Replace argon2-cffi with cryptography library for password hashing#59
Replace argon2-cffi with cryptography library for password hashing#59DavidBuchanan314 merged 1 commit intomainfrom
Conversation
Switch from argon2-cffi to cryptography's built-in Argon2id implementation to reduce dependencies. The cryptography library was already a required dependency, so this eliminates the need for an additional package. Changes: - Use cryptography.hazmat.primitives.kdf.argon2.Argon2id for hashing - Maintain backward compatibility with existing password hashes - Add test case with hardcoded argon2-cffi hash to verify compatibility - Remove argon2-cffi from pyproject.toml dependencies All existing password hashes continue to work, as both implementations produce and verify PHC-formatted argon2id strings.
There was a problem hiding this comment.
Pull Request Overview
This PR replaces argon2-cffi with the cryptography library for password hashing to reduce dependencies while maintaining backward compatibility. The change switches to cryptography's built-in Argon2id implementation since cryptography was already a required dependency.
- Removes argon2-cffi dependency and switches to cryptography.hazmat.primitives.kdf.argon2.Argon2id
- Maintains backward compatibility with existing password hashes through PHC format compatibility
- Adds comprehensive test case with hardcoded argon2-cffi hash to verify compatibility
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| src/millipds/database.py | Replaces argon2-cffi imports and methods with cryptography equivalents, adds new helper methods |
| tests/test_database.py | Adds backward compatibility test with hardcoded argon2-cffi hash |
| pyproject.toml | Removes argon2-cffi from dependencies |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| """Raises ValueError if password doesn't match.""" | ||
|
|
||
| try: | ||
| Argon2id.verify_phc_encoded(password.encode(), password_hash) |
There was a problem hiding this comment.
The parameter order for Argon2id.verify_phc_encoded is incorrect. According to the cryptography library documentation, it should be Argon2id.verify_phc_encoded(password_hash, password.encode()).
| Argon2id.verify_phc_encoded(password.encode(), password_hash) | |
| Argon2id.verify_phc_encoded(password_hash, password.encode()) |
There was a problem hiding this comment.
Switch from argon2-cffi to cryptography's built-in Argon2id implementation to reduce dependencies. The cryptography library was already a required dependency, so this eliminates the need for an additional package.
Changes:
All existing password hashes continue to work, as both implementations produce and verify PHC-formatted argon2id strings.