===================
``zope.password``
===================
.. image:: https://img.shields.io/pypi/v/zope.password.svg
:target: https://pypi.python.org/pypi/zope.password/
:alt: Latest release
.. image:: https://img.shields.io/pypi/pyversions/zope.password.svg
:target: https://pypi.org/project/zope.password/
:alt: Supported Python versions
.. image:: https://github.com/zopefoundation/zope.password/actions/workflows/tests.yml/badge.svg
:target: https://github.com/zopefoundation/zope.password/actions/workflows/tests.yml
.. image:: https://coveralls.io/repos/github/zopefoundation/zope.password/badge.svg?branch=master
:target: https://coveralls.io/github/zopefoundation/zope.password?branch=master
.. image:: https://readthedocs.org/projects/zopepassword/badge/?version=latest
:target: https://zopepassword.readthedocs.io/en/latest/
:alt: Documentation Status
This package provides a password manager mechanism. The password manager
is an utility object that can encode and check encoded
passwords.
Documentation is hosted at https://zopepassword.readthedocs.io/
=========
Changes
=========
5.0 (2025-01-14)
================
- Add support for Python 3.11. 3.12, 3.13.
- Drop support for Python 2.7, 3.5, 3.6, 3.7, 3.8.
4.4 (2022-09-01)
================
- Add support for Python 3.7, 3.8, 3.9, 3.10.
- Drop support for Python 3.4.
4.3.1 (2017-09-01)
==================
- Fix running ``configure.zcml`` when ``zope.security`` is installed.
See `issue 15
<https://github.com/zopefoundation/zope.password/issues/15>`_.
4.3.0 (2017-08-31)
==================
- Added a ``bcrypt``-based password manager (available only if the
`bcrypt <https://pypi.python.org/pypi/bcrypt>`_ library is
importable). This manager can also check passwords that were encoded
with `z3c.bcrypt <https://pypi.python.org/pypi/z3c.bcrypt>`_. If
that package is *not* installed, then ``configure.zcml`` will
install this manager as a utility with both the ``BCRYPT``
(preferred) and ``bcrypt`` names for compatibility with it. (See
https://github.com/zopefoundation/zope.password/issues/10)
- Add a ``bcrypt_kdf`` password manager. This allows tunable numbers
of rounds. See https://github.com/zopefoundation/zope.password/issues/9
- Fix the ``zpasswd`` console script on Python 3.
- Update the ``zpasswd`` script to use ``argparse`` instead of ``optparse.``
- Use ``hmac.compare_digest`` when checking passwords to
prevent timing analysis. This requires Python 2.7.7 or above.
- Add support for Python 3.6.
- Drop support for Python 3.3 and Python 2.7.6 and below.
- Drop support for ``python setup.py test``.
4.2.0 (2016-07-07)
==================
- Drop support for Python 2.6.
- Converted documentation to Sphinx, including testing doctest snippets
under ``tox``.
- Add support for Python 3.5.
4.1.0 (2014-12-27)
==================
- Add support for PyPy. (PyPy3 is pending release of a fix for:
https://bitbucket.org/pypy/pypy/issue/1946)
- Add supprt for Python 3.4.
- Add support for testing on Travis.
4.0.2 (2013-03-11)
==================
- Fix some final resource warnings.
4.0.1 (2013-03-10)
==================
- Fix test failures under Python 3.3 when warnings are enabled.
4.0.0 (2013-02-21)
==================
- Make ``zpasswd`` a proper console script entry point.
- Add ``tox.ini`` and ``MANIFEST.in``.
- Add support for Python 3.3
- Replace deprecated ``zope.interface.implements`` usage with equivalent
``zope.interface.implementer`` decorator.
- Drop support for Python 2.4 and 2.5.
- Add a new ``IMatchingPasswordManager`` interface with a 'match' method,
which returns True if a given password hash was encdoded with the scheme
implemented by the specific manager. All managers in this package implement
this interface.
