bcrypt
bcrypt copied to clipboard
pyca
AttributeError: module 'bcrypt' has no attribute '__about__' with new 4.1.1 version
For bcrypt 4.1.1, I get this error/warning when I run this code (code which is in FastAPI documentation) I have passlib 1.7.4
from passlib.context import CryptContext
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
pwd_context.hash('test')
output
(trapped) error reading bcrypt version
Traceback (most recent call last):
File "C:\path\venv\Lib\site-packages\passlib\handlers\bcrypt.py", line 620, in _load_backend_mixin
version = _bcrypt.__about__.__version__
^^^^^^^^^^^^^^^^^
AttributeError: module 'bcrypt' has no attribute '__about__'
'$2b$12$dcl0YFoHz6.pL/dtOwbfO.r3CRI416BLq6vJEf0EmT4CHsqqHm7FC'
It's not breaking anything, because code still runs.
This is not the case with bcrypt 4.0.1
This is an issue with how passlib attempts to read a version (for logging only) and fails because it's loading modules that no longer exist in bcrypt 4.1.x. I'd suggest filing an issue against them for this.
https://foss.heptapod.net/python-libs/passlib/-/blob/branch/stable/passlib/handlers/bcrypt.py#L619-623
Yep, passlib seems to be abandoned and the new bcrypt doesn't work with it. Needs to force bcrypt==4.0.1 to keep using passlib.
As the OP indicates here, passlib will work with latest bcrypt, it simply emits a warning. You should be able to silence that warning with a logging configuration.
Props to the opener of the issue on passlib: https://foss.heptapod.net/python-libs/passlib/-/issues/190
Edited to add: silencing the warning via logging config worked fine for me, hat-tip to @alex
logging.getLogger('passlib').setLevel(logging.ERROR)
Like others have pointed, passlib is not actively updated and it has dependencies that have changed behaviour over time. I recently had this error (below) that indirectly triggered a CORS error on my frontend, due to middleware misinterpretation.
> (trapped) error reading bcrypt version
> Traceback (most recent call last):
> File "C:\path\venv\Lib\site-packages\passlib\handlers\bcrypt.py", line 620, in _load_backend_mixin
> version = _bcrypt.__about__.__version__
> ^^^^^^^^^^^^^^^^^
I resolved it by removing the passlib module and simply using the bcrypt directly for hashing and verification :
import bcrypt
# Hash a password using bcrypt
def hash_password(password):
pwd_bytes = password.encode('utf-8')
salt = bcrypt.gensalt()
hashed_password = bcrypt.hashpw(password=pwd_bytes, salt=salt)
return hashed_password
# Check if the provided password matches the stored password (hashed)
def verify_password(plain_password, hashed_password):
password_byte_enc = plain_password.encode('utf-8')
return bcrypt.checkpw(password = password_byte_enc , hashed_password = hashed_password)
Reference: #https://www.geeksforgeeks.org/hashing-passwords-in-python-with-bcrypt/
For bcrypt 4.1.1, I get this error/warning when I run this code (code which is in FastAPI documentation) I have passlib 1.7.4
from passlib.context import CryptContext pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto") pwd_context.hash('test')output
(trapped) error reading bcrypt version Traceback (most recent call last): File "C:\path\venv\Lib\site-packages\passlib\handlers\bcrypt.py", line 620, in _load_backend_mixin version = _bcrypt.__about__.__version__ ^^^^^^^^^^^^^^^^^ AttributeError: module 'bcrypt' has no attribute '__about__' '$2b$12$dcl0YFoHz6.pL/dtOwbfO.r3CRI416BLq6vJEf0EmT4CHsqqHm7FC'It's not breaking anything, because code still runs.
This is not the case with bcrypt 4.0.1
just downgrade your bcrypt. i did it to 3.2.2. it works. it has __about attribute. hope my comment helps.
just downgrade your bcrypt. i did it to 3.2.2. it works. it has __about attribute. hope my comment helps.
And go without updates for a security-relevant library? :grimacing:
I resolved it by removing the passlib module and simply using the bcrypt directly for hashing and verification
I like this. Not a fan of using inactive libraries especially for straightforward things like this.
