Comments (11)
frankie567
commented on June 6, 2024
1
Fixed as of v13.0.0
from fastapi-users.
frankie567
commented on June 6, 2024
Thanks for raising this @davidbrochart 👍
Unfortunately, passlib seems to be unmaintained those days: https://foss.heptapod.net/python-libs/passlib
It's really unfortunate, because passlib is the de-facto standard for password hashing. I'm not aware of alternatives 🤔
from fastapi-users.
davidbrochart
commented on June 6, 2024
Maybe fork it?
from fastapi-users.
frankie567
commented on June 6, 2024
Probably, but not me. I know nothing about cryptography algorithms, so I wouldn't risk to support a library that critical 😅
from fastapi-users.
davidbrochart
commented on June 6, 2024
An alternative is to install setuptools, but there is a deprecation warning when importing:
Python 3.12.0 | packaged by conda-forge | (main, Oct 3 2023, 08:43:22) [GCC 12.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pkg_resources
<stdin>:1: DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html
from fastapi-users.
bert2002
commented on June 6, 2024
Not sure if its related, but just started seeing this:
Python: 3.12.0
FastAPI: 0.104.1
FastAPI-Users: 12.1.2
INFO: 172.21.0.1:47400 - "GET /auth/google/authorize HTTP/1.1" 200 OK
(trapped) error reading bcrypt version
Traceback (most recent call last):
File "/usr/local/lib/python3.12/site-packages/fastapi_users/manager.py", line 201, in oauth_callback
user = await self.get_by_oauth_account(oauth_name, account_id)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/fastapi_users/manager.py", line 106, in get_by_oauth_account
raise exceptions.UserNotExists()
fastapi_users.exceptions.UserNotExists
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.12/site-packages/fastapi_users/manager.py", line 205, in oauth_callback
user = await self.get_by_email(account_email)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.12/site-packages/fastapi_users/manager.py", line 90, in get_by_email
raise exceptions.UserNotExists()
fastapi_users.exceptions.UserNotExists
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.12/site-packages/passlib/handlers/bcrypt.py", line 620, in _load_backend_mixin
version = _bcrypt.__about__.__version__
^^^^^^^^^^^^^^^^^
AttributeError: module 'bcrypt' has no attribute '__about__'
User 4bdb7054-ddd9-433c-8bbb-a7204a296ae8 has registered.
This happens when registering a new user, it works perfectly and have not noticed any problems...
bert
from fastapi-users.
tcompa
commented on June 6, 2024
I think that the warning in the previous comment (by @bert2002) is unrelated to python 3.12; it's rather a passlib issue with recent bcrypt versions (see https://foss.heptapod.net/python-libs/passlib/-/issues/190).
Unfortunately, passlib seems to be unmaintained those days: https://foss.heptapod.net/python-libs/passlib
It's really unfortunate, because passlib is the de-facto standard for password hashing. I'm not aware of alternatives 🤔
For the record, there seems to be a renewed effort towards passlib maintenance, see https://foss.heptapod.net/python-libs/passlib/-/issues/187.
from fastapi-users.
gaetanDubuc
commented on June 6, 2024
The only dependency to passlib seems to be in password.py. https://argon2-cffi.readthedocs.io/en/stable/argon2.html could replace passlib as the package defines a PasswordHasher with close protocol. We just have to define a new CryptContext protocol.
from fastapi-users.
frankie567
commented on June 6, 2024
The only dependency to passlib seems to be in password.py. https://argon2-cffi.readthedocs.io/en/stable/argon2.html could replace passlib as the package defines a PasswordHasher with close protocol. We just have to define a new
CryptContextprotocol.
Passlib supports several hashing algorithms, not only argon2, and has convenient features like hash upgrades. Plus, I believe most FastAPI Users installations use bcrypt right now.
from fastapi-users.
JimScope
commented on June 6, 2024
Hi @frankie567 could this option to unblock the library for python 3.12 be considered as a short term solution? #1345
from fastapi-users.
MatthewScholefield
commented on June 6, 2024
A passlib maintainer responded so it sounds like there may be a fix coming soon.
from fastapi-users.
Related Issues (20)
- TypeError: <class 'fastapi_users_db_beanie.BeanieBaseUser'> cannot be parametrized
- No docs for API user parameter
- Problem in getting current_user HOT 1
- Two different strategies generate the same tokens
- OAuthAccount.expires_at should be BigInteger HOT 1
- The backend is not picked right with logout endpoint HOT 5
- How can i response many others user fields in jwt login ?
- fastapi depreciation in "full example" HOT 4
- Redis backends can't use 'reset-password' 'verify' HOT 4
- Inconsistency on responses HOT 2
- Crypt deprecation warning from passlib HOT 12
- user profile 401 Unauthorized HOT 3
- SQLAlchemyUserDatabase.create() got an unexpected keyword argument 'safe'
- forget password return null in responce body instead of token ?
- AttributeError: 'ValidatedEmail' object has no attribute 'normalized' HOT 2
- cannot import name 'BeanieUserDatabase' from 'fastapi_users.db' HOT 1
- Exposing unused fields in FastAPI docs HOT 1
- alembic won't run imgration fastapi_users_db_sqlalchemy is not defined HOT 1
- Theoretically several users with the same email can be created HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fastapi-users.