- Use "{SHA}" as the prefix for SHA1-encoded passwords to be compatible with
RFC 2307, but support matching against "{SHA1}" for backwards compatibility.
- Add a crypt password manager to fully support all methods named in RFC 2307.
It is contained in the ``legacy`` module however, to flag crypt's status.
- Add a SMD5 (salted MD5) password manager to fully support all encoding
schemes implemented by OpenLDAP.
- Add a MySQL ``PASSWORD()`` (versions before 4.1) password manager, as also
found in Zope2's ``AccessControl.AuthEncoding`` module.
- Remove the useless, cosmetic salt from the MD5 and SHA1 password managers,
and use base64 encoding instead of hexdigests. This makes the output of
these managers compatible with other MD5 and SHA1 hash implementations such
as RFC 2307 but doesn't lower it's security in any way. Checking passwords
against old, still 'salted' password hashes with hexdigests is still
supported.
- Use the ``standard_base64encode`` method instead of ``url_base64encode``
to maintain compatibility with LDAP.
3.6.1 (2010-05-27)
==================
- The SSHAPasswordManager.checkPassword() would not handle unicode input
(even if the string would only contain ascii characters). Now, the
``encoded_password`` input will be encoded to ascii, which is deemed safe
as it should not contain non-ascii characters anyway.
3.6.0 (2010-05-07)
==================
- Remove ``zope.testing`` dependency for tests.
- Update some copyright headers to comply to repository policy.
- Add ``zpasswd`` script formerly hold in zope.app.server. Contrary to
former zpasswd script, which used "Plain Text" as default password
manager, now SSHA is used as default.
3.5.1 (2009-03-14)
==================
- Make security protection directives in ``configure.zcml`` execute only
if ``zope.security`` is installed. This will allow reuse of the
``configure.zcml`` file in environments without ``zope.security``,
for example with ``repoze.zcml``.
- Add "Password Manager Names" vocabulary for use with ``zope.schema``
and ``zope.component``, like it was in ``zope.app.authentication``.
It's an optional feature so it doesn't add hard dependency. We use
"vocabulary" extra to list dependencies needed for vocabulary functionality.
3.5.0 (2009-03-06)
==================
First release. This package was splitted off from ``zope.app.authentication``
to separate password manager functionality that is greatly re-usable without
any bit of ``zope.app.authentication`` and to reduce its dependencies.
Raw data
{
"_id": null,
"home_page": "http://github.com/zopefoundation/zope.password",
"name": "zope.password",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": null,
"keywords": "zope authentication password zpasswd",
"author": "Zope Foundation and Contributors",
"author_email": "zope-dev@zope.org",
"download_url": "https://files.pythonhosted.org/packages/24/ad/949993af410a1534e9a202971bed7d89dce89d8353a233b36a049cad191a/zope_password-5.0.tar.gz",
"platform": null,
"description": "===================\n ``zope.password``\n===================\n\n.. image:: https://img.shields.io/pypi/v/zope.password.svg\n :target: https://pypi.python.org/pypi/zope.password/\n :alt: Latest release\n\n.. image:: https://img.shields.io/pypi/pyversions/zope.password.svg\n :target: https://pypi.org/project/zope.password/\n :alt: Supported Python versions\n\n.. image:: https://github.com/zopefoundation/zope.password/actions/workflows/tests.yml/badge.svg\n :target: https://github.com/zopefoundation/zope.password/actions/workflows/tests.yml\n\n.. image:: https://coveralls.io/repos/github/zopefoundation/zope.password/badge.svg?branch=master\n :target: https://coveralls.io/github/zopefoundation/zope.password?branch=master\n\n.. image:: https://readthedocs.org/projects/zopepassword/badge/?version=latest\n :target: https://zopepassword.readthedocs.io/en/latest/\n :alt: Documentation Status\n\nThis package provides a password manager mechanism. The password manager\nis an utility object that can encode and check encoded\npasswords.