django-sha2
django-sha2 copied to clipboard
fwenzel
ImproperlyConfigured: hasher not found: django_sha2.hashers.bcrypt2012_06_01
Do you know why I'd be getting this error?
Traceback (most recent call last):
File "/Users/kumar/dev/jstestnet/jstestnet/system/tests/test_views.py", line 320, in setUp
a.set_password('test')
File "/Users/kumar/dev/jstestnet/vendor/lib/python/django/contrib/auth/models.py", line 294, in set_password
self.password = make_password(raw_password)
File "/Users/kumar/dev/jstestnet/vendor/lib/python/django/contrib/auth/hashers.py", line 62, in make_password
hasher = get_hasher(hasher)
File "/Users/kumar/dev/jstestnet/vendor/lib/python/django/contrib/auth/hashers.py", line 107, in get_hasher
load_hashers()
File "/Users/kumar/dev/jstestnet/vendor/lib/python/django/contrib/auth/hashers.py", line 84, in load_hashers
raise ImproperlyConfigured("hasher not found: %s" % backend)
ImproperlyConfigured: hasher not found: django_sha2.hashers.bcrypt2012_06_01
I'm using the latest Playdoh and have this is my local settings per instructions from django-sha2:
HMAC_KEYS = {
'2012-06-01': 'Example of shared key',
}
# Use sha 256 by default but support any other algorithm:
BASE_PASSWORD_HASHERS = (
'django_sha2.hashers.SHA256PasswordHasher',
'django_sha2.hashers.BcryptHMACCombinedPasswordVerifier',
'django_sha2.hashers.SHA512PasswordHasher',
'django.contrib.auth.hashers.SHA1PasswordHasher',
'django.contrib.auth.hashers.MD5PasswordHasher',
'django.contrib.auth.hashers.UnsaltedMD5PasswordHasher',
)
from django_sha2 import get_password_hashers
PASSWORD_HASHERS = get_password_hashers(BASE_PASSWORD_HASHERS, HMAC_KEYS)
If I comment out the HMAC keys I no longer get the hasher not found error.
@tallowen wrote some code to dynamically generate hashers for HMAC/Bcrypt, there might be something broken there.
Give me a day - i'll look into this tomorrow
On Wed, Jun 6, 2012 at 3:16 PM, Fred Wenzel < [email protected]
wrote:
@tallowen wrote some code to dynamically generate hashers for HMAC/Bcrypt, there might be something broken there.
Reply to this email directly or view it on GitHub: https://github.com/fwenzel/django-sha2/issues/14#issuecomment-6159874
Owen Coutts University of Waterloo
Email: [email protected] Phone: 206.651.4004
fwiw I only saw this when upgrading an old app to the new Playdoh. I did not see this error when configuring the latest Playdoh out of the box.
Hmm. For some reason the password hasher isn't being created. Its created dynamically at import time - it creates one per hmac_key in the settings. This probably means that django_sha2 isn't seeing the hmac_keys properly but I'm not sure why that would be the case.
