Exceptions and warnings — Passlib v1.7.4 Documentation (original) (raw)
This module contains all the custom exceptions & warnings that may be raised by Passlib.
Exceptions¶
exception passlib.exc. MissingBackendError¶
Error raised if multi-backend handler has no available backends; or if specifically requested backend is not available.
MissingBackendError derives from RuntimeError, since it usually indicates lack of an external library or OS feature. This is primarily raised by handlers which depend on external libraries (which is currently justbcrypt).
exception passlib.exc. InternalBackendError¶
Error raised if something unrecoverable goes wrong with backend call; such as if crypt.crypt() returning a malformed hash.
New in version 1.7.3.
exception passlib.exc. PasswordValueError¶
Error raised if a password can’t be hashed / verified for various reasons. This exception derives from the builtin ValueError.
May be thrown directly when password violates internal invariants of hasher (e.g. some don’t support NULL characters). Hashers may also throw more specific subclasses, such as PasswordSizeError.
New in version 1.7.3.
exception passlib.exc. PasswordSizeError(max_size, msg=None)¶
Error raised if a password exceeds the maximum size allowed by Passlib (by default, 4096 characters); or if password exceeds a hash-specific size limitation.
This exception derives from PasswordValueError (above).
Many password hash algorithms take proportionately larger amounts of time and/or memory depending on the size of the password provided. This could present a potential denial of service (DOS) situation if a maliciously large password is provided to an application. Because of this, Passlib enforces a maximum size limit, but one which should be much larger than any legitimate password. PasswordSizeError derives from ValueError.
Note
Applications wishing to use a different limit should set thePASSLIB_MAX_PASSWORD_SIZE environmental variable before Passlib is loaded. The value can be any large positive integer.
max_size¶
indicates the maximum allowed size.
New in version 1.6.
exception passlib.exc. PasswordTruncateError(cls, msg=None)¶
Error raised if password would be truncated by hash. This derives from PasswordSizeError (above).
Hashers such as bcrypt can be configured to raises this error by setting truncate_error=True.
max_size¶
indicates the maximum allowed size.
New in version 1.7.
exception passlib.exc. PasslibSecurityError¶
Error raised if critical security issue is detected (e.g. an attempt is made to use a vulnerable version of a bcrypt backend).
New in version 1.6.3.
exception passlib.exc. UnknownHashError(message=None, value=None)¶
Error raised by lookup_hash if hash name is not recognized. This exception derives from ValueError.
As of version 1.7.3, this may also be raised if hash algorithm is known, but has been disabled due to FIPS mode (message will include phrase “disabled for fips”).
As of version 1.7.4, this may be raised if a CryptContextis unable to identify the algorithm used by a password hash.
New in version 1.7.
Changed in version 1.7.4: altered call signature.
TOTP Exceptions¶
exception passlib.exc. TokenError(msg=None, *args, **kwds)¶
Base error raised by v:mod:passlib.totp when a token can’t be parsed / isn’t valid / etc. Derives from ValueError.
Usually one of the more specific subclasses below will be raised:
- MalformedTokenError – invalid chars, too few digits
- InvalidTokenError – no match found
- UsedTokenError – match found, but token already used
New in version 1.7.
exception passlib.exc. MalformedTokenError(msg=None, *args, **kwds)¶
Error raised by passlib.totp when a token isn’t formatted correctly (contains invalid characters, wrong number of digits, etc)
exception passlib.exc. InvalidTokenError(msg=None, *args, **kwds)¶
Error raised by passlib.totp when a token is formatted correctly, but doesn’t match any tokens within valid range.
exception passlib.exc. UsedTokenError(*args, **kwds)¶
Error raised by passlib.totp if a token is reused. Derives from TokenError.
expire_time = None¶
optional value indicating when current counter period will end, and a new token can be generated.
New in version 1.7.
Warnings¶
exception passlib.exc. PasslibWarning¶
base class for Passlib’s user warnings, derives from the builtin UserWarning.
New in version 1.6.
Minor Warnings¶
exception passlib.exc. PasslibConfigWarning¶
Warning issued when non-fatal issue is found related to the configuration of a CryptContext instance.
This occurs primarily in one of two cases:
- The CryptContext contains rounds limits which exceed the hard limits imposed by the underlying algorithm.
- An explicit rounds value was provided which exceeds the limits imposed by the CryptContext.
In both of these cases, the code will perform correctly & securely; but the warning is issued as a sign the configuration may need updating.
New in version 1.6.
exception passlib.exc. PasslibHashWarning¶
Warning issued when non-fatal issue is found with parameters or hash string passed to a passlib hash class.
This occurs primarily in one of two cases:
- A rounds value or other setting was explicitly provided which exceeded the handler’s limits (and has been clamped by the relaxed flag).
- A malformed hash string was encountered which (while parsable) should be re-encoded.
New in version 1.6.
Critical Warnings¶
exception passlib.exc. PasslibRuntimeWarning¶
Warning issued when something unexpected happens during runtime.
The fact that it’s a warning instead of an error means Passlib was able to correct for the issue, but that it’s anomalous enough that the developers would love to hear under what conditions it occurred.
New in version 1.6.
exception passlib.exc. PasslibSecurityWarning¶
Special warning issued when Passlib encounters something that might affect security.
New in version 1.6.