Mh"ddlmZddlZddlmZmZddlmZmZm Z m Z ddl m Z ddl mZmZmZddlmZeZejZejZejZejZejZddZGddZdS)) annotationsN)ClassVarLiteral) Parameters _check_typesextract_parametersvalidate_params_for_platform)InvalidHashError)Type hash_secret verify_secret)get_default_parameterss bytes | strencodingstrreturnbytescZt|tr|S||S)zM Ensure *s* is a bytes string. Encode using *encoding* if it isn't. ) isinstancerencode)rrs W/var/www/html/test/jupyter/venv/lib/python3.11/site-packages/argon2/_password_hasher.py _ensure_bytesrs-!U 88H  cLeZdZUdZddgZded<ded<eeee e de j fd(dZ ed)dZed*dZed*dZed*dZed*dZed*dZed+dZddd,dZe je je j d Zd!ed"<d-d%Zd.d'ZdS)/PasswordHashera High level class to hash passwords with sensible defaults. Uses Argon2\ **id** by default and uses a random salt_ for hashing. But it can verify any type of Argon2 as long as the hash is correctly encoded. The reason for this being a class is both for convenience to carry parameters and to verify the parameters only *once*. Any unnecessary slowdown when hashing is a tangible advantage for a brute-force attacker. Args: time_cost: Defines the amount of computation realized and therefore the execution time, given in number of iterations. memory_cost: Defines the memory usage, given in kibibytes_. parallelism: Defines the number of parallel threads (*changes* the resulting hash value). hash_len: Length of the hash in bytes. salt_len: Length of random salt to be generated for each password. encoding: The Argon2 C library expects bytes. So if :meth:`hash` or :meth:`verify` are passed a ``str``, it will be encoded using this encoding. type: Argon2 type to use. Only change for interoperability with legacy systems. .. versionadded:: 16.0.0 .. versionchanged:: 18.2.0 Switch from Argon2i to Argon2id based on the recommendation by the current RFC draft. See also :doc:`parameters`. .. versionchanged:: 18.2.0 Changed default *memory_cost* to 100 MiB and default *parallelism* to 8. .. versionchanged:: 18.2.0 ``verify`` now will determine the type of hash. .. versionchanged:: 18.3.0 The Argon2 type is configurable now. .. versionadded:: 21.2.0 :meth:`from_parameters` .. versionchanged:: 21.2.0 Changed defaults to :data:`argon2.profiles.RFC_9106_LOW_MEMORY`. .. _salt: https://en.wikipedia.org/wiki/Salt_(cryptography) .. _kibibytes: https://en.wikipedia.org/wiki/Binary_prefix#kibi _parametersrrrzutf-8 time_costint memory_cost parallelismhash_lensalt_lentyper c t|tf|tf|tf|tf|tf|tf|tf}|rt |t |d|||||} t | | |_||_dS)N)rr!r"r#r$rr%)r%versionr$r#rr!r") rr rr TypeErrorrr rr) selfrr!r"r#r$rr%eparamss r__init__zPasswordHasher.__init__^s  #&$c*$c*___     A,, ##    %V,,,"  rr,rc`||j|j|j|j|j|jS)z Construct a `PasswordHasher` from *params*. Returns: A `PasswordHasher` instance with the parameters from *params*. .. versionadded:: 21.2.0 rr!r"r#r$r%r/)clsr,s rfrom_parameterszPasswordHasher.from_parameterss>s&**__     rc|jjSN)rrr*s rrzPasswordHasher.time_costs))rc|jjSr3)rr!r4s rr!zPasswordHasher.memory_cost++rc|jjSr3)rr"r4s rr"zPasswordHasher.parallelismr6rc|jjSr3)rr#r4s rr#zPasswordHasher.hash_len((rc|jjSr3)rr$r4s rr$zPasswordHasher.salt_lenr9rc|jjSr3)rr%r4s rr%zPasswordHasher.types$$rN)saltpassword str | bytesr< bytes | Nonec tt||j|ptj|j|j|j|j|j |j  dS)a Hash *password* and return an encoded hash. Args: password: Password to hash. salt: If None, a random salt is securely created. .. danger:: You should **not** pass a salt unless you really know what you are doing. Raises: argon2.exceptions.HashingError: If hashing fails. Returns: Hashed *password*. .. versionadded:: 23.1.0 *salt* parameter )secretr<rr!r"r#r%ascii) r rrosurandomr$rr!r"r#r%decode)r*r=r<s rhashzPasswordHasher.hashsf. 4=992DM22n((]    &// r)s $argon2i$s $argon2d$s $argon2idzClassVar[dict[bytes, Type]]_header_to_typerF Literal[True]ct|d} |j|dd}n#t$r tdwxYwt |t||j|S)ak Verify that *password* matches *hash*. .. warning:: It is assumed that the caller is in full control of the hash. No other parsing than the determination of the hash type is done by *argon2-cffi*. Args: hash: An encoded hash as returned from :meth:`PasswordHasher.hash`. password: The password to verify. Raises: argon2.exceptions.VerifyMismatchError: If verification fails because *hash* is not valid for *password*. argon2.exceptions.VerificationError: If verification fails for other reasons. argon2.exceptions.InvalidHashError: If *hash* is so clearly invalid, that it couldn't be passed to Argon2. Returns: ``True`` on success, otherwise an exception is raised. .. versionchanged:: 16.1.0 Raise :exc:`~argon2.exceptions.VerifyMismatchError` on mismatches instead of its more generic superclass. .. versionadded:: 18.2.0 Hash type agility. rBN )rrG LookupErrorr rr)r*rFr= hash_types rverifyzPasswordHasher.verifyszJT7++ -,T"1"X6II - - -" , - -$-88)   s(;boolct|tr|d}|jt |kS)a Check whether *hash* was created using the instance's parameters. Whenever your Argon2 parameters -- or *argon2-cffi*'s defaults! -- change, you should rehash your passwords at the next opportunity. The common approach is to do that whenever a user logs in, since that should be the only time when you have access to the cleartext password. Therefore it's best practice to check -- and if necessary rehash -- passwords after each successful authentication. Args: hash: An encoded Argon2 password hash. Returns: Whether *hash* was created using the instance's parameters. .. versionadded:: 18.2.0 .. versionchanged:: 24.1.0 Accepts bytes for *hash*. rB)rrrErr )r*rFs rcheck_needs_rehashz!PasswordHasher.check_needs_rehashs>, dE " " (;;w''D#5d#;#;;;r)rr r!r r"r r#r r$r rrr%r )r,rrr)rr )rr )r=r>r<r?rr)rFr>r=r>rrH)rFr>rrN)__name__ __module__ __qualname____doc__ __slots____annotations__DEFAULT_TIME_COSTDEFAULT_MEMORY_COSTDEFAULT_PARALLELISMDEFAULT_HASH_LENGTHDEFAULT_RANDOM_SALT_LENGTHr IDr- classmethodr1propertyrr!r"r#r$r%rFIDrGrMrPrrrr&s00d +IMMM+..+2W$!$!$!$!$!L   [ &***X*,,,X,,,,X,)))X))))X)%%%X%CGDffg44O - - - - ^<<<<<risG#""""" $$$$$$$$ )(((((7777777777,,,,,,('))+4$-",$0$0y<y<y<y<y<y<y<y<y<y