\n\nDocumentation is hosted at https://zopepassword.readthedocs.io/\n\n\n=========\n Changes\n=========\n\n5.0 (2025-01-14)\n================\n\n- Add support for Python 3.11. 3.12, 3.13.\n\n- Drop support for Python 2.7, 3.5, 3.6, 3.7, 3.8.\n\n\n4.4 (2022-09-01)\n================\n\n- Add support for Python 3.7, 3.8, 3.9, 3.10.\n\n- Drop support for Python 3.4.\n\n\n4.3.1 (2017-09-01)\n==================\n\n- Fix running ``configure.zcml`` when ``zope.security`` is installed.\n See `issue 15\n <https://github.com/zopefoundation/zope.password/issues/15>`_.\n\n\n4.3.0 (2017-08-31)\n==================\n\n- Added a ``bcrypt``-based password manager (available only if the\n `bcrypt <https://pypi.python.org/pypi/bcrypt>`_ library is\n importable). This manager can also check passwords that were encoded\n with `z3c.bcrypt <https://pypi.python.org/pypi/z3c.bcrypt>`_. If\n that package is *not* installed, then ``configure.zcml`` will\n install this manager as a utility with both the ``BCRYPT``\n (preferred) and ``bcrypt`` names for compatibility with it. (See\n https://github.com/zopefoundation/zope.password/issues/10)\n\n- Add a ``bcrypt_kdf`` password manager. This allows tunable numbers\n of rounds. See https://github.com/zopefoundation/zope.password/issues/9\n\n- Fix the ``zpasswd`` console script on Python 3.\n\n- Update the ``zpasswd`` script to use ``argparse`` instead of ``optparse.``\n\n- Use ``hmac.compare_digest`` when checking passwords to\n prevent timing analysis. This requires Python 2.7.7 or above.\n\n- Add support for Python 3.6.\n\n- Drop support for Python 3.3 and Python 2.7.6 and below.\n\n- Drop support for ``python setup.py test``.\n\n4.2.0 (2016-07-07)\n==================\n\n- Drop support for Python 2.6.\n\n- Converted documentation to Sphinx, including testing doctest snippets\n under ``tox``.\n\n- Add support for Python 3.5.\n\n\n4.1.0 (2014-12-27)\n==================\n\n- Add support for PyPy. (PyPy3 is pending release of a fix for:\n https://bitbucket.org/pypy/pypy/issue/1946)\n\n- Add supprt for Python 3.4.\n\n- Add support for testing on Travis.\n\n\n4.0.2 (2013-03-11)\n==================\n\n- Fix some final resource warnings.\n\n\n4.0.1 (2013-03-10)\n==================\n\n- Fix test failures under Python 3.3 when warnings are enabled.\n\n\n4.0.0 (2013-02-21)\n==================\n\n- Make ``zpasswd`` a proper console script entry point.\n\n- Add ``tox.ini`` and ``MANIFEST.in``.\n\n- Add support for Python 3.3\n\n- Replace deprecated ``zope.interface.implements`` usage with equivalent\n ``zope.interface.implementer`` decorator.\n\n- Drop support for Python 2.4 and 2.5.\n\n- Add a new ``IMatchingPasswordManager`` interface with a 'match' method,\n which returns True if a given password hash was encdoded with the scheme\n implemented by the specific manager. All managers in this package implement\n this interface.\n\n- Use \"{SHA}\" as the prefix for SHA1-encoded passwords to be compatible with\n RFC 2307, but support matching against \"{SHA1}\" for backwards compatibility.\n\n- Add a crypt password manager to fully support all methods named in RFC 2307.\n It is contained in the ``legacy`` module however, to flag crypt's status.\n\n- Add a SMD5 (salted MD5) password manager to fully support all encoding\n schemes implemented by OpenLDAP.\n\n- Add a MySQL ``PASSWORD()`` (versions before 4.1) password manager, as also\n found in Zope2's ``AccessControl.AuthEncoding`` module.