Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ImproperlyConfigured: hasher not found: django_sha2.hashers.bcrypt2012_06_01 #14

Open
kumar303 opened this issue Jun 6, 2012 · 13 comments
Open

ImproperlyConfigured: hasher not found: django_sha2.hashers.bcrypt2012_06_01 #14

kumar303 opened this issue Jun 6, 2012 · 13 comments

Comments

@kumar303
Copy link

kumar303 commented Jun 6, 2012

Do you know why I'd be getting this error?

Traceback (most recent call last):
  File "/Users/kumar/dev/jstestnet/jstestnet/system/tests/test_views.py", line 320, in setUp
    a.set_password('test')
  File "/Users/kumar/dev/jstestnet/vendor/lib/python/django/contrib/auth/models.py", line 294, in set_password
    self.password = make_password(raw_password)
  File "/Users/kumar/dev/jstestnet/vendor/lib/python/django/contrib/auth/hashers.py", line 62, in make_password
    hasher = get_hasher(hasher)
  File "/Users/kumar/dev/jstestnet/vendor/lib/python/django/contrib/auth/hashers.py", line 107, in get_hasher
    load_hashers()
  File "/Users/kumar/dev/jstestnet/vendor/lib/python/django/contrib/auth/hashers.py", line 84, in load_hashers
    raise ImproperlyConfigured("hasher not found: %s" % backend)
ImproperlyConfigured: hasher not found: django_sha2.hashers.bcrypt2012_06_01

I'm using the latest Playdoh and have this is my local settings per instructions from django-sha2:

HMAC_KEYS = {
    '2012-06-01': 'Example of shared key',
}

# Use sha 256 by default but support any other algorithm:
BASE_PASSWORD_HASHERS = (
    'django_sha2.hashers.SHA256PasswordHasher',
    'django_sha2.hashers.BcryptHMACCombinedPasswordVerifier',
    'django_sha2.hashers.SHA512PasswordHasher',
    'django.contrib.auth.hashers.SHA1PasswordHasher',
    'django.contrib.auth.hashers.MD5PasswordHasher',
    'django.contrib.auth.hashers.UnsaltedMD5PasswordHasher',
)

from django_sha2 import get_password_hashers
PASSWORD_HASHERS = get_password_hashers(BASE_PASSWORD_HASHERS, HMAC_KEYS)

If I comment out the HMAC keys I no longer get the hasher not found error.
@fwenzel
Copy link
Owner

fwenzel commented Jun 6, 2012

@tallowen wrote some code to dynamically generate hashers for HMAC/Bcrypt, there might be something broken there.

@tallowen
Copy link
Contributor

tallowen commented Jun 6, 2012

Give me a day - i'll look into this tomorrow

On Wed, Jun 6, 2012 at 3:16 PM, Fred Wenzel <
[email protected]

wrote:

@tallowen wrote some code to dynamically generate hashers for HMAC/Bcrypt,
there might be something broken there.

Reply to this email directly or view it on GitHub:
#14 (comment)

Owen Coutts
University of Waterloo

Email: [email protected]
Phone: 206.651.4004

@kumar303
Copy link
Author

kumar303 commented Jun 7, 2012

fwiw I only saw this when upgrading an old app to the new Playdoh. I did not see this error when configuring the latest Playdoh out of the box.

@tallowen
Copy link
Contributor

tallowen commented Jun 7, 2012

Hmm. For some reason the password hasher isn't being created. Its created dynamically at import time - it creates one per hmac_key in the settings. This probably means that django_sha2 isn't seeing the hmac_keys properly but I'm not sure why that would be the case.

@talebbits
Copy link

To produce:

