Add bcrypt password engine

[pinkavaj]

This allows using bcrypt based authentication in addition to traditional passlib methods

[codekoala]

Thank you for this! It looks like it should work fine, but I'm not quite sure how to test it. I briefly looked in pypiserver's documentation for anything about bcrypt as well, and I came up empty handed. Would you mind including some pointers please? Maybe even in the README?

Also, does the py2-bcrypt Alpine package not work well? It's an older release, but it seems like it should work fine to me.

[pinkavaj]

I was trying to setup pypi server and use password for authentification. I have used docker jturpin/htpasswd to generate secret. htpasswd uses MD5 by default and such a password works fine. But I wanted to use bcrypt because is supposed to be safet than MD5. The server just failed with exception saying something about it cannot load bcrypt.

I was trying to used py2-bcrypt package, but it does not solved the issue. I'm not sure why, but the result was still the same. So i decided to install bcrypt from pypi and it worked like a charm.

bcrypt is imported from passlib and is optional "plugin", is loaded only when "bccrypted" password is present, thus not mandatory for pypiserver during installation.

Generating .htpasswd file using htpasswd -Bbn USER PASSWORD and runnig the server should do the trick. Failure appears when You try to autheticate user (eg upload an package).

I would think about adding somethin into README, but I'm not sure what exactly.

[codekoala]

@pinkavaj great, thank you for the information! I'll do some tinkering later tonight to see if I can reproduce the failure without bcrypt then try again with your changes.

[pinkavaj]

Did You find some time look at the MR and to investigate the issue?