APIKey.create_key doesn't work with argon2-cffi hasher because the hasher returns strings that are more than 100 chars

Question

APIKey.create_key doesn't work with argon2-cffi hasher because the hasher returns strings that are more than 100 chars

Closed this issue 2 years ago · 2 comments

Describe the bug
When using the hasher argon2-cffi, we have an error because hashed_key from AbstractAPIKey has a limit of 100 chars. argon2 can create hashes of more than that.

To Reproduce
Steps to reproduce the behavior:

Use argon2 as a password hasher: https://docs.djangoproject.com/fr/2.2/topics/auth/passwords/#using-argon2-with-django
Call APIKey.objects.create_key(name="my-remote-service")
See error

Expected behavior
Can create key

Screenshots
https://imgur.com/a/8VBFjUS

Desktop (please complete the following information):

OS: Linux
Version: 0.2.1
Python Version: 3.8
Django Version: 4.0
DRF Version: 3.8

Additional context

argon2-cffi Version: 21.3.0

Answer 1 · 2022-01-10T06:47:58.000Z

I would suggest also bumping the length of id to 150. With your patch, the scrypt hasher does not work still due to the field length only being 100 for id still.

A sample id entry that is created when using scrypt:

tTYDYb7w.scrypt$16384$ps8dAKnJ8HzYNLF6cUTjfs$8$1$11o9Ng8zqFQoMAZq+EwzVnPkUAEDHpoXVtKEv3MI4NBfcNZBOi2Ia6cRHyiYO/SpmHjJsJwHZwOOIfY9ANwH8Q==

Answer 2 · 2022-01-10T10:08:08.000Z

Thanks! I'm committing the changes