Password Hashers¶
Warning
The current page still doesn't have a translation for this language.
But you can help translating it: Contributing.
For those familiar with other frameworks like Django, these password hashers will be very similar to you.
The password hashers, as the name suggests, are used to hash a given string into a salted string formated and therefore making a possible password even more secure.
Esmerald and password hashing¶
Esmerald supporting Saffier also means providing some of the features internally.
A lof of what is explained here is explained in more detail in the Saffier orm support.
Esmerald already brings some pre-defined password hashers that are available in the Esmerald settings and ready to be used.
@property
def password_hashers(self) -> List[str]:
return [
"esmerald.contrib.auth.hashers.PBKDF2PasswordHasher",
"esmerald.contrib.auth.hashers.PBKDF2SHA1PasswordHasher",
]
Esmerald uses passlib under the hood in order to facilitate the process of hashing passwords.
You can always override the property password_hashers
in your
custom settings and use your own.
from typing import List
from esmerald import EsmeraldAPISettings
from esmerald.contrib.auth.hashers import PBKDF2PasswordHasher
class CustomHasher(PBKDF2PasswordHasher):
"""
All the hashers inherit from BasePasswordHasher
"""
salt_entropy = 3000
class MySettings(EsmeraldAPISettings):
@property
def password_hashers(self) -> List[str]:
return ["myapp.hashers.CustomHasher"]
Current supported hashing¶
Currently Esmerald
supports PBKDF2
and PBKDF2SHA1
password hashing but this does not mean that only supports
those. In fact, you can use your own completely from the scratch and use it within your application.
Tip
If you want to create your own password hashing, it is advisable to subclass the BasePasswordHasher
.
from esmerald.contrib.auth.hashers import BasePasswordHasher