Drop passlib

CHANGELOG.md

@@ -0,0 +1,15 @@
+## unreleased 0.4.0
+
+### Add
+
+ - Added apr1.py module from https://github.com/Tblue/pyapr1 to support
+   apr1 hash algorithm.
+
+### Remove
+
+ - Removed passlib dependency since it's been unmaintained for 5 years
+   and is causing compatibility issue with bcrypt module.
+
+### Change
+
+ - Used standard library hashlib and crypt to support SHA and CRYPT hash.

README.md

@@ -1,11 +1,8 @@
 # Flat file authentication plugin for StackStorm Community edition
 
-[![Build Status](https://api.travis-ci.org/StackStorm/st2-auth-backend-flat-file.svg?branch=master)](https://travis-ci.org/StackStorm/st2-auth-backend-flat-file) [![IRC](https://img.shields.io/irc/%23stackstorm.png)](http://webchat.freenode.net/?channels=stackstorm)
+[![Tox CI](https://github.com/StackStorm/st2-auth-backend-flat-file/actions/workflows/tox.yaml/badge.svg)](https://github.com/StackStorm/st2-auth-backend-flat-file/actions/workflows/tox.yaml)
 
-Flat file backend supports reading credentials from an Apache HTTPd htpasswd formatted file. To
-manage this file you can use [htpasswd](https://httpd.apache.org/docs/2.2/programs/htpasswd.html)
-utility which comes with a standard Apache httpd distribution or by installing apache2-utils
-package on Ubuntu / Debian.
+Flat file backend supports reading credentials from an Apache HTTPd htpasswd formatted file. To manage this file you can use [htpasswd](https://httpd.apache.org/docs/2.2/programs/htpasswd.html) utility which comes with a standard Apache httpd distribution or by installing apache2-utils package on Ubuntu / Debian.
 
 ### Configuration Options
 
@@ -15,10 +12,7 @@ package on Ubuntu / Debian.
 
 ### Configuration Example
 
-Please refer to the authentication section in the StackStorm
-[documentation](http://docs.stackstorm.com) for basic setup concept. The
-following is an example of the auth section in the StackStorm configuration file for the flat-file
-backend.
+Please refer to the authentication section in the StackStorm [documentation](http://docs.stackstorm.com) for basic setup concept. The following is an example of the auth section in the StackStorm configuration file for the flat-file backend.
 
 ```ini
 [auth]
@@ -34,14 +28,15 @@ api_url = https://myhost.example.com:9101
 debug = False
 ```
 
-The following is an sample htpasswd command to generate a password file with a user entry.
+The following is an example htpasswd command to generate a password file with a user entry.  You should be using no other hashing algorithm than *bcrypt* as it is consider the only secure hashing algorithm amoung all the algorithms supported by htpasswd.
 
 ```
-htpasswd -cs /path/to/.htpasswd stark
+htpasswd -cB /path/to/.htpasswd stark
 ```
 
 ## Copyright, License, and Contributors Agreement
 
+Copyright 2025 StackStorm, Inc.
 Copyright 2015 StackStorm, Inc.
 
 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this work except in

dist_utils.py

@@ -43,15 +43,15 @@
 else:
     text_type = unicode  # NOQA
 
-GET_PIP = 'curl https://bootstrap.pypa.io/get-pip.py | python'
+GET_PIP = "curl https://bootstrap.pypa.io/get-pip.py | python"
 
 __all__ = [
-    'check_pip_is_installed',
-    'check_pip_version',
-    'fetch_requirements',
-    'apply_vagrant_workaround',
-    'get_version_string',
-    'parse_version_string'
+    "check_pip_is_installed",
+    "check_pip_version",
+    "fetch_requirements",
+    "apply_vagrant_workaround",
+    "get_version_string",
+    "parse_version_string",
 ]
 
