: console - - $ sudo apt-get install build-essential cargo - -For Fedora and RHEL-derivatives, the following command will ensure that the required dependencies are installed: - -.. code:: console - - $ sudo yum install gcc cargo - -For Alpine, the following command will ensure that the required dependencies are installed: - -.. code:: console - - $ apk add --update musl-dev gcc cargo - - -Alternatives -============ - -While bcrypt remains an acceptable choice for password storage, depending on your specific use case you may also want to consider using scrypt (either via `standard library`_ or `cryptography`_) or argon2id via `argon2_cffi`_. - -Changelog -========= - -5.0.0 ------ - -* Bumped MSRV to 1.74. -* Added support for Python 3.14 and free-threaded Python 3.14. -* Added support for Windows on ARM. -* Passing ``hashpw`` a password longer than 72 bytes now raises a - ``ValueError``. Previously the password was silently truncated, following the - behavior of the original OpenBSD ``bcrypt`` implementation. - -4.3.0 ------ - -* Dropped support for Python 3.7. -* We now support free-threaded Python 3.13. -* We now support PyPy 3.11. -* We now publish wheels for free-threaded Python 3.13, for PyPy 3.11 on - ``manylinux``, and for ARMv7l on ``manylinux``. - -4.2.1 ------ - -* Bump Rust dependency versions - this should resolve crashes on Python 3.13 - free-threaded builds. -* We no longer build ``manylinux`` wheels for PyPy 3.9. - -4.2.0 ------ - -* Bump Rust dependency versions -* Removed the ``BCRYPT_ALLOW_RUST_163`` environment variable. - -4.1.3 ------ - -* Bump Rust dependency versions - -4.1.2 ------ - -* Publish both ``py37`` and ``py39`` wheels. This should resolve some errors - relating to initializing a module multiple times per process. - -4.1.1 ------ - -* Fixed the type signature on the ``kdf`` method. -* Fixed packaging bug on Windows. -* Fixed incompatibility with passlib package detection assumptions. - -4.1.0 ------ - -* Dropped support for Python 3.6. -* Bumped MSRV to 1.64. (Note: Rust 1.63 can be used by setting the ``BCRYPT_ALLOW_RUST_163`` environment variable) - -4.0.1 ------ - -* We now build PyPy ``manylinux`` wheels. -* Fixed a bug where passing an invalid ``salt`` to ``checkpw`` could result in - a ``pyo3_runtime.PanicException``. It now correctly raises a ``ValueError``. - -4.0.0 ------ - -* ``bcrypt`` is now implemented in Rust. Users building from source will need - to have a Rust compiler available. Nothing will change for users downloading - wheels. -* We no longer ship ``manylinux2010`` wheels. Users should upgrade to the latest - ``pip`` to ensure this doesn’t cause issues downloading wheels on their - platform. We now ship ``manylinux_2_28`` wheels for users on new enough platforms. -* ``NUL`` bytes are now allowed in inputs. - - -3.2.2 ------ - -* Fixed packaging of ``py.typed`` files in wheels so that ``mypy`` works. - -3.2.1 ------ - -* Added support for compilation on z/OS -* The next release of ``bcrypt`` with be 4.0 and it will require Rust at - compile time, for users building from source. There will be no additional - requirement for users who are installing from wheels. Users on most - platforms will be able to obtain a wheel by making sure they have an up to - date ``pip``. The minimum supported Rust version will be 1.56.0. -* This will be the final release for which we ship ``manylinux2010`` wheels. - Going forward the minimum supported manylinux ABI for our wheels will be - ``manylinux2014``. The vast majority of users will continue to receive - ``manylinux`` wheels provided they have an up to date ``pip``. - - -3.2.0 ------ - -* Added typehints for library functions. -* Dropped support for Python versions less than 3.6 (2.7, 3.4, 3.5). -* Shipped ``abi3`` Windows wheels (requires pip >= 20). - -3.1.7 ------ - -* Set a ``setuptools`` lower bound for PEP517 wheel building. -* We no longer distribute 32-bit ``manylinux1`` wheels. Continuing to produce - them was a maintenance burden. - -3.1.6 ------ - -* Added support for compilation on Haiku. - -3.1.5 ------ - -* Added support for compilation on AIX. -* Dropped Python 