From 3cf93a5ce661590dbf4d82dbfe170e4d663b25a6 Mon Sep 17 00:00:00 2001 From: Gabriel Augendre Date: Mon, 26 Sep 2022 15:08:37 +0200 Subject: [PATCH] Switch to argon2 for passwords --- poetry.lock | 97 ++++++++++++++++++++++++++++++++++---------- pyproject.toml | 2 +- src/blog/settings.py | 5 +++ 3 files changed, 81 insertions(+), 23 deletions(-) diff --git a/poetry.lock b/poetry.lock index fab0427..3c8ba9b 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,3 +1,34 @@ +[[package]] +name = "argon2-cffi" +version = "21.3.0" +description = "The secure Argon2 password hashing algorithm." +category = "main" +optional = false +python-versions = ">=3.6" + +[package.dependencies] +argon2-cffi-bindings = "*" + +[package.extras] +dev = ["pre-commit", "cogapp", "tomli", "coverage[toml] (>=5.0.2)", "hypothesis", "pytest", "sphinx", "sphinx-notfound-page", "furo"] +docs = ["sphinx", "sphinx-notfound-page", "furo"] +tests = ["coverage[toml] (>=5.0.2)", "hypothesis", "pytest"] + +[[package]] +name = "argon2-cffi-bindings" +version = "21.2.0" +description = "Low-level CFFI bindings for Argon2" +category = "main" +optional = false +python-versions = ">=3.6" + +[package.dependencies] +cffi = ">=1.0.1" + +[package.extras] +dev = ["pytest", "cogapp", "pre-commit", "wheel"] +tests = ["pytest"] + [[package]] name = "asgiref" version = "3.5.2" @@ -56,12 +87,23 @@ python-versions = ">=2.7" [[package]] name = "certifi" -version = "2022.9.14" +version = "2022.9.24" description = "Python package for providing Mozilla's CA Bundle." category = "main" optional = false python-versions = ">=3.6" +[[package]] +name = "cffi" +version = "1.15.1" +description = "Foreign Function Interface for Python calling C code." +category = "main" +optional = false +python-versions = "*" + +[package.dependencies] +pycparser = "*" + [[package]] name = "cfgv" version = "3.3.1" @@ -139,6 +181,7 @@ optional = false python-versions = ">=3.8" [package.dependencies] +argon2-cffi = {version = ">=19.1.0", optional = true, markers = "extra == \"argon2\""} asgiref = ">=3.5.2,<4" sqlparse = ">=0.2.2" tzdata = {version = "*", markers = "sys_platform == \"win32\""} @@ -189,7 +232,7 @@ tests = ["pytest (<4.0)", "pytest-django", "pytest-flakes (==1.0.1)", "pytest-pe [[package]] name = "django-debug-toolbar" -version = "3.6.0" +version = "3.7.0" description = "A configurable set of panels that display various debug information about the current request/response." category = "main" optional = false @@ -250,14 +293,14 @@ qrcode = ["qrcode"] [[package]] name = "django-phonenumber-field" -version = "5.2.0" +version = "6.4.0" description = "An international phone number field for django models." category = "main" optional = false -python-versions = ">=3.6" +python-versions = ">=3.7" [package.dependencies] -Django = ">=2.2" +Django = ">=3.2" [package.extras] phonenumbers = ["phonenumbers (>=7.0.2)"] @@ -403,12 +446,16 @@ testing = ["coverage", "pyyaml"] [[package]] name = "markdown2" -version = "2.4.3" +version = "2.4.5" description = "A fast and complete Python implementation of Markdown" category = "main" optional = false python-versions = ">=3.5, <4" +[package.extras] +all = ["pygments (>=2.7.3)"] +code_syntax_highlighting = ["pygments (>=2.7.3)"] + [[package]] name = "model-bakery" version = "1.7.0" @@ -475,7 +522,7 @@ pyparsing = ">=2.0.2,<3.0.5 || >3.0.5" [[package]] name = "phonenumberslite" -version = "8.12.55" +version = "8.12.56" description = "Python version of Google's common library for parsing, formatting, storing and validating international phone numbers." category = "main" optional = false @@ -570,6 +617,14 @@ category = "dev" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +[[package]] +name = "pycparser" +version = "2.21" +description = "C parser in Python" +category = "main" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" + [[package]] name = "pygments" version = "2.13.0" @@ -728,21 +783,21 @@ python-versions = ">=3.6" [[package]] name = "qrcode" -version = "6.1" +version = "7.3.1" description = "QR Code image generator" category = "main" optional = false -python-versions = "*" +python-versions = ">=3.6" [package.dependencies] colorama = {version = "*", markers = "platform_system == \"Windows\""} -six = "*" [package.extras] -dev = ["tox", "pytest", "mock"] +all = ["zest.releaser", "tox", "pytest", "pytest", "pytest-cov", "pillow"] +dev = ["tox", "pytest"] maintainer = ["zest.releaser"] pil = ["pillow"] -test = ["pytest", "pytest-cov", "mock"] +test = ["pytest", "pytest-cov"] [[package]] name = "rcssmin" @@ -798,7 +853,7 @@ requests = ">=2.0.1,<3.0.0" name = "six" version = "1.16.0" description = "Python 2 and 3 compatibility utilities" -category = "main" +category = "dev" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*" @@ -1014,9 +1069,11 @@ multidict = ">=4.0" [metadata] lock-version = "1.1" python-versions = "^3.10" -content-hash = "67be358cc8c633ec79a2343d4b3a9491d0032ef9d116e8c215b9573c44200893" +content-hash = "5ad534aa66d00801396cd3819d72a5dc57ac9159855eaac62d192313ebb09be3" [metadata.files] +argon2-cffi = [] +argon2-cffi-bindings = [] asgiref = [ {file = "asgiref-3.5.2-py3-none-any.whl", hash = "sha256:1d2880b792ae8757289136f1db2b7b99100ce959b2aa57fd69dab783d05afac4"}, {file = "asgiref-3.5.2.tar.gz", hash = "sha256:4a29362a6acebe09bf1d6640db38c1dc3d9217c68e6f9f6204d72667fc19a424"}, @@ -1092,6 +1149,7 @@ brotli = [ ] cerberus = [] certifi = [] +cffi = [] cfgv = [ {file = "cfgv-3.3.1-py2.py3-none-any.whl", hash = "sha256:c6a0883f3917a037485059700b9e75da2464e6c27051014ad85ba6aaa5884426"}, {file = "cfgv-3.3.1.tar.gz", hash = "sha256:f5a830efb9ce7a445376bb66ec94c638a9787422f96264c98edc6bdeed8ab736"}, @@ -1129,10 +1187,7 @@ django-otp = [ {file = "django-otp-1.1.3.tar.gz", hash = "sha256:f002c71d4ea7f514590be00492980d3c87397b73dc20542e1c4fc00b66f2dda1"}, {file = "django_otp-1.1.3-py3-none-any.whl", hash = "sha256:8637be826c0465d0fd1710e4472efe9fc83883853a2141fefdbace9358d20003"}, ] -django-phonenumber-field = [ - {file = "django-phonenumber-field-5.2.0.tar.gz", hash = "sha256:52b2e5970133ec5ab701218b802f7ab237229854dc95fd239b7e9e77dc43731d"}, - {file = "django_phonenumber_field-5.2.0-py3-none-any.whl", hash = "sha256:5547fb2b2cc690a306ba77a5038419afc8fa8298a486fb7895008e9067cc7e75"}, -] +django-phonenumber-field = [] django-two-factor-auth = [] filelock = [] gunicorn = [ @@ -1243,6 +1298,7 @@ py = [ {file = "py-1.11.0-py2.py3-none-any.whl", hash = "sha256:607c53218732647dff4acdfcd50cb62615cedf612e72d1724fb1a0cc6405b378"}, {file = "py-1.11.0.tar.gz", hash = "sha256:51c75c4126074b472f746a24399ad32f6053d1b34b68d2fa41e558e6f4a98719"}, ] +pycparser = [] pygments = [] pyparsing = [ {file = "pyparsing-3.0.9-py3-none-any.whl", hash = "sha256:5026bae9a10eeaefb61dab2f09052b9f4307d44aee4eda64b309723d8d206bbc"}, @@ -1306,10 +1362,7 @@ pyyaml = [ {file = "PyYAML-6.0-cp39-cp39-win_amd64.whl", hash = "sha256:b3d267842bf12586ba6c734f89d1f5b871df0273157918b0ccefa29deb05c21c"}, {file = "PyYAML-6.0.tar.gz", hash = "sha256:68fb519c14306fec9720a2a5b45bc9f0c8d1b9c72adf45c37baedfcd949c35a2"}, ] -qrcode = [ - {file = "qrcode-6.1-py2.py3-none-any.whl", hash = "sha256:3996ee560fc39532910603704c82980ff6d4d5d629f9c3f25f34174ce8606cf5"}, - {file = "qrcode-6.1.tar.gz", hash = "sha256:505253854f607f2abf4d16092c61d4e9d511a3b4392e60bff957a68592b04369"}, -] +qrcode = [] rcssmin = [] readtime = [] requests = [] diff --git a/pyproject.toml b/pyproject.toml index 3132287..e4129c5 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -7,7 +7,7 @@ license = "GPLv3" [tool.poetry.dependencies] python = "^3.10" -django = "^4.1" +django = {version = "^4.1", extras = ["argon2"]} markdown = "^3.2" gunicorn = "^20.0" Pygments = "^2.6" diff --git a/src/blog/settings.py b/src/blog/settings.py index 3f9d424..2620645 100644 --- a/src/blog/settings.py +++ b/src/blog/settings.py @@ -185,6 +185,11 @@ AUTH_PASSWORD_VALIDATORS = [ {"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"}, ] +PASSWORD_HASHERS = [ + "django.contrib.auth.hashers.Argon2PasswordHasher", + "django.contrib.auth.hashers.PBKDF2PasswordHasher", +] + # Internationalization # https://docs.djangoproject.com/en/3.1/topics/i18n/