Merge branch 'master' into release

emmett-framework · Jun 1, 2021 · afb7448 · afb7448
2 parents 0a95765 + e2f2e01
commit afb7448
Show file tree

Hide file tree

Showing 5 changed files with 31 additions and 5 deletions.
diff --git a/docs/orm/migrations.md b/docs/orm/migrations.md
@@ -9,7 +9,7 @@ While the `Database` class in Emmett can be initialized to automatically migrate
 
 The migration engine is instead based on *revisions*: this will use migration files containing the instructions to be performed on the database side and will store the current migration status on the database itself, fact that prevents inconsistencies on the migration status of your application if you are running the code from several machines.
 
-weppu provides different migration commands, that can be used in order to generate, apply and revert migrations on your database. Moreover, to avoid you the pain of writing a lot of migration code aside with your models, Emmett will automatically generate the migration scripts for you starting from your models' code.    
+Emmett provides different migration commands, that can be used in order to generate, apply and revert migrations on your database. Moreover, to avoid you the pain of writing a lot of migration code aside with your models, Emmett will automatically generate the migration scripts for you starting from your models' code.    
 In the next sections we will describe all of this using the *bloggy* application we saw in the [tutorial chapter](././tutorial) as an example.
 
 > **Note:** we **strongly reccomend** you to not enable automatic migrations on applications that run on production environments. The automatic migrations and the ones performed by the migration engine have some slight differences; while we will document operations supported by the second system, the detection performed by the automatic one depends on the [pydal](https://github.com/web2py/pydal) library, and are not officially supported by the Emmett development. If you need more informations about this you should check the [web2py docs](http://www.web2py.com/books/default/chapter/29/06/the-database-abstraction-layer#Migrations).

diff --git a/docs/upgrading.md b/docs/upgrading.md
@@ -16,7 +16,33 @@ $ pip install -U emmett
 Version 2.2
 -----------
 
-Emmett 2.2 introduces some minor changes you should be aware of, and some new features you might be interested into.
+Emmett 2.2 introduces some changes you should be aware of, and some new features you might be interested into.
+
+### Breaking changes
+
+#### Fixed pbkdf2 library values representation
+
+Emmett versions prior to `2.2.2` contain a bug in the library responsible of *PBKDF2* hashes generation. The produced hashes contain wrong characters due to a wrong decoding format. This means that any stored value produced by the library should be fixed, otherwise further hash comparisons will fail.
+
+Previous generated values look like this:
+
+    pbkdf2(2000,20,sha512)$adcc9967adbd17f6$b'c68deb7f0690c2cafb99b1f323313b17117337ac'
+
+while the correct format is:
+
+    pbkdf2(2000,20,sha512)$adcc9967adbd17f6$c68deb7f0690c2cafb99b1f323313b17117337ac
+
+In case your application use the [Auth system](https://emmett.sh/docs/2.2.x/auth) with default configuration, the passwords' hashes stored in the database contain the wrong characters, and you should fix them manually. Here is a code snippet you can use:
+
+```python
+with db.connection():
+    for row in User.where(lambda u: u.password.contains("b'")).select():
+        password_components = row.password.split("$")
+        row.update_record(
+            password="$".join(password_components[:-1] + [password_components[-1][2:-1]])
+        )
+    db.commit()
+```
 
 ### Minor changes
 

diff --git a/emmett/__version__.py b/emmett/__version__.py
@@ -1 +1 @@
-__version__ = "2.2.1"
+__version__ = "2.2.2"
diff --git a/emmett/libs/pbkdf2.py b/emmett/libs/pbkdf2.py
@@ -58,7 +58,7 @@ def safe_str_cmp(a, b):
 def pbkdf2_hex(data, salt, iterations=1000, keylen=24, hashfunc=None):
     """Like :func:`pbkdf2_bin` but returns a hex encoded string."""
     rv = pbkdf2_bin(data, salt, iterations, keylen, hashfunc)
-    return str(codecs.encode(rv, 'hex_codec'))
+    return codecs.encode(rv, 'hex_codec').decode("utf8")
 
 
 def pbkdf2_bin(data, salt, iterations=1000, keylen=24, hashfunc=None):

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "Emmett"
-version = "2.2.1"
+version = "2.2.2"
 description = "The web framework for inventors"
 authors = ["Giovanni Barillari <[email protected]>"]
 license = "BSD-3-Clause"