 
@@ -62,15 +62,15 @@ def check_pip_is_installed():
     try:
         import pip  # NOQA
     except ImportError as e:
-        print('Failed to import pip: %s' % (text_type(e)))
-        print('')
-        print('Download pip:\n%s' % (GET_PIP))
+        print("Failed to import pip: %s" % (text_type(e)))
+        print("")
+        print("Download pip:\n%s" % (GET_PIP))
         sys.exit(1)
 
     return True
 
 
-def check_pip_version(min_version='6.0.0'):
+def check_pip_version(min_version="6.0.0"):
     """
     Ensure that a minimum supported version of pip is installed.
     """
@@ -79,10 +79,12 @@ def check_pip_version(min_version='6.0.0'):
     import pip
 
     if StrictVersion(pip.__version__) < StrictVersion(min_version):
-        print("Upgrade pip, your version '{0}' "
-              "is outdated. Minimum required version is '{1}':\n{2}".format(pip.__version__,
-                                                                            min_version,
-                                                                            GET_PIP))
+        print(
+            "Upgrade pip, your version '{0}' "
+            "is outdated. Minimum required version is '{1}':\n{2}".format(
+                pip.__version__, min_version, GET_PIP
+            )
+        )
         sys.exit(1)
 
     return True
@@ -96,30 +98,30 @@ def fetch_requirements(requirements_file_path):
     reqs = []
 
     def _get_link(line):
-        vcs_prefixes = ['git+', 'svn+', 'hg+', 'bzr+']
+        vcs_prefixes = ["git+", "svn+", "hg+", "bzr+"]
 
         for vcs_prefix in vcs_prefixes:
-            if line.startswith(vcs_prefix) or line.startswith('-e %s' % (vcs_prefix)):
-                req_name = re.findall('.*#egg=(.+)([&|@]).*$', line)
+            if line.startswith(vcs_prefix) or line.startswith("-e %s" % (vcs_prefix)):
+                req_name = re.findall(".*#egg=(.+)([&|@]).*$", line)
 
                 if not req_name:
-                    req_name = re.findall('.*#egg=(.+?)$', line)
+                    req_name = re.findall(".*#egg=(.+?)$", line)
                 else:
                     req_name = req_name[0]
 
                 if not req_name:
                     raise ValueError('Line "%s" is missing "#egg=<package name>"' % (line))
 
-                link = line.replace('-e ', '').strip()
+                link = line.replace("-e ", "").strip()
                 return link, req_name[0]
 
         return None, None
 
-    with open(requirements_file_path, 'r') as fp:
+    with open(requirements_file_path, "r") as fp:
         for line in fp.readlines():
             line = line.strip()
 
-            if line.startswith('#') or not line:
+            if line.startswith("#") or not line:
                 continue
 
             link, req_name = _get_link(line=line)
@@ -129,8 +131,8 @@ def _get_link(line):
             else:
                 req_name = line
 
-                if ';' in req_name:
-                    req_name = req_name.split(';')[0].strip()
+                if ";" in req_name:
+                    req_name = req_name.split(";")[0].strip()
 
             reqs.append(req_name)
 
@@ -144,7 +146,7 @@ def apply_vagrant_workaround():
     Note: Without this workaround, setup.py sdist will fail when running inside a shared directory
     (nfs / virtualbox shared folders).
     """
-    if os.environ.get('USER', None) == 'vagrant':
+    if os.environ.get("USER", None) == "vagrant":
         del os.link
 
 
@@ -153,14 +155,13 @@ def get_version_string(init_file):
     Read __version__ string for an init file.
     """
 
-    with open(init_file, 'r') as fp:
+    with open(init_file, "r") as fp:
         content = fp.read()
-        version_match = re.search(r"^__version__ = ['\"]([^'\"]*)['\"]",
-                                  content, re.M)
+        version_match = re.search(r"^__version__ = ['\"]([^'\"]*)['\"]", content, re.M)
         if version_match:
             return version_match.group(1)
 
-        raise RuntimeError('Unable to find version string in %s.' % (init_file))
+        raise RuntimeError("Unable to find version string in %s." % (init_file))
 