2.6 and 3.3 support. -* Switched to using ``abi3`` wheels for Python 3. If you are not getting a - wheel on a compatible platform please upgrade your ``pip`` version. - -3.1.4 ------ - -* Fixed compilation with mingw and on illumos. - -3.1.3 ------ -* Fixed a compilation issue on Solaris. -* Added a warning when using too few rounds with ``kdf``. - -3.1.2 ------ -* Fixed a compile issue affecting big endian platforms. -* Fixed invalid escape sequence warnings on Python 3.6. -* Fixed building in non-UTF8 environments on Python 2. - -3.1.1 ------ -* Resolved a ``UserWarning`` when used with ``cffi`` 1.8.3. - -3.1.0 ------ -* Added support for ``checkpw``, a convenience method for verifying a password. -* Ensure that you get a ``$2y$`` hash when you input a ``$2y$`` salt. -* Fixed a regression where ``$2a`` hashes were vulnerable to a wraparound bug. -* Fixed compilation under Alpine Linux. - -3.0.0 ------ -* Switched the C backend to code obtained from the OpenBSD project rather than - openwall. -* Added support for ``bcrypt_pbkdf`` via the ``kdf`` function. - -2.0.0 ------ -* Added support for an adjustible prefix when calling ``gensalt``. -* Switched to CFFI 1.0+ - -Usage ------ - -Password Hashing -~~~~~~~~~~~~~~~~ - -Hashing and then later checking that a password matches the previous hashed -password is very simple: - -.. code:: pycon - - >>> import bcrypt - >>> password = b"super secret password" - >>> # Hash a password for the first time, with a randomly-generated salt - >>> hashed = bcrypt.hashpw(password, bcrypt.gensalt()) - >>> # Check that an unhashed password matches one that has previously been - >>> # hashed - >>> if bcrypt.checkpw(password, hashed): - ... print("It Matches!") - ... else: - ... print("It Does not Match :(") - -KDF -~~~ - -As of 3.0.0 ``bcrypt`` now offers a ``kdf`` function which does ``bcrypt_pbkdf``. -This KDF is used in OpenSSH's newer encrypted private key format. - -.. code:: pycon - - >>> import bcrypt - >>> key = bcrypt.kdf( - ... password=b'password', - ... salt=b'salt', - ... desired_key_bytes=32, - ... rounds=100) - - -Adjustable Work Factor -~~~~~~~~~~~~~~~~~~~~~~ -One of bcrypt's features is an adjustable logarithmic work factor. To adjust -the work factor merely pass the desired number of rounds to -``bcrypt.gensalt(rounds=12)`` which defaults to 12): - -.. code:: pycon - - >>> import bcrypt - >>> password = b"super secret password" - >>> # Hash a password for the first time, with a certain number of rounds - >>> hashed = bcrypt.hashpw(password, bcrypt.gensalt(14)) - >>> # Check that a unhashed password matches one that has previously been - >>> # hashed - >>> if bcrypt.checkpw(password, hashed): - ... print("It Matches!") - ... else: - ... print("It Does not Match :(") - - -Adjustable Prefix -~~~~~~~~~~~~~~~~~ - -Another one of bcrypt's features is an adjustable prefix to let you define what -libraries you'll remain compatible with. To adjust this, pass either ``2a`` or -``2b`` (the default) to ``bcrypt.gensalt(prefix=b"2b")`` as a bytes object. - -As of 3.0.0 the ``$2y$`` prefix is still supported in ``hashpw`` but deprecated. - -Maximum Password Length -~~~~~~~~~~~~~~~~~~~~~~~ - -The bcrypt algorithm only handles passwords up to 72 characters, any characters -beyond that are ignored. To work around this, a common approach is to hash a -password with a cryptographic hash (such as ``sha256``) and then base64 -encode it to prevent NULL byte problems before hashing the result with -``bcrypt``: - -.. code:: pycon - - >>> password = b"an incredibly long password" * 10 - >>> hashed = bcrypt.hashpw( - ... base64.b64encode(hashlib.sha256(password).digest()), - ... bcrypt.gensalt() - ... ) - -Compatibility -------------- - -This library should be compatible with py-bcrypt and it will run on Python -3.8+ (including free-threaded builds), and PyPy 3. - -Security --------- - -``bcrypt`` follows the `same security policy as cryptography`_, if you -identify a vulnerability, we ask you to contact us privately. - -.. _`same security policy as cryptography`: https://cryptography.io/en/latest/security.html -.. _`standard library`: https://docs.python.org/3/library/hashlib.html#hashlib.scrypt -.. _`argon2_cffi`: https://argon2-cffi.readthedocs.io -.. _`cryptography`: https://cryptography.io/en/latest/hazmat/primitives/key-derivation-functions/#cryptography.hazmat.primitives.kdf.scrypt.Scrypt diff --git a/backend/venv/lib/python3.12/site-packages/bcrypt-5.0.0.dist-info/RECORD b/backend/venv/lib/python3.12/site-packages/bcrypt-5.0.0.dist-info/RECORD deleted file mode 100644 index 738d959..0000000 --- a/backend/venv/lib/python3.12/site-packages/bcrypt-5.0.0.dist-info/RECORD +++ /dev/null @@ -1,11 +0,0 @@ -bcrypt-5.