Update for BCrypt wrap bug detected

[mo7ty]

Improved version of PR Update for BCrypt wrap bug detected #19, based on bcrypt improvements, test fixup #23, including usage of TruncateMixin along with passlib.exc.PasswordTruncateError.

• Refer to BCrypt wrap bug detected #18

[chapmajs]

I think this PR still misses the mark w.r.t. TruncateMixin allowing user-configurable behavior. I don't think TruncateMixin features should probably be used to work around backend changes, that seems like it has the potential to allow users of the library to make configuration changes that cause unintuitive errors.

Additionally, wrapping _calculate_checksum() and performing different behavior there based on TruncateMixin settings may lead to a situation in which hashes generated with this handler can't be verified by it. If automated behavior there really is desired, the backend ought to implement hash() and verify() itself -- probably just perform the checks and then super() it.

[notypecheck]

@chapmajs I'm not quite sure myself about using TruncateMixin as well, but I think it should be ok. By default it should not raise an error when trying to verify existing hashes, unless you set truncate_verify_reject to True.

[chapmajs]

@chapmajs I'm not quite sure myself about using TruncateMixin as well, but I think it should be ok. By default it should not raise an error when trying to verify existing hashes, unless you set truncate_verify_reject to True.

My issue with this is that the state of truncate_verify_reject is being dynamically modified depending on which backend is providing bcrypt functionality. It's possible for a user to set an option and have that change not be honored.

The mixin should provide the desired behavior (that a passlib exception be raised) as long as it's activated. If the defaults are changed to activate it, that's fine, but it should be a static defaults change that still allows users to override it to achieve old behavior.

Changing the default probably shouldn't be done on a point release.

Since the bcrypt backend doesn't provide its own hash() and verify() this should be happening automatically, with no manual checks in the bcrypt backend. See #23, it works there without other changes to behavior.

[mo7ty]

Hi @notypecheck and @chapmajs,

Thank you for all your comments, feedback, concerns and suggestions.
Hoping that the latest update on this PR answers them all, please comment here if there’s still anything that might not be quite right.

[chapmajs]

There's still a fundamental misunderstanding of what TruncateMixin should and shouldn't be doing here, and direct manipulation of its state, which will override/ignore user configuration.

[mo7ty]

Local tests run results using BCrypt versions 4.3.0 and 5.0.0:

• collected 3573 items
• 1603 skipped
• 1970 passed

[chapmajs]

This existing comment (which was present prior to any of the PR work) explains the crux of the issue I'm seeing:

        Setting ``truncate_error=True`` will cause :meth:`~passlib.ifc.PasswordHash.hash`
        to raise a :exc:`~passlib.exc.PasswordTruncateError` instead.

Handlers that use the TruncateMixin should not be raising in their own code for truncation, except maybe if they need to completely reimplement hash() and verify() -- it's behavior and functionality defined and implemented in the mixin. See PR #23 -- you will notice that there are no changes to internal state or raising within wrapped methods, etc. It "just works" because it

• uses the default hash() and verify()
• includes the TruncateMixin

Note that the tests correctly manipulate variables to control TruncateMixin behavior as-is. You can look at some of the other backends that already include TruncateMixin for alternate examples.

Do also note that calling super().hash() and/or super().verify() from within a custom hash() and/or verify() method will also correctly integrate TruncateMixin functionality.

[mo7ty]

Closing PR as per #25 (comment).