 
 # alias for get_version_string

lint-configs/python/.pylintrc

@@ -22,3 +22,6 @@ ignored-modules=distutils,eventlet.green.subprocess
 max-line-length=100
 max-module-lines=1000
 indent-string='    '
+
+[MASTER]
+init-hook='import sys; sys.path.append("./st2auth_flat_file_backend")'

pyproject.toml

@@ -0,0 +1,5 @@
+[tool.pytest.ini_options]
+pythonpath = [
+  ".",
+  "st2auth_flat_file_backend"
+]

requirements.txt

@@ -1,4 +1 @@
-# passlib can use several libs to provide bcrypt (which is required for htpasswd support),
-# but passlib deprecated support for py-bcrypt, a bcrypt lib alternative.
-# The [bcrypt] extra ensures we use bcrypt instead of some other lib.
-passlib[bcrypt]>=1.7.1,<1.8.0
+bcrypt>=4.3.0

setup.py

@@ -22,8 +22,8 @@
 from dist_utils import parse_version_string
 
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
-REQUIREMENTS_FILE = os.path.join(BASE_DIR, 'requirements.txt')
-INIT_FILE = os.path.join(BASE_DIR, 'st2auth_flat_file_backend', '__init__.py')
+REQUIREMENTS_FILE = os.path.join(BASE_DIR, "requirements.txt")
+INIT_FILE = os.path.join(BASE_DIR, "st2auth_flat_file_backend", "__init__.py")
 
 version = parse_version_string(INIT_FILE)
 install_reqs, dep_links = fetch_requirements(REQUIREMENTS_FILE)
@@ -32,40 +32,40 @@
     long_description = fh.read()
 
 setup(
-    name='st2-auth-backend-flat-file',
+    name="st2-auth-backend-flat-file",
     version=version,
-    description='StackStorm authentication backend which reads credentials from a htpasswd compatible file on disk.',
+    description="StackStorm authentication backend which reads credentials from a htpasswd compatible file on disk.",
     long_description=long_description,
     long_description_content_type="text/markdown",
-    author='StackStorm, Inc.',
-    author_email='[email protected]',
-    url='https://github.com/StackStorm/st2-auth-backend-flat-file',
-    license='Apache License (2.0)',
-    download_url='https://github.com/StackStorm/st2-auth-backend-flat-file/tarball/master',
+    author="StackStorm, Inc.",
+    author_email="[email protected]",
+    url="https://github.com/StackStorm/st2-auth-backend-flat-file",
+    license="Apache License (2.0)",
+    download_url="https://github.com/StackStorm/st2-auth-backend-flat-file/tarball/master",
     classifiers=[
-        'Development Status :: 3 - Alpha',
-        'License :: OSI Approved :: Apache Software License',
-        'Programming Language :: Python',
-        'Programming Language :: Python :: 3',
-        'Programming Language :: Python :: 3.8',
-        'Programming Language :: Python :: 3.9',
-        'Programming Language :: Python :: 3.10',
-        'Programming Language :: Python :: 3.11',
-        'Intended Audience :: Developers',
-        'Environment :: Console',
+        "Development Status :: 3 - Alpha",
+        "License :: OSI Approved :: Apache Software License",
+        "Programming Language :: Python",
+        "Programming Language :: Python :: 3",
+        "Programming Language :: Python :: 3.8",
+        "Programming Language :: Python :: 3.9",
+        "Programming Language :: Python :: 3.10",
+        "Programming Language :: Python :: 3.11",
+        "Intended Audience :: Developers",
+        "Environment :: Console",
     ],
-    python_requires='>=3.8',
-    platforms=['Any'],
+    python_requires=">=3.8",
+    platforms=["Any"],
     scripts=[],
-    provides=['st2auth_flat_file_backend'],
+    provides=["st2auth_flat_file_backend"],
     packages=find_packages(),
     include_package_data=True,
     install_requires=install_reqs,
     dependency_links=dep_links,
     entry_points={
-        'st2auth.backends.backend': [
-            'flat_file = st2auth_flat_file_backend.flat_file:FlatFileAuthenticationBackend',
+        "st2auth.backends.backend": [
+            "flat_file = st2auth_flat_file_backend.flat_file:FlatFileAuthenticationBackend",
         ],
     },
-    zip_safe=False
+    zip_safe=False,
 )

st2auth_flat_file_backend/__init__.py

@@ -17,8 +17,6 @@
 
 from .flat_file import FlatFileAuthenticationBackend
 
-__all__ = [
-    'FlatFileAuthenticationBackend'
-]
+__all__ = ["FlatFileAuthenticationBackend"]
 
-__version__ = '0.3.0'
+__version__ = "0.4.0"