o 8;h @sddlmZddlZddlmZddlmZddlmZm Z m Z ddl m Z ddl mZmZmZdd lmZejZejZejZejZejZdddZGdddZdS)) annotationsN)ClassVar)Literal) Parameters _check_typesextract_parameters)InvalidHashError)Type hash_secret verify_secret)RFC_9106_LOW_MEMORYs bytes | strencodingstrreturnbytescCst|tr|S||S)zM Ensure *s* is a bytes string. Encode using *encoding* if it isn't. ) isinstancerencode)rrrJ/var/www/html/venv/lib/python3.10/site-packages/argon2/_password_hasher.py _ensure_bytess  rc@seZdZUdZddgZded<ded<eeee e de j fd3ddZ ed4ddZed5ddZed5ddZed5ddZed5ddZed5ddZed6dd Zd!d"d7d'd(Ze je je j d)Zd*ed+<d8d.d/Zd9d1d2Zd!S):PasswordHashera High level class to hash passwords with sensible defaults. Uses Argon2\ **id** by default and always uses a random salt_ for hashing. But it can verify any type of Argon2 as long as the hash is correctly encoded. The reason for this being a class is both for convenience to carry parameters and to verify the parameters only *once*. Any unnecessary slowdown when hashing is a tangible advantage for a brute force attacker. :param int time_cost: Defines the amount of computation realized and therefore the execution time, given in number of iterations. :param int memory_cost: Defines the memory usage, given in kibibytes_. :param int parallelism: Defines the number of parallel threads (*changes* the resulting hash value). :param int hash_len: Length of the hash in bytes. :param int salt_len: Length of random salt to be generated for each password. :param str encoding: The Argon2 C library expects bytes. So if :meth:`hash` or :meth:`verify` are passed a ``str``, it will be encoded using this encoding. :param Type type: Argon2 type to use. Only change for interoperability with legacy systems. .. versionadded:: 16.0.0 .. versionchanged:: 18.2.0 Switch from Argon2i to Argon2id based on the recommendation by the current RFC draft. See also :doc:`parameters`. .. versionchanged:: 18.2.0 Changed default *memory_cost* to 100 MiB and default *parallelism* to 8. .. versionchanged:: 18.2.0 ``verify`` now will determine the type of hash. .. versionchanged:: 18.3.0 The Argon2 type is configurable now. .. versionadded:: 21.2.0 :meth:`from_parameters` .. versionchanged:: 21.2.0 Changed defaults to :data:`argon2.profiles.RFC_9106_LOW_MEMORY`. .. _salt: https://en.wikipedia.org/wiki/Salt_(cryptography) .. _kibibytes: https://en.wikipedia.org/wiki/Binary_prefix#kibi _parametersrrrzutf-8 time_costint memory_cost parallelismhash_lensalt_lentyper c Cs`t|tf|tf|tf|tf|tf|tf|tfd}|rt|t|d|||||d|_||_dS)N)rrrrr rr!)r!versionr rrrr)rrrr TypeErrorrrr) selfrrrrr rr!errr__init__Ns*   zPasswordHasher.__init__paramsrcCs|}||_|S)z_ Construct a `PasswordHasher` from *params*. .. versionadded:: 21.2.0 )r)clsr(phrrrfrom_parameterspszPasswordHasher.from_parameterscC|jjSN)rrr%rrrr|zPasswordHasher.time_costcCr,r-)rrr.rrrrr/zPasswordHasher.memory_costcCr,r-)rrr.rrrrr/zPasswordHasher.parallelismcCr,r-)rrr.rrrrr/zPasswordHasher.hash_lencCr,r-)rr r.rrrr r/zPasswordHasher.salt_lencCr,r-)rr!r.rrrr!r/zPasswordHasher.typeN)saltpassword str | bytesr0 bytes | Nonec Cs:tt||j|p t|j|j|j|j|j |j d dS)a Hash *password* and return an encoded hash. Parameters: password: Password to hash. salt: If None, a random salt is securely created. .. danger:: You should **not** pass a salt unless you really know what you are doing. Raises: argon2.exceptions.HashingError: If hashing fails. Returns: Hashed *password*. .. versionadded:: 23.1.0 *salt* parameter )secretr0rrrrr!ascii) r rrosurandomr rrrrr!decode)r%r1r0rrrhashs zPasswordHasher.hash)s $argon2i$s $argon2d$s $argon2idzClassVar[dict[bytes, Type]]_header_to_typer9 Literal[True]cCsJt|d}z |j|dd}Wn tytdwt|t||j|S)a Verify that *password* matches *hash*. .. warning:: It is assumed that the caller is in full control of the hash. No other parsing than the determination of the hash type is done by *argon2-cffi*. :param hash: An encoded hash as returned from :meth:`PasswordHasher.hash`. :type hash: ``bytes`` or ``str`` :param password: The password to verify. :type password: ``bytes`` or ``str`` :raises argon2.exceptions.VerifyMismatchError: If verification fails because *hash* is not valid for *password*. :raises argon2.exceptions.VerificationError: If verification fails for other reasons. :raises argon2.exceptions.InvalidHashError: If *hash* is so clearly invalid, that it couldn't be passed to Argon2. :return: ``True`` on success, raise :exc:`~argon2.exceptions.VerificationError` otherwise. :rtype: bool .. versionchanged:: 16.1.0 Raise :exc:`~argon2.exceptions.VerifyMismatchError` on mismatches instead of its more generic superclass. .. versionadded:: 18.2.0 Hash type agility. r5N )rr: LookupErrorr r r)r%r9r1Z hash_typerrrverifys # zPasswordHasher.verifyboolcCs|jt|kS)aM Check whether *hash* was created using the instance's parameters. Whenever your Argon2 parameters -- or *argon2-cffi*'s defaults! -- change, you should rehash your passwords at the next opportunity. The common approach is to do that whenever a user logs in, since that should be the only time when you have access to the cleartext password. Therefore it's best practice to check -- and if necessary rehash -- passwords after each successful authentication. :rtype: bool .. versionadded:: 18.2.0 )rr)r%r9rrrcheck_needs_rehashsz!PasswordHasher.check_needs_rehash)rrrrrrrrr rrrr!r )r(rrr)rr)rr )r1r2r0r3rr)r9r2r1r2rr;)r9rrr?)__name__ __module__ __qualname____doc__ __slots____annotations__DEFAULT_TIME_COSTDEFAULT_MEMORY_COSTDEFAULT_PARALLELISMDEFAULT_HASH_LENGTHDEFAULT_RANDOM_SALT_LENGTHr IDr' classmethodr+propertyrrrrr r!r9IDr:r>r@rrrrr sD ( "       $ -r)rrrrrr) __future__rr6typingrZ_typingrZ_utilsrrr exceptionsr Z low_levelr r r Zprofilesr r rKrrJrrGrrHrrIrrrrrrs