Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

passlib seems not being maintenanced anymore. However FastAPI's docs still using. Consider change it.#11773

Answeredbysinisaos
dann2333 asked this question inQuestions
Discussion options

First Check

  • I added a very descriptive title here.
  • I used the GitHub search to find a similar question and didn't find it.
  • I searched the FastAPI documentation, with the integrated search.
  • I already searched in Google "How to X in FastAPI" and didn't find any information.
  • I already read and followed all the tutorial in the docs and didn't find an answer.
  • I already checked if it is not related to FastAPI but toPydantic.
  • I already checked if it is not related to FastAPI but toSwagger UI.
  • I already checked if it is not related to FastAPI but toReDoc.

Commit to Help

  • I commit to help with one of those options 👆

Example Code

frompasslib.contextimportCryptContextpwd_context=CryptContext(schemes=["bcrypt"],deprecated="auto")hashed_password=pwd_context.hash(user.password)

Description

It won't cause a actually problem but a warning about cannot get bcrypt's version(just for logging).
(trapped) error reading bcrypt version
There are also other issues about it. (pyca/bcrypt#684langflow-ai/langflow#1173 and more) It seems that passlib has been abandoned.
4fbe898990913e9e4203cff4fbc481bd

I suggest that the official docs may need to change some contexts such as thishttps://fastapi.tiangolo.com/tutorial/security/oauth2-jwt/ to avoid the using of passlib since it haven't been maintenanced for a long time.

Thanks.

Operating System

Windows

Operating System Details

No response

FastAPI Version

0.111.0

Pydantic Version

2.7.4

Python Version

Python 3.10.2

Additional Context

No response

You must be logged in to vote

@dann2333 Required changes to the docs example to usebcrypt directly are minimal. Just need to replace this part of the code

pwd_context=CryptContext(schemes=["bcrypt"],deprecated="auto")oauth2_scheme=OAuth2PasswordBearer(tokenUrl="token")app=FastAPI()defverify_password(plain_password,hashed_password):returnpwd_context.verify(plain_password,hashed_password)defget_password_hash(password):returnpwd_context.hash(password)

with this

# from passlib.context import CryptContext <- remove passlib from importsimportbcryptoauth2_scheme=OAuth2PasswordBearer(tokenUrl="token")app=FastAPI()defverify_password(plain_password,hashed_password):returnbc…

Replies: 3 comments 8 replies

Comment options

please check this :canonical/cloud-init#4791

You must be logged in to vote
4 replies
@dann2333
Comment options

Hi, it's 3 months passed and the new version of passlib seems still not released.

@RuoCJ
Comment options

please check this :canonical/cloud-init#4791 canonical/cloud-init#4791

Hi, passlib has not been updated yet, so it is recommended that fastapi update the documentation and abandon passlib for now

@dann2333
Comment options

please check this :canonical/cloud-init#4791

fastapi seems really need to change some... passlib still no update...

@sinisaos
Comment options

@dann2333 Required changes to the docs example to usebcrypt directly are minimal. Just need to replace this part of the code

pwd_context=CryptContext(schemes=["bcrypt"],deprecated="auto")oauth2_scheme=OAuth2PasswordBearer(tokenUrl="token")app=FastAPI()defverify_password(plain_password,hashed_password):returnpwd_context.verify(plain_password,hashed_password)defget_password_hash(password):returnpwd_context.hash(password)

with this

# from passlib.context import CryptContext <- remove passlib from importsimportbcryptoauth2_scheme=OAuth2PasswordBearer(tokenUrl="token")app=FastAPI()defverify_password(plain_password,hashed_password):returnbcrypt.checkpw(bytes(plain_password,encoding="utf-8"),bytes(hashed_password,encoding="utf-8"),    )defget_password_hash(password):returnbcrypt.hashpw(bytes(password,encoding="utf-8"),bcrypt.gensalt(),    )

Sorry if I missed your point.

Answer selected bydann2333
Comment options

passlib seems to bedead
However, there is a new library calledpwdlib and someone also made afork
I think the docs should be updated to either usepwdlib, or point at the fork (and maybe clarify thatpasslib is the old, unmaintained version)

You must be logged in to vote
0 replies
Comment options

Came here from the OAuth2 chapter from the docs
The code provided by the docs is broken because passlib CryptContext has stopped working.
I getValueError: password cannot be longer than 72 bytes, truncate manually if necessary (e.g. my_password[:72]) even when tryingpasslib.CryptContext.dummy_verify()
It is high time to replace passlib with the accepted solution in the documentation.
I'm on Python 3.13, passlib 1.7.4, bcrypt 5.0.0

You must be logged in to vote
4 replies
@JiaGengChang
Comment options

Here's a small example to get the error:

frompasslib.contextimportCryptContextCryptContext(schemes=["bcrypt"],deprecated="auto").dummy_verify()
@Hadatko
Comment options

Same for me. In debug it behaves well but on server it started to show this error message

A bit more context from bcrypt 5.0.0
image

@YuriiMotov
Comment options

We have updated docs to usepwdlib in code examples instead ofpasslib.
Please, take a look:https://fastapi.tiangolo.com/tutorial/security/oauth2-jwt/#hash-and-verify-the-passwords

@JiaGengChang
Comment options

Thanks@YuriiMotov ! I saw the update to the docs two days ago and immediately adopted it into my codebase

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Labels
questionQuestion or problem
8 participants
@dann2333@Hadatko@sinisaos@JiaGengChang@RuoCJ@AIdjis@YuriiMotov@suspiciousRaccoon
[8]ページ先頭
©2009-2025 Movatter.jp