\n\n- Remove the useless, cosmetic salt from the MD5 and SHA1 password managers,\n and use base64 encoding instead of hexdigests. This makes the output of\n these managers compatible with other MD5 and SHA1 hash implementations such\n as RFC 2307 but doesn't lower it's security in any way. Checking passwords\n against old, still 'salted' password hashes with hexdigests is still\n supported.\n\n- Use the ``standard_base64encode`` method instead of ``url_base64encode``\n to maintain compatibility with LDAP.\n\n3.6.1 (2010-05-27)\n==================\n\n- The SSHAPasswordManager.checkPassword() would not handle unicode input\n (even if the string would only contain ascii characters). Now, the\n ``encoded_password`` input will be encoded to ascii, which is deemed safe\n as it should not contain non-ascii characters anyway.\n\n3.6.0 (2010-05-07)\n==================\n\n- Remove ``zope.testing`` dependency for tests.\n\n- Update some copyright headers to comply to repository policy.\n\n- Add ``zpasswd`` script formerly hold in zope.app.server. Contrary to\n former zpasswd script, which used \"Plain Text\" as default password\n manager, now SSHA is used as default.\n\n3.5.1 (2009-03-14)\n==================\n\n- Make security protection directives in ``configure.zcml`` execute only\n if ``zope.security`` is installed. This will allow reuse of the\n ``configure.zcml`` file in environments without ``zope.security``,\n for example with ``repoze.zcml``.\n\n- Add \"Password Manager Names\" vocabulary for use with ``zope.schema``\n and ``zope.component``, like it was in ``zope.app.authentication``.\n It's an optional feature so it doesn't add hard dependency. We use\n \"vocabulary\" extra to list dependencies needed for vocabulary functionality.\n\n3.5.0 (2009-03-06)\n==================\n\nFirst release. This package was splitted off from ``zope.app.authentication``\nto separate password manager functionality that is greatly re-usable without\nany bit of ``zope.app.authentication`` and to reduce its dependencies.\n",
"bugtrack_url": null,
"license": "ZPL 2.1",
"summary": "Password encoding and checking utilities",
"version": "5.0",
"project_urls": {
"Homepage": "http://github.com/zopefoundation/zope.password"
},
"split_keywords": [
"zope",
"authentication",
"password",
"zpasswd"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "68663dd0be3ac639bfbec978a0c45ba338ad0841a923ecbfb810ac3d87a89f31",
"md5": "beafec3d230cd679185d15fbc9b248e6",
"sha256": "0aa0f07e06ad199dc9da29dba8835e5208c0a0b97ee23d8544d6cae5e2bf7d98"
},
"downloads": -1,
"filename": "zope.password-5.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "beafec3d230cd679185d15fbc9b248e6",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9",
"size": 26228,
"upload_time": "2025-01-14T14:30:10",
"upload_time_iso_8601": "2025-01-14T14:30:10.828336Z",
"url": "https://files.pythonhosted.org/packages/68/66/3dd0be3ac639bfbec978a0c45ba338ad0841a923ecbfb810ac3d87a89f31/zope.password-5.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "24ad949993af410a1534e9a202971bed7d89dce89d8353a233b36a049cad191a",
"md5": "f0ad4e377bfe6d731229780ac902f733",
"sha256": "bbb4f625b2ed7554996d82061fe072d68cdd2dcb2c3fa7f0be0878d6e51a16fd"
},
"downloads": -1,
"filename": "zope_password-5.0.tar.gz",
"has_sig": false,
"md5_digest": "f0ad4e377bfe6d731229780ac902f733",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 33390,
"upload_time": "2025-01-14T14:30:13",
"upload_time_iso_8601": "2025-01-14T14:30:13.898253Z",
"url": "https://files.pythonhosted.org/packages/24/ad/949993af410a1534e9a202971bed7d89dce89d8353a233b36a049cad191a/zope_password-5.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-01-14 14:30:13",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "zopefoundation",
"github_project": "zope.password",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"tox": true,
"lcname": "zope.password"
}
JSON
