AttributeError: module 'bcrypt' has no attribute '__about__' with new 4.1.1 version #684
Comments
|
This is an issue with how passlib attempts to read a version (for logging only) and fails because it's loading modules that no longer exist in bcrypt 4.1.x. I'd suggest filing an issue against them for this. |
|
Yep, passlib seems to be abandoned and the new bcrypt doesn't work with it. Needs to force |
|
As the OP indicates here, passlib will work with latest bcrypt, it simply emits a warning. You should be able to silence that warning with a logging configuration. |
|
Props to the opener of the issue on passlib: https://foss.heptapod.net/python-libs/passlib/-/issues/190 Edited to add: silencing the warning via logging config worked fine for me, hat-tip to @alex |
Changes: - Reinstate the `bcrypt` option for `password_hash` This has been done since `node_exporter` expects hashed password for basic authentication to be created with `brypt`. I initially removed because the following appears when running the `monitoring_client` role: ``` AttributeError: module 'bcrypt' has no attribute '__about__' ``` The play proceeds and `node_exporter` is correctly installed. I tried pinning `bcrypt` to `4.0.1` as suggested in pyca/bcrypt#684 but the traceback still appears. Without `bcrypt` the `node_exporter` service fails to start.
git clean -xdf
tar zcvf ../python-passlib_1.7.4.orig.tar.gz --exclude=.git .
debuild -uc -us
cp python-passlib.spec ../python-passlib_1.7.4-1.spec
cp ../python*-passlib*1.7.4*.{gz,xz,spec,dsc} /osc/home\:alvistack/python-libs-passlib-1.7.4/
rm -rf ../python*-passlib*1.7.4*.*
See https://foss.heptapod.net/python-libs/passlib/-/issues/190
See pyca/bcrypt#684
Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
|
Like others have pointed, passlib is not actively updated and it has dependencies that have changed behaviour over time. I resolved it by removing the passlib module and simply using the bcrypt directly for hashing and verification : Reference: #https://www.geeksforgeeks.org/hashing-passwords-in-python-with-bcrypt/ |
just downgrade your bcrypt. i did it to 3.2.2. it works. it has __about attribute. hope my comment helps. |
And go without updates for a security-relevant library? 😬 |
git clean -xdf
tar zcvf ../python-passlib_1.7.4.orig.tar.gz --exclude=.git .
debuild -uc -us
cp python-passlib.spec ../python-passlib_1.7.4-1.spec
cp ../python*-passlib*1.7.4*.{gz,xz,spec,dsc} /osc/home\:alvistack/python-libs-passlib-1.7.4/
rm -rf ../python*-passlib*1.7.4*.*
See https://foss.heptapod.net/python-libs/passlib/-/issues/190
See pyca/bcrypt#684
Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
issue : pyca/bcrypt#684 passlib seems to be unmaintained! so i rewrite the hash and verify password my self with pure bcrypt.
I like this. Not a fan of using inactive libraries especially for straightforward things like this. |
* Update trove from branch 'master'
to 3367c25e770c45e2a51040566b85329b6003246c
- stop using passlib
passlib is unmaintained and has not had a release since 2020
a recent bcrypt release just broke passlib
see pyca/bcrypt#684
trove's use of passlib is pretty tirval so this change
just removes it as a depency and delegate the random password
generation in trove.common.utils to the generate_random_key
function in the trove.common.crypto_utils module
Change-Id: I6b6c64147c627025d5f89db6032d1c54445df94f
passlib is unmaintained and has not had a release since 2020 a recent bcrypt release just broke passlib see pyca/bcrypt#684 trove's use of passlib is pretty tirval so this change just removes it as a depency and delegate the random password generation in trove.common.utils to the generate_random_key function in the trove.common.crypto_utils module Change-Id: I6b6c64147c627025d5f89db6032d1c54445df94f
- 새로운 도메인 User와 관련된 기능 추가
- schema, crud, router 코드 생성
- main.py에 user router 연결
- 사용자 정보 중복 상황을 다루기 위한 유효성 검사 반영
- 비밀번호 암호화를 위한 passlib 사용
- passlib와 bcrypt 간의 버전 문제가 있는 듯 하다.
