xs/vendor/gopkg.in/hlandau/passlib.v1/default.go

package passlib

import (
	"fmt"
	"gopkg.in/hlandau/passlib.v1/abstract"
	"gopkg.in/hlandau/passlib.v1/hash/argon2"
	"gopkg.in/hlandau/passlib.v1/hash/bcrypt"
	"gopkg.in/hlandau/passlib.v1/hash/bcryptsha256"
	"gopkg.in/hlandau/passlib.v1/hash/pbkdf2"
	"gopkg.in/hlandau/passlib.v1/hash/scrypt"
	"gopkg.in/hlandau/passlib.v1/hash/sha2crypt"
	"time"
)

// This is the first and default set of defaults used by passlib. It prefers
// scrypt-sha256. It is now obsolete.
const Defaults20160922 = "20160922"

// This is the most up-to-date set of defaults preferred by passlib. It prefers
// Argon2i. You must opt into it by calling UseDefaults at startup.
const Defaults20180601 = "20180601"

// This value, when passed to UseDefaults, causes passlib to always use the
// very latest set of defaults. DO NOT use this unless you are sure that
// opportunistic hash upgrades will not cause breakage for your application
// when future versions of passlib are released. See func UseDefaults.
const DefaultsLatest = "latest"

// Default schemes as of 2016-09-22.
var defaultSchemes20160922 = []abstract.Scheme{
	scrypt.SHA256Crypter,
	argon2.Crypter,
	sha2crypt.Crypter512,
	sha2crypt.Crypter256,
	bcryptsha256.Crypter,
	pbkdf2.SHA512Crypter,
	pbkdf2.SHA256Crypter,
	bcrypt.Crypter,
	pbkdf2.SHA1Crypter,
}

// Default schemes as of 2018-06-01.
var defaultSchemes20180601 = []abstract.Scheme{
	argon2.Crypter,
	scrypt.SHA256Crypter,
	sha2crypt.Crypter512,
	sha2crypt.Crypter256,
	bcryptsha256.Crypter,
	pbkdf2.SHA512Crypter,
	pbkdf2.SHA256Crypter,
	bcrypt.Crypter,
	pbkdf2.SHA1Crypter,
}

// The default schemes, most preferred first. The first scheme will be used to
// hash passwords, and any of the schemes may be used to verify existing
// passwords. The contents of this value may change with subsequent releases.
//
// If you want to change this, set DefaultSchemes to a slice to an
// abstract.Scheme array of your own construction, rather than mutating the
// array the slice points to.
//
// To see the default schemes used in the current release of passlib, see
// default.go. See also the UseDefaults function for more information on how
// the list of default schemes is determined. The default value of
// DefaultSchemes (the default defaults) won't change; you need to call
// UseDefaults to allow your application to upgrade to newer hashing schemes
// (or set DefaultSchemes manually, or create a custom context with its own
// schemes set).
var DefaultSchemes []abstract.Scheme

func init() {
	DefaultSchemes = defaultSchemes20160922
}

// It is strongly recommended that you call this function like this before using passlib:
//
//   passlib.UseDefaults("YYYYMMDD")
//
// where YYYYMMDD is a date. This will be used to select the preferred scheme
// to use. If you do not call UseDefaults, the preferred scheme (the first item
// in the default schemes list) current as of 2016-09-22 will always be used,
// meaning that upgrade will not occur even though better schemes are now
// available.
//
// Note that even if you don't call this function, new schemes will still be
// added to DefaultSchemes over time as non-initial values (items not at index
// 0), so servers will always, by default, be able to validate all schemes
// which passlib supports at any given time.
//
// The reason you must call this function is as follows: If passlib is deployed
// as part of a web application in a multi-server deployment, and passlib is
// updated, and the new version of that application with the updated passlib is
// deployed, that upgrade process is unlikely to be instantaneous. Old versions
// of the web application may continue to run on some servers. If merely
// upgrading passlib caused password hashes to be upgraded to the newer scheme
// on login, the older daemons may not be able to validate these passwords and
// users may have issues logging in. Although this can be ameliorated to some
// extent by introducing a new scheme to passlib, waiting some months, and only
// then making this the default, this could still cause issued if passlib is
// only updated very occasionally.
//
// Thus, you should update your call to UseDefaults only when all servers have
// been upgraded, and it is thus guaranteed that they will all be able to
// verify the new scheme. Making this value loadable from a configuration file
// is recommended.
//
// If you are using a single-server configuration, you can use the special
// value "latest" here (or, equivalently, a date far into the future), which
// will always use the most preferred scheme. This is hazardous in a
// multi-server environment.
//
// The constants beginning 'Defaults' in this package document dates
// which are meaningful to this function. The constant values they are equal to
// will never change, so there is no need to use them instead of string
// literals, although you may if you wish; they are intended mainly as
// documentation as to the significance of various dates.
//
// Example for opting in to the latest set of defaults:
//
//   passlib.UseDefaults(passlib.Defaults20180601)
//
func UseDefaults(date string) error {
	if date == "latest" {
		DefaultSchemes = defaultSchemes20180601
		return nil
	}

