[Python-modules-team] Bug#806366: passlib issues
Neil Williams
codehelp at debian.org
Tue Dec 22 12:07:46 UTC 2015
I've had a quick look at the django setup in passlib and the first
impressions are *not* good.
0: I'm not sure why passlib wants to provide django support, django has
password hashing functionality built in.
1: passlib tries to support too many different versions of django,
including django1.0 which was old even in Lenny. That unnecessarily
complicates the code. (passfail also uses it's own internal handling of
the django versions which seems unnecessary.)
2: passlib doesn't handle django as a "typical" django app with no
centralised settings - this makes the move to 1.9 error-prone. Fixing
passlib/tests/test_ext_django.py just reveals that
passlib/tests/test_handlers_django.py gets confused between django
imports for 1.4, 1.6 and gets the wrong result for >> 1.7 which now
fails with 1.9. fuzz_verifier_django tries to import from
django.contrib.auth.models import check_password which has moved into
django.contrib.auth.hashers.
3: It's not clear to me why passlib couldn't be separated into a
passlib and passlib-django upstream (dropping support for all versions
of django prior to 1.6 or 1.7 in the process) to make the whole library
much easier and simpler to handle.
4: passlib also has the python-support dependency which is deprecated:
https://wiki.debian.org/Python/TransitionToDHPython2
I've attached what I've done so far in patch format but there is more
to do.
I now get:
======================================================================
ERROR: test_02_handler_wrapper
(passlib.tests.test_ext_django.DjangoExtensionTest) passlib.ext.django
plugin: test Hasher-compatible handler wrappers
----------------------------------------------------------------------
Traceback (most recent call last): File
"/home/neil/code/debian/qa/passlib/python-passlib-1.6.5/passlib/tests/test_ext_django.py",
line 817, in test_02_handler_wrapper
self.assertEqual(hasher.safe_summary(encoded), File
"/home/neil/code/debian/qa/passlib/python-passlib-1.6.5/passlib/ext/django/utils.py",
line 191, in safe_summary from django.utils.datastructures import
SortedDict ImportError: cannot import name SortedDict
======================================================================
FAIL: test_config (passlib.tests.test_ext_django.DjangoBehaviorTest)
verify django behavior: test hashing interface
----------------------------------------------------------------------
Traceback (most recent call last):
File
"/home/neil/code/debian/qa/passlib/python-passlib-1.6.5/passlib/tests/test_ext_django.py",
line 668, in test_config self.assert_valid_password(user, hash) File
"/home/neil/code/debian/qa/passlib/python-passlib-1.6.5/passlib/tests/test_ext_django.py",
line 342, in assert_valid_password self.assertEqual(user.password,
hash) AssertionError:
u'pbkdf2_sha256$24000$REJ7eHqQKnLO$E6PL+rR/Jq/B6ue5PdOGt0fihKyAFGTvjt/VTwwI0q8=' !=
'pbkdf2_sha256$20000$arJ31mmmlSmO$XNBTUKe4UCUGPeHTmXpYjaKmJaDGAsevd0LWvBtzP18='
----------------------------------------------------------------------
Ran 1928 tests in 155.118s
FAILED (failures=1, errors=1, skipped=590)
SortedDict is likely to be simple - the failure in the hashing test and
the number of skipped tests are a bit more of a concern.
--
Neil Williams
=============
http://www.linux.codehelp.co.uk/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: django1.9.patch
Type: text/x-patch
Size: 2791 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/python-modules-team/attachments/20151222/d0621c91/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/python-modules-team/attachments/20151222/d0621c91/attachment.sig>
More information about the Python-modules-team
mailing list