|
OpenQuizz
Une application de gestion des contenus pédagogiques
|
Functions | |
| def | pbkdf2_hex (data, salt, iterations=DEFAULT_PBKDF2_ITERATIONS, keylen=None, hashfunc=None) |
| def | pbkdf2_bin (data, salt, iterations=DEFAULT_PBKDF2_ITERATIONS, keylen=None, hashfunc=None) |
| def | safe_str_cmp (a, b) |
| def | gen_salt (length) |
| def | generate_password_hash (password, method="pbkdf2:sha256", salt_length=8) |
| def | check_password_hash (pwhash, password) |
| def | safe_join (directory, *pathnames) |
Variables | |
| SALT_CHARS | |
| DEFAULT_PBKDF2_ITERATIONS | |
| def werkzeug.security.check_password_hash | ( | pwhash, | |
| password | |||
| ) |
check a password against a given salted and hashed password value.
In order to support unsalted legacy passwords this method supports
plain text passwords, md5 and sha1 hashes (both salted and unsalted).
Returns `True` if the password matched, `False` otherwise.
:param pwhash: a hashed string like returned by
:func:`generate_password_hash`.
:param password: the plaintext password to compare against the hash.
| def werkzeug.security.gen_salt | ( | length | ) |
Generate a random string of SALT_CHARS with specified ``length``.
| def werkzeug.security.generate_password_hash | ( | password, | |
method = "pbkdf2:sha256", |
|||
salt_length = 8 |
|||
| ) |
Hash a password with the given method and salt with a string of
the given length. The format of the string returned includes the method
that was used so that :func:`check_password_hash` can check the hash.
The format for the hashed string looks like this::
method$salt$hash
This method can **not** generate unsalted passwords but it is possible
to set param method='plain' in order to enforce plaintext passwords.
If a salt is used, hmac is used internally to salt the password.
If PBKDF2 is wanted it can be enabled by setting the method to
``pbkdf2:method:iterations`` where iterations is optional::
pbkdf2:sha256:80000$salt$hash
pbkdf2:sha256$salt$hash
:param password: the password to hash.
:param method: the hash method to use (one that hashlib supports). Can
optionally be in the format ``pbkdf2:<method>[:iterations]``
to enable PBKDF2.
:param salt_length: the length of the salt in letters.
| def werkzeug.security.pbkdf2_bin | ( | data, | |
| salt, | |||
iterations = DEFAULT_PBKDF2_ITERATIONS, |
|||
keylen = None, |
|||
hashfunc = None |
|||
| ) |
Returns a binary digest for the PBKDF2 hash algorithm of `data`
with the given `salt`. It iterates `iterations` times and produces a
key of `keylen` bytes. By default, SHA-256 is used as hash function;
a different hashlib `hashfunc` can be provided.
.. versionadded:: 0.9
:param data: the data to derive.
:param salt: the salt for the derivation.
:param iterations: the number of iterations.
:param keylen: the length of the resulting key. If not provided
the digest size will be used.
:param hashfunc: the hash function to use. This can either be the
string name of a known hash function or a function
from the hashlib module. Defaults to sha256.
| def werkzeug.security.pbkdf2_hex | ( | data, | |
| salt, | |||
iterations = DEFAULT_PBKDF2_ITERATIONS, |
|||
keylen = None, |
|||
hashfunc = None |
|||
| ) |
Like :func:`pbkdf2_bin`, but returns a hex-encoded string.
.. versionadded:: 0.9
:param data: the data to derive.
:param salt: the salt for the derivation.
:param iterations: the number of iterations.
:param keylen: the length of the resulting key. If not provided,
the digest size will be used.
:param hashfunc: the hash function to use. This can either be the
string name of a known hash function, or a function
from the hashlib module. Defaults to sha256.
| def werkzeug.security.safe_join | ( | directory, | |
| * | pathnames | ||
| ) |
Safely join zero or more untrusted path components to a base
directory to avoid escaping the base directory.
:param directory: The trusted base directory.
:param pathnames: The untrusted path components relative to the
base directory.
:return: A safe path, otherwise ``None``.
| def werkzeug.security.safe_str_cmp | ( | a, | |
| b | |||
| ) |
This function compares strings in somewhat constant time. This requires that the length of at least one string is known in advance. Returns `True` if the two strings are equal, or `False` if they are not. .. versionadded:: 0.7
| DEFAULT_PBKDF2_ITERATIONS |
| SALT_CHARS |