For those familiar with other frameworks like Django, these password hashers will be very similar to you.
The password hashers, as the name suggests, are used to hash a given string into a salted string formated and therefore making a possible password even more secure.
Esmerald and password hashing¶
Esmerald supporting Saffier also means providing some of the features internally.
A lof of what is explained here is explained in more detail in the Saffier orm support.
Esmerald already brings some pre-defined password hashers that are available in the Esmerald settings and ready to be used.
@property def password_hashers(self) -> List[str]: return [ "esmerald.contrib.auth.hashers.PBKDF2PasswordHasher", "esmerald.contrib.auth.hashers.PBKDF2SHA1PasswordHasher", ]
Esmerald uses passlib under the hood in order to facilitate the process of hashing passwords.
You can always override the property
password_hashers in your
custom settings and use your own.
from typing import List from esmerald import EsmeraldAPISettings from esmerald.contrib.auth.hashers import PBKDF2PasswordHasher class CustomHasher(PBKDF2PasswordHasher): """ All the hashers inherit from BasePasswordHasher """ salt_entropy = 3000 class MySettings(EsmeraldAPISettings): @property def password_hashers(self) -> List[str]: return ["myapp.hashers.CustomHasher"]
Current supported hashing¶
PBKDF2SHA1 password hashing but this does not mean that only supports
those. In fact, you can use your own completely from the scratch and use it within your application.
If you want to create your own password hashing, it is advisable to subclass the
from esmerald.contrib.auth.hashers import BasePasswordHasher