OpenQuizz
Une application de gestion des contenus pédagogiques
werkzeug.security Namespace Reference

Functions

def pbkdf2_hex (data, salt, iterations=DEFAULT_PBKDF2_ITERATIONS, keylen=None, hashfunc=None)
 
def pbkdf2_bin (data, salt, iterations=DEFAULT_PBKDF2_ITERATIONS, keylen=None, hashfunc=None)
 
def safe_str_cmp (a, b)
 
def gen_salt (length)
 
def generate_password_hash (password, method="pbkdf2:sha256", salt_length=8)
 
def check_password_hash (pwhash, password)
 
def safe_join (directory, *pathnames)
 

Variables

 SALT_CHARS
 
 DEFAULT_PBKDF2_ITERATIONS
 

Function Documentation

◆ check_password_hash()

def werkzeug.security.check_password_hash (   pwhash,
  password 
)
check a password against a given salted and hashed password value.
In order to support unsalted legacy passwords this method supports
plain text passwords, md5 and sha1 hashes (both salted and unsalted).

Returns `True` if the password matched, `False` otherwise.

:param pwhash: a hashed string like returned by
               :func:`generate_password_hash`.
:param password: the plaintext password to compare against the hash.

◆ gen_salt()

def werkzeug.security.gen_salt (   length)
Generate a random string of SALT_CHARS with specified ``length``.

◆ generate_password_hash()

def werkzeug.security.generate_password_hash (   password,
  method = "pbkdf2:sha256",
  salt_length = 8 
)
Hash a password with the given method and salt with a string of
the given length. The format of the string returned includes the method
that was used so that :func:`check_password_hash` can check the hash.

The format for the hashed string looks like this::

    method$salt$hash

This method can **not** generate unsalted passwords but it is possible
to set param method='plain' in order to enforce plaintext passwords.
If a salt is used, hmac is used internally to salt the password.

If PBKDF2 is wanted it can be enabled by setting the method to
``pbkdf2:method:iterations`` where iterations is optional::

    pbkdf2:sha256:80000$salt$hash
    pbkdf2:sha256$salt$hash

:param password: the password to hash.
:param method: the hash method to use (one that hashlib supports). Can
               optionally be in the format ``pbkdf2:<method>[:iterations]``
               to enable PBKDF2.
:param salt_length: the length of the salt in letters.

◆ pbkdf2_bin()

def werkzeug.security.pbkdf2_bin (   data,
  salt,
  iterations = DEFAULT_PBKDF2_ITERATIONS,
  keylen = None,
  hashfunc = None 
)
Returns a binary digest for the PBKDF2 hash algorithm of `data`
with the given `salt`. It iterates `iterations` times and produces a
key of `keylen` bytes. By default, SHA-256 is used as hash function;
a different hashlib `hashfunc` can be provided.

.. versionadded:: 0.9

:param data: the data to derive.
:param salt: the salt for the derivation.
:param iterations: the number of iterations.
:param keylen: the length of the resulting key.  If not provided
               the digest size will be used.
:param hashfunc: the hash function to use.  This can either be the
                 string name of a known hash function or a function
                 from the hashlib module.  Defaults to sha256.

◆ pbkdf2_hex()

def werkzeug.security.pbkdf2_hex (   data,
  salt,
  iterations = DEFAULT_PBKDF2_ITERATIONS,
  keylen = None,
  hashfunc = None 
)
Like :func:`pbkdf2_bin`, but returns a hex-encoded string.

.. versionadded:: 0.9

:param data: the data to derive.
:param salt: the salt for the derivation.
:param iterations: the number of iterations.
:param keylen: the length of the resulting key.  If not provided,
               the digest size will be used.
:param hashfunc: the hash function to use.  This can either be the
                 string name of a known hash function, or a function
                 from the hashlib module.  Defaults to sha256.

◆ safe_join()

def werkzeug.security.safe_join (   directory,
pathnames 
)
Safely join zero or more untrusted path components to a base
directory to avoid escaping the base directory.

:param directory: The trusted base directory.
:param pathnames: The untrusted path components relative to the
    base directory.
:return: A safe path, otherwise ``None``.

◆ safe_str_cmp()

def werkzeug.security.safe_str_cmp (   a,
  b 
)
This function compares strings in somewhat constant time.  This
requires that the length of at least one string is known in advance.

Returns `True` if the two strings are equal, or `False` if they are not.

.. versionadded:: 0.7

Variable Documentation

◆ DEFAULT_PBKDF2_ITERATIONS

DEFAULT_PBKDF2_ITERATIONS

◆ SALT_CHARS

SALT_CHARS