-
Notifications
You must be signed in to change notification settings - Fork 169
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AttributeError: module 'bcrypt' has no attribute '__about__' with new 4.1.1 version #684
Comments
This is an issue with how passlib attempts to read a version (for logging only) and fails because it's loading modules that no longer exist in bcrypt 4.1.x. I'd suggest filing an issue against them for this. |
Yep, passlib seems to be abandoned and the new bcrypt doesn't work with it. Needs to force |
As the OP indicates here, passlib will work with latest bcrypt, it simply emits a warning. You should be able to silence that warning with a logging configuration. |
Props to the opener of the issue on passlib: https://foss.heptapod.net/python-libs/passlib/-/issues/190 Edited to add: silencing the warning via logging config worked fine for me, hat-tip to @alex
|
Changes: - Reinstate the `bcrypt` option for `password_hash` This has been done since `node_exporter` expects hashed password for basic authentication to be created with `brypt`. I initially removed because the following appears when running the `monitoring_client` role: ``` AttributeError: module 'bcrypt' has no attribute '__about__' ``` The play proceeds and `node_exporter` is correctly installed. I tried pinning `bcrypt` to `4.0.1` as suggested in pyca/bcrypt#684 but the traceback still appears. Without `bcrypt` the `node_exporter` service fails to start.
git clean -xdf tar zcvf ../python-passlib_1.7.4.orig.tar.gz --exclude=.git . debuild -uc -us cp python-passlib.spec ../python-passlib_1.7.4-1.spec cp ../python*-passlib*1.7.4*.{gz,xz,spec,dsc} /osc/home\:alvistack/python-libs-passlib-1.7.4/ rm -rf ../python*-passlib*1.7.4*.* See https://foss.heptapod.net/python-libs/passlib/-/issues/190 See pyca/bcrypt#684 Signed-off-by: Wong Hoi Sing Edison <[email protected]>
Like others have pointed, passlib is not actively updated and it has dependencies that have changed behaviour over time.
I resolved it by removing the passlib module and simply using the bcrypt directly for hashing and verification :
Reference: #https://www.geeksforgeeks.org/hashing-passwords-in-python-with-bcrypt/ |
just downgrade your bcrypt. i did it to 3.2.2. it works. it has __about attribute. hope my comment helps. |
And go without updates for a security-relevant library? 😬 |
git clean -xdf tar zcvf ../python-passlib_1.7.4.orig.tar.gz --exclude=.git . debuild -uc -us cp python-passlib.spec ../python-passlib_1.7.4-1.spec cp ../python*-passlib*1.7.4*.{gz,xz,spec,dsc} /osc/home\:alvistack/python-libs-passlib-1.7.4/ rm -rf ../python*-passlib*1.7.4*.* See https://foss.heptapod.net/python-libs/passlib/-/issues/190 See pyca/bcrypt#684 Signed-off-by: Wong Hoi Sing Edison <[email protected]>
issue : pyca/bcrypt#684 passlib seems to be unmaintained! so i rewrite the hash and verify password my self with pure bcrypt.
