APIKey.create_key doesn't work with argon2-cffi hasher because the hasher returns strings that are more than 100 chars
Closed this issue · 2 comments
mariot commented
Describe the bug
When using the hasher argon2-cffi, we have an error because hashed_key from AbstractAPIKey has a limit of 100 chars. argon2 can create hashes of more than that.
To Reproduce
Steps to reproduce the behavior:
- Use argon2 as a password hasher: https://docs.djangoproject.com/fr/2.2/topics/auth/passwords/#using-argon2-with-django
- Call
APIKey.objects.create_key(name="my-remote-service")
- See error
Expected behavior
Can create key
Screenshots
https://imgur.com/a/8VBFjUS
Desktop (please complete the following information):
- OS: Linux
- Version: 0.2.1
- Python Version: 3.8
- Django Version: 4.0
- DRF Version: 3.8
Additional context
- argon2-cffi Version: 21.3.0
gbe0 commented
I would suggest also bumping the length of id
to 150. With your patch, the scrypt hasher does not work still due to the field length only being 100 for id
still.
A sample id
entry that is created when using scrypt:
tTYDYb7w.scrypt$16384$ps8dAKnJ8HzYNLF6cUTjfs$8$1$11o9Ng8zqFQoMAZq+EwzVnPkUAEDHpoXVtKEv3MI4NBfcNZBOi2Ia6cRHyiYO/SpmHjJsJwHZwOOIfY9ANwH8Q==
mariot commented
Thanks! I'm committing the changes