	t, err := time.ParseInLocation("20060102", date, time.UTC)
	if err != nil {
		return fmt.Errorf("invalid time string passed to passlib.UseDefaults: %q", date)
	}

	if !t.Before(time.Date(2016, 9, 22, 0, 0, 0, 0, time.UTC)) {
		DefaultSchemes = defaultSchemes20180601
		return nil
	}

	DefaultSchemes = defaultSchemes20160922
	return nil
}
1/3 Updated Makefile to allow VENDOR flag (adds -vendor to version string) 2/3 Added vendor/ dir to lock down dependent pkg versions. The author of git.schwanenlied.me/yawning/{chacha20,newhope,kyber}.git has copied their repos to gitlab.com/yawning/ but some imports of chacha20 from newhope still inconsistently refer to git.schwanenlied.me/, breaking build. Licenses for chacha20 also changed from CC0 to AGPL, which may or may not be an issue. Until the two aforementioned issues are resolved, locking to last-good versions is probably the best way forward for now. To build with vendored deps, use make VENDOR=1 clean all 3/3 Moved body of CI push script into bacillus/ 2020-01-29 21:25:14 +00:00			`package passlib`

			`import (`
			`"fmt"`
			`"gopkg.in/hlandau/passlib.v1/abstract"`
			`"gopkg.in/hlandau/passlib.v1/hash/argon2"`
			`"gopkg.in/hlandau/passlib.v1/hash/bcrypt"`
			`"gopkg.in/hlandau/passlib.v1/hash/bcryptsha256"`
			`"gopkg.in/hlandau/passlib.v1/hash/pbkdf2"`
			`"gopkg.in/hlandau/passlib.v1/hash/scrypt"`
			`"gopkg.in/hlandau/passlib.v1/hash/sha2crypt"`
			`"time"`
			`)`

			`// This is the first and default set of defaults used by passlib. It prefers`
			`// scrypt-sha256. It is now obsolete.`
			`const Defaults20160922 = "20160922"`

			`// This is the most up-to-date set of defaults preferred by passlib. It prefers`
			`// Argon2i. You must opt into it by calling UseDefaults at startup.`
			`const Defaults20180601 = "20180601"`

			`// This value, when passed to UseDefaults, causes passlib to always use the`
			`// very latest set of defaults. DO NOT use this unless you are sure that`
			`// opportunistic hash upgrades will not cause breakage for your application`
			`// when future versions of passlib are released. See func UseDefaults.`
			`const DefaultsLatest = "latest"`

			`// Default schemes as of 2016-09-22.`
			`var defaultSchemes20160922 = []abstract.Scheme{`
			`scrypt.SHA256Crypter,`
			`argon2.Crypter,`
			`sha2crypt.Crypter512,`
			`sha2crypt.Crypter256,`
			`bcryptsha256.Crypter,`
			`pbkdf2.SHA512Crypter,`
			`pbkdf2.SHA256Crypter,`
			`bcrypt.Crypter,`
			`pbkdf2.SHA1Crypter,`
			`}`

			`// Default schemes as of 2018-06-01.`
			`var defaultSchemes20180601 = []abstract.Scheme{`
			`argon2.Crypter,`
			`scrypt.SHA256Crypter,`
			`sha2crypt.Crypter512,`
			`sha2crypt.Crypter256,`
			`bcryptsha256.Crypter,`
			`pbkdf2.SHA512Crypter,`
			`pbkdf2.SHA256Crypter,`
			`bcrypt.Crypter,`
			`pbkdf2.SHA1Crypter,`
			`}`

			`// The default schemes, most preferred first. The first scheme will be used to`
			`// hash passwords, and any of the schemes may be used to verify existing`
			`// passwords. The contents of this value may change with subsequent releases.`
			`//`
			`// If you want to change this, set DefaultSchemes to a slice to an`
			`// abstract.Scheme array of your own construction, rather than mutating the`
			`// array the slice points to.`
			`//`
			`// To see the default schemes used in the current release of passlib, see`
			`// default.go. See also the UseDefaults function for more information on how`
			`// the list of default schemes is determined. The default value of`
			`// DefaultSchemes (the default defaults) won't change; you need to call`
			`// UseDefaults to allow your application to upgrade to newer hashing schemes`
			`// (or set DefaultSchemes manually, or create a custom context with its own`
			`// schemes set).`
			`var DefaultSchemes []abstract.Scheme`

			`func init() {`
			`DefaultSchemes = defaultSchemes20160922`
			`}`

			`// It is strongly recommended that you call this function like this before using passlib:`
			`//`
			`// passlib.UseDefaults("YYYYMMDD")`
			`//`
			`// where YYYYMMDD is a date. This will be used to select the preferred scheme`
			`// to use. If you do not call UseDefaults, the preferred scheme (the first item`
			`// in the default schemes list) current as of 2016-09-22 will always be used,`
			`// meaning that upgrade will not occur even though better schemes are now`
			`// available.`
			`//`
			`// Note that even if you don't call this function, new schemes will still be`
			`// added to DefaultSchemes over time as non-initial values (items not at index`
			`// 0), so servers will always, by default, be able to validate all schemes`
			`// which passlib supports at any given time.`
			`//`
			`// The reason you must call this function is as follows: If passlib is deployed`
			`// as part of a web application in a multi-server deployment, and passlib is`
			`// updated, and the new version of that application with the updated passlib is`
			`// deployed, that upgrade process is unlikely to be instantaneous. Old versions`
			`// of the web application may continue to run on some servers. If merely`
			`// upgrading passlib caused password hashes to be upgraded to the newer scheme`
			`// on login, the older daemons may not be able to validate these passwords and`
			`// users may have issues logging in. Although this can be ameliorated to some`
			`// extent by introducing a new scheme to passlib, waiting some months, and only`
			`// then making this the default, this could still cause issued if passlib is`
			`// only updated very occasionally.`
			`//`
			`// Thus, you should update your call to UseDefaults only when all servers have`
			`// been upgraded, and it is thus guaranteed that they will all be able to`
			`// verify the new scheme. Making this value loadable from a configuration file`
			`// is recommended.`
			`//`
			`// If you are using a single-server configuration, you can use the special`
			`// value "latest" here (or, equivalently, a date far into the future), which`
			`// will always use the most preferred scheme. This is hazardous in a`
			`// multi-server environment.`
			`//`
			`// The constants beginning 'Defaults' in this package document dates`
			`// which are meaningful to this function. The constant values they are equal to`
			`// will never change, so there is no need to use them instead of string`
			`// literals, although you may if you wish; they are intended mainly as`
			`// documentation as to the significance of various dates.`
			`//`
			`// Example for opting in to the latest set of defaults:`
			`//`
			`// passlib.UseDefaults(passlib.Defaults20180601)`
			`//`
			`func UseDefaults(date string) error {`
			`if date == "latest" {`
			`DefaultSchemes = defaultSchemes20180601`
			`return nil`
			`}`

			`t, err := time.ParseInLocation("20060102", date, time.UTC)`
			`if err != nil {`
			`return fmt.Errorf("invalid time string passed to passlib.UseDefaults: %q", date)`
			`}`

			`if !t.Before(time.Date(2016, 9, 22, 0, 0, 0, 0, time.UTC)) {`
			`DefaultSchemes = defaultSchemes20180601`
			`return nil`
			`}`

			`DefaultSchemes = defaultSchemes20160922`
			`return nil`
			`}`