Re: [Probably BUG] set_password and check_password accept values other than string as parameters

2020-03-15 Thread Dawid Czeluśniak
Adam, One question I have is - did you experience any real world issue with this? Personally I didn't, but I can imagine scenarios where this *could* be an issue for other programmers. Suppose you want to create a password hash from another SHA256 hash, but you're only a human

Re: [Probably BUG] set_password and check_password accept values other than string as parameters

2020-03-14 Thread Dawid Czeluśniak
Tom, The behavior of the make_password method is quite surprising to be honest > I'd go even further and say that currently the behaviour of the make_password function is *wrong* and *unsafe*. Again, let's look at hashing functions from other libraries. None of them fails silently and casts objec

Re: [Probably BUG] set_password and check_password accept values other than string as parameters

2020-03-12 Thread Dawid Czeluśniak
ard against strange input. I’d say no, however a small change to the > documentation might be in order. > > Tom > > On 12 Mar 2020, at 17:41, Dawid Czeluśniak > wrote: > > Adam, > > If it's perfectly fine to pass almost any not-None object to make_password >

Re: [Probably BUG] set_password and check_password accept values other than string as parameters

2020-03-12 Thread Dawid Czeluśniak
Adam, If it's perfectly fine to pass almost any not-None object to make_password function and it returns correctly generated hash then why does the documentation say: make_password(password, salt=None, hasher='default') > Creates a hashed password in the format used by this application. It take

Re: [Probably BUG] set_password and check_password accept values other than string as parameters

2020-03-12 Thread Dawid Czeluśniak
penvas_lib/common.py#L232 https://github.com/firebase/firebase-admin-python/blob/master/firebase_admin/_auth_utils.py#L73 On Thursday, 12 March 2020 00:06:44 UTC+1, Dawid Czeluśniak wrote: > > Hi all, > > I've noticed that both set_password and check_password methods accept > va

[Probably BUG] set_password and check_password accept values other than string as parameters

2020-03-11 Thread Dawid Czeluśniak
Hi all, I've noticed that both set_password and check_password methods accept values other than str as parameters. For example I'm able to set password to boolean values: In [1]: u.set_password(True) In [2]: u.save() In [3]: u.refresh_from_db() In [4]: u.check_password(True) Out[4]: True In