Password Hashers

For those familiar with other frameworks like Django, these password hashers will be very similar to you.

The password hashers, as the name suggests, are used to hash a given string into a salted string formated and therefore making a possible password even more secure.

Esmerald and password hashing

Esmerald supporting Saffier also means providing some of the features internally.

A lof of what is explained here is explained in more detail in the Saffier orm support.

Esmerald already brings some pre-defined password hashers that are available in the Esmerald settings and ready to be used.

@property
def password_hashers(self) -> List[str]:
    return [
        "esmerald.contrib.auth.hashers.PBKDF2PasswordHasher",
        "esmerald.contrib.auth.hashers.PBKDF2SHA1PasswordHasher",
    ]

Esmerald uses passlib under the hood in order to facilitate the process of hashing passwords.

You can always override the property password_hashers in your custom settings and use your own.

from typing import List

from esmerald import EsmeraldAPISettings
from esmerald.contrib.auth.hashers import PBKDF2PasswordHasher


class CustomHasher(PBKDF2PasswordHasher):
    """
    All the hashers inherit from BasePasswordHasher
    """

    salt_entropy = 3000


class MySettings(EsmeraldAPISettings):
    @property
    def password_hashers(self) -> List[str]:
        return ["myapp.hashers.CustomHasher"]

Current supported hashing

Currently Esmerald supports PBKDF2 and PBKDF2SHA1 password hashing but this does not mean that only supports those. In fact, you can use your own completely from the scratch and use it within your application.

Tip

If you want to create your own password hashing, it is advisable to subclass the BasePasswordHasher.

from esmerald.contrib.auth.hashers import BasePasswordHasher