  1. Create new project
  2. run syncdb
  3. add superusers
Traceback (most recent call last):
  File "./manage.py", line 10, in <module>
    execute_from_command_line(sys.argv)
  File "***/lib/python2.7/site-packages/django/core/management/__init__.py", line 443, in execute_from_command_line
    utility.execute()
  File "***/lib/python2.7/site-packages/django/core/management/__init__.py", line 382, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "***/lib/python2.7/site-packages/django/core/management/base.py", line 196, in run_from_argv
    self.execute(*args, **options.__dict__)
  File "***/lib/python2.7/site-packages/django/core/management/base.py", line 232, in execute
    output = self.handle(*args, **options)
  File "***/lib/python2.7/site-packages/django/core/management/base.py", line 371, in handle
    return self.handle_noargs(**options)
  File "***/lib/python2.7/site-packages/south/management/commands/syncdb.py", line 90, in handle_noargs
    syncdb.Command().execute(**options)
  File "***/lib/python2.7/site-packages/django/core/management/base.py", line 232, in execute
    output = self.handle(*args, **options)
  File "***/lib/python2.7/site-packages/django/core/management/base.py", line 371, in handle
    return self.handle_noargs(**options)
  File "***/lib/python2.7/site-packages/django/core/management/commands/syncdb.py", line 110, in handle_noargs
    emit_post_sync_signal(created_models, verbosity, interactive, db)
  File "***/lib/python2.7/site-packages/django/core/management/sql.py", line 189, in emit_post_sync_signal
    interactive=interactive, db=db)
  File "***/lib/python2.7/site-packages/django/dispatch/dispatcher.py", line 172, in send
    response = receiver(signal=self, sender=sender, **named)
  File "***/lib/python2.7/site-packages/django/contrib/auth/management/__init__.py", line 73, in create_superuser
    call_command("createsuperuser", interactive=True, database=db)
  File "***/lib/python2.7/site-packages/django/core/management/__init__.py", line 150, in call_command
    return klass.execute(*args, **defaults)
  File "***/lib/python2.7/site-packages/django/core/management/base.py", line 232, in execute
    output = self.handle(*args, **options)
  File "***/lib/python2.7/site-packages/django/contrib/auth/management/commands/createsuperuser.py", line 124, in handle
    User.objects.db_manager(database).create_superuser(username, email, password)
  File "***/lib/python2.7/site-packages/django/contrib/auth/models.py", line 164, in create_superuser
    u = self.create_user(username, email, password)
  File "***/lib/python2.7/site-packages/django/contrib/auth/models.py", line 159, in create_user
    user.set_password(password)
  File "***/lib/python2.7/site-packages/django/contrib/auth/models.py", line 294, in set_password
    self.password = make_password(raw_password)
  File "***/lib/python2.7/site-packages/django/contrib/auth/hashers.py", line 62, in make_password
    hasher = get_hasher(hasher)
  File "***/lib/python2.7/site-packages/django/contrib/auth/hashers.py", line 107, in get_hasher
    load_hashers()
  File "***/lib/python2.7/site-packages/django/contrib/auth/hashers.py", line 84, in load_hashers
    raise ImproperlyConfigured("hasher not found: %s" % backend)
django.core.exceptions.ImproperlyConfigured: hasher not found: django_sha2.hashers.bcrypt2011_01_01

@l-hedgehog
Copy link

Looks like this error can be fixed by merge this change mozilla/playdoh@abafbf0 into older settings/local.py

@kumar303
Copy link
Author

if you put that in settings/local.py then you've disabled the HMAC key (since it's commented out). I also got it working that way but for an app I knew I didn't need bcrypt for since it didn't work with users.

@fwenzel
Copy link
Owner

fwenzel commented Jun 21, 2012

Did you guys narrow this down yet? Looks like the dynamic generation of hashers is not run, perhaps?

@mindcruzer
Copy link

If you look at hashers.py in django.contrib.auth the code that would import the dynamically generated password hasher looks like this:

# django.contrib.auth.hashers
...
try:
    mod_path, cls_name = backend.rsplit('.', 1)
    mod = importlib.import_module(mod_path)  
    hasher_cls = getattr(mod, cls_name) 
except (AttributeError, ImportError, ValueError):
    raise ImproperlyConfigured("hasher not found: %s" % backend)
...

The key here is that it's catching ImportError, but which import error?

# django_sha2.hashers

import base64
import hmac
import hashlib
import logging

import bcrypt

from django.conf import settings
from django.contrib.auth.hashers import (BCryptPasswordHasher,
                                         BasePasswordHasher, mask_hash)
from django.utils.crypto import constant_time_compare
from django.utils.encoding import smart_str
from django.utils.datastructures import SortedDict
...

The odd one out is bcrypt, so my guess would be that this error is just occurring because py-bcrypt hasn't been installed. Sure enough, this is what was causing the error for me. This also explains why commenting out the HMAC_KEYS makes the whole thing work. If there are no HMAC_KEYS, django_sha2.hashers never gets executed, and thus there is no ImportError raised. Maybe add a reminder in the docs to install py-bcrypt.

@kumar303
Copy link
Author

Catching any and all import errors here is confusing

@kumar303
Copy link
Author

Everytime I hit this I have to google for this issue to remember how to fix it :( Dear future self, in summary, here's what to check:

  • Does import bcrypt succeed in your environment?
  • Is HMAC_KEYS defined and is it not an empty dict?
  • In the exact settings file you define HMAC_KEYS are you also calling get_password_hashers(...) underneath it?

@groovecoder
Copy link

fwiw, I hit this error when HMAC_KEYS was empty.

@gene1wood
Copy link

This error occurred for me with an empty and a populated HMAC_KEYS. I did what @kumar303 suggested and ran import bcrypt which errored out. I then installed bcrypt on Ubuntu with

sudo apt-get install python-bcrypt

So which package is it that needs to have this dependency added to it's dependency list? Is this a Django issue or a Playdoh issue? (or something else)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@l-hedgehog @kumar303 @groovecoder @fwenzel @talebbits @mindcruzer @tallowen @gene1wood