To produce:
- Create new project
- run syncdb
- add superusers
Traceback (most recent call last):
File "./manage.py", line 10, in <module>
execute_from_command_line(sys.argv)
File "***/lib/python2.7/site-packages/django/core/management/__init__.py", line 443, in execute_from_command_line
utility.execute()
File "***/lib/python2.7/site-packages/django/core/management/__init__.py", line 382, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "***/lib/python2.7/site-packages/django/core/management/base.py", line 196, in run_from_argv
self.execute(*args, **options.__dict__)
File "***/lib/python2.7/site-packages/django/core/management/base.py", line 232, in execute
output = self.handle(*args, **options)
File "***/lib/python2.7/site-packages/django/core/management/base.py", line 371, in handle
return self.handle_noargs(**options)
File "***/lib/python2.7/site-packages/south/management/commands/syncdb.py", line 90, in handle_noargs
syncdb.Command().execute(**options)
File "***/lib/python2.7/site-packages/django/core/management/base.py", line 232, in execute
output = self.handle(*args, **options)
File "***/lib/python2.7/site-packages/django/core/management/base.py", line 371, in handle
return self.handle_noargs(**options)
File "***/lib/python2.7/site-packages/django/core/management/commands/syncdb.py", line 110, in handle_noargs
emit_post_sync_signal(created_models, verbosity, interactive, db)
File "***/lib/python2.7/site-packages/django/core/management/sql.py", line 189, in emit_post_sync_signal
interactive=interactive, db=db)
File "***/lib/python2.7/site-packages/django/dispatch/dispatcher.py", line 172, in send
response = receiver(signal=self, sender=sender, **named)
File "***/lib/python2.7/site-packages/django/contrib/auth/management/__init__.py", line 73, in create_superuser
call_command("createsuperuser", interactive=True, database=db)
File "***/lib/python2.7/site-packages/django/core/management/__init__.py", line 150, in call_command
return klass.execute(*args, **defaults)
File "***/lib/python2.7/site-packages/django/core/management/base.py", line 232, in execute
output = self.handle(*args, **options)
File "***/lib/python2.7/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 124, in handle
User.objects.db_manager(database).create_superuser(username, email, password)
File "***/lib/python2.7/site-packages/django/contrib/auth/models.py", line 164, in create_superuser
u = self.create_user(username, email, password)
File "***/lib/python2.7/site-packages/django/contrib/auth/models.py", line 159, in create_user
user.set_password(password)
File "***/lib/python2.7/site-packages/django/contrib/auth/models.py", line 294, in set_password
self.password = make_password(raw_password)
File "***/lib/python2.7/site-packages/django/contrib/auth/hashers.py", line 62, in make_password
hasher = get_hasher(hasher)
File "***/lib/python2.7/site-packages/django/contrib/auth/hashers.py", line 107, in get_hasher
load_hashers()
File "***/lib/python2.7/site-packages/django/contrib/auth/hashers.py", line 84, in load_hashers
raise ImproperlyConfigured("hasher not found: %s" % backend)
django.core.exceptions.ImproperlyConfigured: hasher not found: django_sha2.hashers.bcrypt2011_01_01
Looks like this error can be fixed by merge this change mozilla/playdoh@abafbf003a50171e11895207de96fbabee024b9f into older settings/local.py
if you put that in settings/local.py then you've disabled the HMAC key (since it's commented out). I also got it working that way but for an app I knew I didn't need bcrypt for since it didn't work with users.
Did you guys narrow this down yet? Looks like the dynamic generation of hashers is not run, perhaps?
If you look at hashers.py in django.contrib.auth the code that would import the dynamically generated password hasher looks like this:
# django.contrib.auth.hashers
...
try:
mod_path, cls_name = backend.rsplit('.', 1)
mod = importlib.import_module(mod_path)
hasher_cls = getattr(mod, cls_name)
except (AttributeError, ImportError, ValueError):
raise ImproperlyConfigured("hasher not found: %s" % backend)
...
The key here is that it's catching ImportError, but which import error?
# django_sha2.hashers
import base64
import hmac
import hashlib
import logging
import bcrypt
from django.conf import settings
from django.contrib.auth.hashers import (BCryptPasswordHasher,
BasePasswordHasher, mask_hash)
from django.utils.crypto import constant_time_compare
from django.utils.encoding import smart_str
from django.utils.datastructures import SortedDict
...
The odd one out is bcrypt, so my guess would be that this error is just occurring because py-bcrypt hasn't been installed. Sure enough, this is what was causing the error for me. This also explains why commenting out the HMAC_KEYS makes the whole thing work. If there are no HMAC_KEYS, django_sha2.hashers never gets executed, and thus there is no ImportError raised. Maybe add a reminder in the docs to install py-bcrypt.
Everytime I hit this I have to google for this issue to remember how to fix it :( Dear future self, in summary, here's what to check:
- Does
import bcryptsucceed in your environment? - Is
HMAC_KEYSdefined and is it not an empty dict? - In the exact settings file you define
HMAC_KEYSare you also callingget_password_hashers(...)underneath it?
This error occurred for me with an empty and a populated HMAC_KEYS. I did what @kumar303 suggested and ran import bcrypt which errored out. I then installed bcrypt on Ubuntu with
sudo apt-get install python-bcrypt
So which package is it that needs to have this dependency added to it's dependency list? Is this a Django issue or a Playdoh issue? (or something else)