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4 -bcrypt-5.0.0.dist-info/METADATA,sha256=yV1BfLlI6udlVy23eNbzDa62DSEbUrlWvlLBCI6UAdI,10524 -bcrypt-5.0.0.dist-info/RECORD,, -bcrypt-5.0.0.dist-info/WHEEL,sha256=WieEZvWpc0Erab6-NfTu9412g-GcE58js6gvBn3Q7B4,111 -bcrypt-5.0.0.dist-info/licenses/LICENSE,sha256=gXPVwptPlW1TJ4HSuG5OMPg-a3h43OGMkZRR1rpwfJA,10850 -bcrypt-5.0.0.dist-info/top_level.txt,sha256=BkR_qBzDbSuycMzHWE1vzXrfYecAzUVmQs6G2CukqNI,7 -bcrypt/__init__.py,sha256=cv-NupIX6P7o6A4PK_F0ur6IZoDr3GnvyzFO9k16wKQ,1000 -bcrypt/__init__.pyi,sha256=ITUCB9mPVU8sKUbJQMDUH5YfQXZb1O55F9qvKZR_o8I,333 -bcrypt/__pycache__/__init__.cpython-312.pyc,, -bcrypt/_bcrypt.abi3.so,sha256=oFwJu4Gq44FqJDttx_oWpypfuUQ30BkCWzD2FhojdYw,631768 -bcrypt/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0 diff --git a/backend/venv/lib/python3.12/site-packages/bcrypt-5.0.0.dist-info/WHEEL b/backend/venv/lib/python3.12/site-packages/bcrypt-5.0.0.dist-info/WHEEL deleted file mode 100644 index eb203c1..0000000 --- a/backend/venv/lib/python3.12/site-packages/bcrypt-5.0.0.dist-info/WHEEL +++ /dev/null @@ -1,5 +0,0 @@ -Wheel-Version: 1.0 -Generator: setuptools (80.9.0) -Root-Is-Purelib: false -Tag: cp39-abi3-manylinux_2_34_x86_64 - diff --git a/backend/venv/lib/python3.12/site-packages/bcrypt-5.0.0.dist-info/licenses/LICENSE b/backend/venv/lib/python3.12/site-packages/bcrypt-5.0.0.dist-info/licenses/LICENSE deleted file mode 100644 index 11069ed..0000000 --- a/backend/venv/lib/python3.12/site-packages/bcrypt-5.0.0.dist-info/licenses/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - -TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - -1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - -2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - -3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - -4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - -5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - -6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - -7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - -8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - -9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - -END OF TERMS AND CONDITIONS - -APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - -Copyright [yyyy] [name of copyright owner] - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. diff --git a/backend/venv/lib/python3.12/site-packages/bcrypt-5.0.0.dist-info/top_level.txt b/backend/venv/lib/python3.12/site-packages/bcrypt-5.0.0.dist-info/top_level.txt deleted file mode 100644 index 7f0b6e7..0000000 --- a/backend/venv/lib/python3.12/site-packages/bcrypt-5.0.0.dist-info/top_level.txt +++ /dev/null @@ -1 +0,0 @@ -bcrypt diff --git a/backend/venv/lib/python3.12/site-packages/bcrypt/__init__.py b/backend/venv/lib/python3.12/site-packages/bcrypt/__init__.py index 81a92fd..1f2886f 100644 --- a/backend/venv/lib/python3.12/site-packages/bcrypt/__init__.py +++ b/backend/venv/lib/python3.12/site-packages/bcrypt/__init__.py @@ -1,3 +1,7 @@ +# Author:: Donald Stufft () +# Copyright:: Copyright (c) 2013 Donald Stufft +# License:: Apache License, Version 2.0 +# # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -9,8 +13,14 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +from __future__ import absolute_import +from __future__ import division -from ._bcrypt import ( +import hmac +import os +import warnings + +from .__about__ import ( __author__, __copyright__, __email__, @@ -18,26 +28,100 @@ from ._bcrypt import ( __summary__, __title__, __uri__, - checkpw, - gensalt, - hashpw, - kdf, -) -from ._bcrypt import ( - __version_ex__ as __version__, + __version__, ) +from . import _bcrypt # noqa: I100 + __all__ = [ - "__author__", - "__copyright__", - "__email__", - "__license__", - "__summary__", "__title__", + "__summary__", "__uri__", "__version__", - "checkpw", + "__author__", + "__email__", + "__license__", + "__copyright__", "gensalt", "hashpw", "kdf", + "checkpw", ] + + +def gensalt(rounds: int = 12, prefix: bytes = b"2b") -> bytes: + if prefix not in (b"2a", b"2b"): + raise ValueError("Supported prefixes are b'2a' or b'2b'") + + if rounds < 4 or rounds > 31: + raise ValueError("Invalid rounds") + + salt = os.urandom(16) + output = _bcrypt.encode_base64(salt) + + return ( + b"$" + + prefix + + b"$" + + ("%2.2u" % rounds).encode("ascii") + + b"$" + + output + ) + + +def hashpw(password: bytes, salt: bytes) -> bytes: + if isinstance(password, str) or isinstance(salt, str): + raise TypeError("Strings must be encoded before hashing") + + # bcrypt originally suffered from a wraparound bug: + # http://www.openwall.com/lists/oss-security/2012/01/02/4 + # This bug was corrected in the OpenBSD source by truncating inputs to 72 + # bytes on the updated prefix $2b$, but leaving $2a$ unchanged for + # compatibility. However, pyca/bcrypt 2.0.0 *did* correctly truncate inputs + # on $2a$, so we do it here to preserve compatibility with 2.0.0 + password = password[:72] + + return _bcrypt.hashpass(password, salt) + + +def checkpw(password: bytes, hashed_password: bytes) -> bool: + if isinstance(password, str) or isinstance(hashed_password, str): + raise TypeError("Strings must be encoded before checking") + + ret = hashpw(password, hashed_password) + return hmac.compare_digest(ret, hashed_password) + + +def kdf( + password: bytes, + salt: bytes, + desired_key_bytes: int, + rounds: int, + ignore_few_rounds: bool = False, +) -> bytes: + if isinstance(password, str) or isinstance(salt, str): + raise TypeError("Strings must be encoded before hashing") + + if len(password) == 0 or len(salt) == 0: + raise ValueError("password and salt must not be empty") + + if desired_key_bytes <= 0 or desired_key_bytes > 512: + raise ValueError("desired_key_bytes must be 1-512") + + if rounds < 1: + raise ValueError("rounds must be 1 or more") + + if rounds < 50 and not ignore_few_rounds: + # They probably think bcrypt.kdf()'s rounds parameter is logarithmic, + # expecting this value to be slow enough (it probably would be if this + # were bcrypt). Emit a warning. + warnings.warn( + ( + "Warning: bcrypt.kdf() called with only {0} round(s). " + "This few is not secure: the parameter is linear, like PBKDF2." + ).format(rounds), + UserWarning, + stacklevel=2, + ) + + return _bcrypt.pbkdf(password, salt, rounds, desired_key_bytes) diff --git a/backend/venv/lib/python3.12/site-packages/bcrypt/__init__.pyi b/backend/venv/lib/python3.12/site-packages/bcrypt/__init__.pyi deleted file mode 100644 index 12e4a2e..0000000 --- a/backend/venv/lib/python3.12/site-packages/bcrypt/__init__.pyi +++ /dev/null @@ -1,10 +0,0 @@ -def gensalt(rounds: int = 12, prefix: bytes = b"2b") -> bytes: ... -def hashpw(password: bytes, salt: bytes) -> bytes: ... -def checkpw(password: bytes, hashed_password: bytes) -> bool: ... -def kdf( - password: bytes, - salt: bytes, - desired_key_bytes: int, - rounds: int, - ignore_few_rounds: bool = False, -) -> bytes: ... diff --git a/backend/venv/lib/python3.12/site-packages/bcrypt/__pycache__/__init__.cpython-312.pyc b/backend/venv/lib/python3.12/site-packages/bcrypt/__pycache__/__init__.cpython-312.pyc index eb2cad8..845230d 100644 Binary files a/backend/venv/lib/python3.12/site-packages/bcrypt/__pycache__/__init__.cpython-312.pyc and b/backend/venv/lib/python3.12/site-packages/bcrypt/__pycache__/__init__.cpython-312.pyc differ diff --git a/backend/venv/lib/python3.12/site-packages/bcrypt/_bcrypt.abi3.so b/backend/venv/lib/python3.12/site-packages/bcrypt/_bcrypt.abi3.so index 4806fec..5651953 100755 Binary files a/backend/venv/lib/python3.12/site-packages/bcrypt/_bcrypt.abi3.so and b/backend/venv/lib/python3.12/site-packages/bcrypt/_bcrypt.abi3.so differ