- pyca/bcrypt#684
- 이메일 정보 포맷 확인을 위한 Pydantic 확장
- pip install pydantic[email]
i dont know how but it solved not only this problem, but also the one with not finding my 'app' package when importing from it. Thank You! |
|
Anyway to solve this issue ? Environement : python = ">=3.10,<4.0"
passlib = "^1.7.4"
fastapi = "^0.111.0"It's like passlib is not compatible maybe because passlib not being maintained anymore? |
You can remove passlib module and manually use bcrypt like this: #684 (comment). And If anyone gets an error like this: you can find information on how to resolve it here. |
Thank you for SO link. It solved the |
|
To remove passlib I have to change a lot of thing. devenv/lib/python3.10/site-packages/passlib/handlers/bcrypt.py # location of my bcrypt.py file
version = _bcrypt.__version__ # to put in line 620 after the first line of the try blockNo no error anymore. The correct version is shown when I run the fastapi project. |
|
So my working fix is to change [line 620] like this: venv\Lib\site-packages\passlib\handlers\bcrypt.py Previous -> New -> |
|
May this version 1.8 resolve this issue. |
|
bcrypt version 4.2.0, passlib-1.7.4 |
pip show bcrypt # check package location
cd /home/xxx/.pyenv/versions/3.10.10/envs/venv/lib/python3.10/site-packages/bcrypt # cd package location
rm -rf * # remove everything in bcrypt folder
pip uninstall bcrypt
pip install bcryptThe package folder original contains _bcrypt.cpython-310-x86_64-linux-gnu.so, this .so file seems corrupt, this file will not get deleted when you do |
|
Still facing this error FastAPI
|
|
Really need to consider replacing this out-of-maintenanced lib. |
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
|
Had the same issue in FastAPI with using passlib[bcrypt] and moved down to bcrypt 4.0.1, that solved the error for me. |
I'd strongly recommend using bcrypt directly, and removing passlib altogether. It was pretty much a single line change in my FastAPI project (changing |
|
Issue looks old fashioned, FastApi's open question still here: fastapi/full-stack-fastapi-template#1369 |
|
Due to the issue explained here, I solved it by creating a dataclass with a version attribute, setting it equal to the new standalone __version__ attribute of bcrypt, and then assigning it to a new attribute __about__ for bcrypt. import bcrypt
from dataclasses import dataclass
@dataclass
class SolveBugBcryptWarning:
__version__: str = getattr(bcrypt, "__version__")
setattr(bcrypt, "__about__", SolveBugBcryptWarning())This way, we can still see the log warnings from passlib, and the bug also disappears. from dataclasses import dataclass
import bcrypt
from passlib.context import CryptContext
@dataclass
class SolveBugBcryptWarning:
__version__: str = getattr(bcrypt, "__version__")
setattr(bcrypt, "__about__", SolveBugBcryptWarning())
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
def verify_password(plain_password, hashed_password):
return pwd_context.verify(plain_password, hashed_password)
def get_password_hash(password):
return pwd_context.hash(password)
hashed = get_password_hash(("1234"))
print(hashed) |
in order not to interfere with the library's source code, I tried this patch – it seems to work import bcrypt
if not hasattr(bcrypt, '__about__'):
bcrypt.__about__ = type('about', (object,), {'__version__': bcrypt.__version__}) |
and others
For bcrypt 4.1.1, I get this error/warning when I run this code (code which is in FastAPI documentation)
I have passlib 1.7.4
output
It's not breaking anything, because code still runs.
This is not the case with bcrypt 4.0.1
The text was updated successfully, but these errors were encountered: