Metadata-Version: 2.1
Name: zope.password
Version: 4.4
Summary: Password encoding and checking utilities
Home-page: http://github.com/zopefoundation/zope.password
Author: Zope Foundation and Contributors
Author-email: zope-dev@zope.org
License: ZPL 2.1
Keywords: zope authentication password zpasswd
Platform: UNKNOWN
Classifier: Development Status :: 5 - Production/Stable
Classifier: Environment :: Web Environment
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Zope Public License
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 2
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.5
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Programming Language :: Python :: Implementation :: PyPy
Classifier: Natural Language :: English
Classifier: Operating System :: OS Independent
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Framework :: Zope :: 3
Requires-Python: >=2.7.7,!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*
Provides-Extra: vocabulary
Provides-Extra: test
Provides-Extra: bcrypt
Provides-Extra: docs
License-File: LICENSE.txt

===================
 ``zope.password``
===================

.. image:: https://img.shields.io/pypi/v/zope.password.svg
        :target: https://pypi.python.org/pypi/zope.password/
        :alt: Latest release

.. image:: https://img.shields.io/pypi/pyversions/zope.password.svg
        :target: https://pypi.org/project/zope.password/
        :alt: Supported Python versions

.. image:: https://github.com/zopefoundation/zope.password/actions/workflows/tests.yml/badge.svg
        :target: https://github.com/zopefoundation/zope.password/actions/workflows/tests.yml

.. image:: https://coveralls.io/repos/github/zopefoundation/zope.password/badge.svg?branch=master
        :target: https://coveralls.io/github/zopefoundation/zope.password?branch=master

.. image:: https://readthedocs.org/projects/zopepassword/badge/?version=latest
        :target: https://zopepassword.readthedocs.io/en/latest/
        :alt: Documentation Status

This package provides a password manager mechanism. Password manager
is an utility object that can encode and check encoded
passwords.

Documentation is hosted at https://zopepassword.readthedocs.io/


=========
 Changes
=========

4.4 (2022-09-01)
================

- Add support for Python 3.7, 3.8, 3.9, 3.10.

- Drop support for Python 3.4.


4.3.1 (2017-09-01)
==================

- Fix running ``configure.zcml`` when ``zope.security`` is installed.
  See `issue 15
  <https://github.com/zopefoundation/zope.password/issues/15>`_.


4.3.0 (2017-08-31)
==================

- Added a ``bcrypt``-based password manager (available only if the
  `bcrypt <https://pypi.python.org/pypi/bcrypt>`_ library is
  importable). This manager can also check passwords that were encoded
  with `z3c.bcrypt <https://pypi.python.org/pypi/z3c.bcrypt>`_. If
  that package is *not* installed, then ``configure.zcml`` will
  install this manager as a utility with both the ``BCRYPT``
  (preferred) and ``bcrypt`` names for compatibility with it. (See
  https://github.com/zopefoundation/zope.password/issues/10)

- Add a ``bcrypt_kdf`` password manager. This allows tunable numbers
  of rounds. See https://github.com/zopefoundation/zope.password/issues/9

- Fix the ``zpasswd`` console script on Python 3.

- Update the ``zpasswd`` script to use ``argparse`` instead of ``optparse.``

- Use ``hmac.compare_digest`` when checking passwords to
  prevent timing analysis. This requires Python 2.7.7 or above.

- Add support for Python 3.6.

- Drop support for Python 3.3 and Python 2.7.6 and below.

- Drop support for ``python setup.py test``.

4.2.0 (2016-07-07)
==================

- Drop support for Python 2.6.

- Converted documentation to Sphinx, including testing doctest snippets
  under ``tox``.

- Add support for Python 3.5.


4.1.0 (2014-12-27)
==================

- Add support for PyPy.  (PyPy3 is pending release of a fix for:
  https://bitbucket.org/pypy/pypy/issue/1946)

- Add supprt for Python 3.4.

- Add support for testing on Travis.


4.0.2 (2013-03-11)
==================

- Fix some final resource warnings.


4.0.1 (2013-03-10)
==================

- Fix test failures under Python 3.3 when warnings are enabled.


4.0.0 (2013-02-21)
==================

- Make ``zpasswd`` a proper console script entry point.

- Add ``tox.ini`` and ``MANIFEST.in``.

- Add support for Python 3.3

- Replace deprecated ``zope.interface.implements`` usage with equivalent
  ``zope.interface.implementer`` decorator.

- Drop support for Python 2.4 and 2.5.

- Add a new ``IMatchingPasswordManager`` interface with a 'match' method,
  which returns True if a given password hash was encdoded with the scheme
  implemented by the specific manager. All managers in this package implement
  this interface.

- Use "{SHA}" as the prefix for SHA1-encoded passwords to be compatible with
  RFC 2307, but support matching against "{SHA1}" for backwards compatibility.

- Add a crypt password manager to fully support all methods named in RFC 2307.
  It is contained in the ``legacy`` module however, to flag crypt's status.

- Add a SMD5 (salted MD5) password manager to fully support all encoding
  schemes implemented by OpenLDAP.

- Add a MySQL ``PASSWORD()`` (versions before 4.1) password manager, as also
  found in Zope2's ``AccessControl.AuthEncoding`` module.

- Remove the useless, cosmetic salt from the MD5 and SHA1 password managers,
  and use base64 encoding instead of hexdigests. This makes the output of
  these managers compatible with other MD5 and SHA1 hash implementations such
  as RFC 2307 but doesn't lower it's security in any way. Checking passwords
  against old, still 'salted' password hashes with hexdigests is still
  supported.

- Use the ``standard_base64encode`` method instead of ``url_base64encode``
  to maintain compatibility with LDAP.

3.6.1 (2010-05-27)
==================

- The SSHAPasswordManager.checkPassword() would not handle unicode input
  (even if the string would only contain ascii characters). Now, the
  ``encoded_password`` input will be encoded to ascii, which is deemed safe
  as it should not contain non-ascii characters anyway.

3.6.0 (2010-05-07)
==================

- Remove ``zope.testing`` dependency for tests.

- Update some copyright headers to comply to repository policy.

- Add ``zpasswd`` script formerly hold in zope.app.server. Contrary to
  former zpasswd script, which used "Plain Text" as default password
  manager, now SSHA is used as default.

3.5.1 (2009-03-14)
==================

- Make security protection directives in ``configure.zcml`` execute only
  if ``zope.security`` is installed. This will allow reuse of the
  ``configure.zcml`` file in environments without ``zope.security``,
  for example with ``repoze.zcml``.

- Add "Password Manager Names" vocabulary for use with ``zope.schema``
  and ``zope.component``, like it was in ``zope.app.authentication``.
  It's an optional feature so it doesn't add hard dependency. We use
  "vocabulary" extra to list dependencies needed for vocabulary functionality.

3.5.0 (2009-03-06)
==================

First release. This package was splitted off from ``zope.app.authentication``
to separate password manager functionality that is greatly re-usable without
any bit of ``zope.app.authentication`` and to reduce its dependencies.


