Passlib¶

Extension for password contexts via Passlib.

Support validation of multiple hashing algorithms to allow for easy migration from one algorithm to another.

Example:

from invenio_ext.passlib import password_context
hash = password_context.encrypt("mypassword")
password_context.verify("mypassword", hash)
password_context.needs_update(hash)

Invenio legacy support:

from invenio_ext.passlib import password_context
hash = password_context.encrypt(
    "mypassword",
    scheme="invenio_aes_encrypted_email",
    user="info@invenio-software.org",
 )
password_context.verify(
    "mypassword", hash
    scheme="invenio_aes_encrypted_email",
    user="info@invenio-software.org",
)
password_context.needs_update(hash)

Configuration Settings¶

Invenio’s default password hashing algorithms can be modified using the following application settings:

PASSLIB_SCHEMES	List of supported password hashing schemes. The default password hashing scheme is the first item in the list. Default: [‘sha512_crypt’, ‘invenio_aes_encrypted_email’]
PASSLIB_DEPRECATED_SCHEMES	List of password hashing schemes that are deprecated (which results in the users’ hash being automatically upgrade on next login). Note, all deprecated scheme must also be present in PASSLIB_SCHEMES. Default: [‘invenio_aes_encrypted_email’]

class invenio_ext.passlib.Passlib(app=None)¶

Flask-Passlib integration.

init_app(app)¶: Initialize application.