I like this. Not a fan of using inactive libraries especially for straightforward things like this. |
* Update trove from branch 'master' to 3367c25e770c45e2a51040566b85329b6003246c - stop using passlib passlib is unmaintained and has not had a release since 2020 a recent bcrypt release just broke passlib see pyca/bcrypt#684 trove's use of passlib is pretty tirval so this change just removes it as a depency and delegate the random password generation in trove.common.utils to the generate_random_key function in the trove.common.crypto_utils module Change-Id: I6b6c64147c627025d5f89db6032d1c54445df94f
passlib is unmaintained and has not had a release since 2020 a recent bcrypt release just broke passlib see pyca/bcrypt#684 trove's use of passlib is pretty tirval so this change just removes it as a depency and delegate the random password generation in trove.common.utils to the generate_random_key function in the trove.common.crypto_utils module Change-Id: I6b6c64147c627025d5f89db6032d1c54445df94f
- 새로운 도메인 User와 관련된 기능 추가 - schema, crud, router 코드 생성 - main.py에 user router 연결 - 사용자 정보 중복 상황을 다루기 위한 유효성 검사 반영 - 비밀번호 암호화를 위한 passlib 사용 - passlib와 bcrypt 간의 버전 문제가 있는 듯 하다. - pyca/bcrypt#684 - 이메일 정보 포맷 확인을 위한 Pydantic 확장 - pip install pydantic[email]
i dont know how but it solved not only this problem, but also the one with not finding my 'app' package when importing from it. Thank You! |
Anyway to solve this issue ? Environement : python = ">=3.10,<4.0"
passlib = "^1.7.4"
fastapi = "^0.111.0" It's like passlib is not compatible maybe because passlib not being maintained anymore? |
You can remove passlib module and manually use bcrypt like this: #684 (comment). And If anyone gets an error like this:
you can find information on how to resolve it here. |
Thank you for SO link. It solved the |
To remove passlib I have to change a lot of thing. devenv/lib/python3.10/site-packages/passlib/handlers/bcrypt.py # location of my bcrypt.py file
version = _bcrypt.__version__ # to put in line 620 after the first line of the try block No no error anymore. The correct version is shown when I run the fastapi project. |
So my working fix is to change [line 620] like this: venv\Lib\site-packages\passlib\handlers\bcrypt.py
Previous -> New -> |
bcrypt version 4.2.0, passlib-1.7.4 |
pip show bcrypt # check package location
cd /home/xxx/.pyenv/versions/3.10.10/envs/venv/lib/python3.10/site-packages/bcrypt # cd package location
rm -rf * # remove everything in bcrypt folder
pip uninstall bcrypt
pip install bcrypt The package folder original contains _bcrypt.cpython-310-x86_64-linux-gnu.so, this .so file seems corrupt, this file will not get deleted when you do |
Still facing this error FastAPI
|
Really need to consider replacing this out-of-maintenanced lib. |
Signed-off-by: Alexander Piskun <[email protected]>
Had the same issue in FastAPI with using passlib[bcrypt] and moved down to bcrypt 4.0.1, that solved the error for me. |
I'd strongly recommend using bcrypt directly, and removing passlib altogether. It was pretty much a single line change in my FastAPI project (changing |
Issue looks old fashioned, FastApi's open question still here: fastapi/full-stack-fastapi-template#1369 |
Due to the issue explained here, I solved it by creating a dataclass with a version attribute, setting it equal to the new standalone __version__ attribute of bcrypt, and then assigning it to a new attribute __about__ for bcrypt. import bcrypt
from dataclasses import dataclass
@dataclass
class SolveBugBcryptWarning:
__version__: str = getattr(bcrypt, "__version__")
setattr(bcrypt, "__about__", SolveBugBcryptWarning()) This way, we can still see the log warnings from passlib, and the bug also disappears. from dataclasses import dataclass
import bcrypt
from passlib.context import CryptContext
@dataclass
class SolveBugBcryptWarning:
__version__: str = getattr(bcrypt, "__version__")
setattr(bcrypt, "__about__", SolveBugBcryptWarning())
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
def verify_password(plain_password, hashed_password):
return pwd_context.verify(plain_password, hashed_password)
def get_password_hash(password):
return pwd_context.hash(password)
hashed = get_password_hash(("1234"))
print(hashed) |
in order not to interfere with the library's source code, I tried this patch – it seems to work import bcrypt
if not hasattr(bcrypt, '__about__'):
bcrypt.__about__ = type('about', (object,), {'__version__': bcrypt.__version__}) |
For bcrypt 4.1.1, I get this error/warning when I run this code (code which is in FastAPI documentation)
I have passlib 1.7.4
output
It's not breaking anything, because code still runs.
This is not the case with bcrypt 4.0.1
The text was updated successfully, but these errors were encountered: