* Regular SHA256 hashing for passwords is inadequate as modern GPU's can hash generate billions of hashes per second.
* Added code to auto migrate old passwords to the new password_hash if the existing password_hash matches either of the legacy password generation schemes (SHA1 or SHA256).
* Added migration to support new password_hash format length
* Added auth tests
While I hold this library in great esteem for its excellent work on
implementing the original paper, I have several problems with it:
- as of this commit, it (again) has bug fixes unreleased on pip
- its code is badly structured
- forces OOP and then proceeds @staticmethod everything
- bad class design, parameters are repeated in several places
- terrible contract of make_record() and generate_signature()
- ambiguous parameters: path vs. image path vs. image content
- doesn't adhere to PEP-8
- depends on cairo just to render svg images almost no one uses this
library with
For quite some time, I hated Falcon's class maps approach that caused
more chaos than good for Szurubooru. I've taken a look at the other
frameworks (hug, flask, etc) again, but they all looked too
bloated/over-engineered. I decided to just talk to WSGI myself.
Regex-based routing may not be the fastest in the world, but I'm fine
with response time of 10 ms for cached /posts.
The reason why this is added to the project is because it has turned out
mocking the time is not as trivial as I originally anticipated
(specifically, there are some problems with SQLite).
