Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AttributeError: module 'bcrypt' has no attribute '__about__' with new 4.1.1 version #684

Open
roland-robert opened this issue Nov 29, 2023 · 25 comments

Comments

@roland-robert
Copy link

For bcrypt 4.1.1, I get this error/warning when I run this code (code which is in FastAPI documentation)
I have passlib 1.7.4

from passlib.context import CryptContext
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
pwd_context.hash('test')   

output

(trapped) error reading bcrypt version
Traceback (most recent call last):
  File "C:\path\venv\Lib\site-packages\passlib\handlers\bcrypt.py", line 620, in _load_backend_mixin
    version = _bcrypt.__about__.__version__
              ^^^^^^^^^^^^^^^^^
AttributeError: module 'bcrypt' has no attribute '__about__'
'$2b$12$dcl0YFoHz6.pL/dtOwbfO.r3CRI416BLq6vJEf0EmT4CHsqqHm7FC'

It's not breaking anything, because code still runs.

This is not the case with bcrypt 4.0.1

@reaperhulk
Copy link
Member

This is an issue with how passlib attempts to read a version (for logging only) and fails because it's loading modules that no longer exist in bcrypt 4.1.x. I'd suggest filing an issue against them for this.

https://foss.heptapod.net/python-libs/passlib/-/blob/branch/stable/passlib/handlers/bcrypt.py#L619-623

@hyperknot
Copy link

Yep, passlib seems to be abandoned and the new bcrypt doesn't work with it. Needs to force bcrypt==4.0.1 to keep using passlib.

@alex
Copy link
Member

alex commented Dec 1, 2023

As the OP indicates here, passlib will work with latest bcrypt, it simply emits a warning. You should be able to silence that warning with a logging configuration.

@patrick-m-m
Copy link

patrick-m-m commented Dec 15, 2023

Props to the opener of the issue on passlib: https://foss.heptapod.net/python-libs/passlib/-/issues/190

Edited to add: silencing the warning via logging config worked fine for me, hat-tip to @alex

logging.getLogger('passlib').setLevel(logging.ERROR)

drmatthews added a commit to UCL-MIRSG/ansible-collection-infra that referenced this issue Jan 5, 2024
Changes:

- Reinstate the `bcrypt` option for `password_hash`

This has been done since `node_exporter` expects hashed password for
basic authentication to be created with `brypt`. I initially removed
because the following appears when running the `monitoring_client` role:

```
AttributeError: module 'bcrypt' has no attribute '__about__'
```

The play proceeds and `node_exporter` is correctly installed. I tried
pinning `bcrypt` to `4.0.1` as suggested in
pyca/bcrypt#684 but the traceback still
appears. Without `bcrypt` the `node_exporter` service fails to start.
hswong3i added a commit to alvistack/python-libs-passlib that referenced this issue Jan 7, 2024
    git clean -xdf
    tar zcvf ../python-passlib_1.7.4.orig.tar.gz --exclude=.git .
    debuild -uc -us
    cp python-passlib.spec ../python-passlib_1.7.4-1.spec
    cp ../python*-passlib*1.7.4*.{gz,xz,spec,dsc} /osc/home\:alvistack/python-libs-passlib-1.7.4/
    rm -rf ../python*-passlib*1.7.4*.*

See https://foss.heptapod.net/python-libs/passlib/-/issues/190
See pyca/bcrypt#684

Signed-off-by: Wong Hoi Sing Edison <[email protected]>
@creativebash
Copy link

creativebash commented Jan 21, 2024

Like others have pointed, passlib is not actively updated and it has dependencies that have changed behaviour over time.
I recently had this error (below) that indirectly triggered a CORS error on my frontend, due to middleware misinterpretation.

> (trapped) error reading bcrypt version
> Traceback (most recent call last):
>   File "C:\path\venv\Lib\site-packages\passlib\handlers\bcrypt.py", line 620, in _load_backend_mixin
>     version = _bcrypt.__about__.__version__
>               ^^^^^^^^^^^^^^^^^

I resolved it by removing the passlib module and simply using the bcrypt directly for hashing and verification :

import bcrypt

# Hash a password using bcrypt
def hash_password(password):
    pwd_bytes = password.encode('utf-8')
    salt = bcrypt.gensalt()
    hashed_password = bcrypt.hashpw(password=pwd_bytes, salt=salt)
    return hashed_password

# Check if the provided password matches the stored password (hashed)
def verify_password(plain_password, hashed_password):
    password_byte_enc = plain_password.encode('utf-8')
    return bcrypt.checkpw(password = password_byte_enc , hashed_password = hashed_password)

Reference: #https://www.geeksforgeeks.org/hashing-passwords-in-python-with-bcrypt/

@ArjunJayakrishnan
Copy link

ArjunJayakrishnan commented Jan 28, 2024

For bcrypt 4.1.1, I get this error/warning when I run this code (code which is in FastAPI documentation) I have passlib 1.7.4

from passlib.context import CryptContext
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
pwd_context.hash('test')   

output

(trapped) error reading bcrypt version
Traceback (most recent call last):
  File "C:\path\venv\Lib\site-packages\passlib\handlers\bcrypt.py", line 620, in _load_backend_mixin
    version = _bcrypt.__about__.__version__
              ^^^^^^^^^^^^^^^^^
AttributeError: module 'bcrypt' has no attribute '__about__'
'$2b$12$dcl0YFoHz6.pL/dtOwbfO.r3CRI416BLq6vJEf0EmT4CHsqqHm7FC'

It's not breaking anything, because code still runs.

This is not the case with bcrypt 4.0.1

just downgrade your bcrypt. i did it to 3.2.2. it works. it has __about attribute. hope my comment helps.

@bkis
Copy link

bkis commented Jan 29, 2024

just downgrade your bcrypt. i did it to 3.2.2. it works. it has __about attribute. hope my comment helps.

And go without updates for a security-relevant library? 😬

hswong3i added a commit to alvistack/python-libs-passlib that referenced this issue Feb 24, 2024
    git clean -xdf
    tar zcvf ../python-passlib_1.7.4.orig.tar.gz --exclude=.git .
    debuild -uc -us
    cp python-passlib.spec ../python-passlib_1.7.4-1.spec
    cp ../python*-passlib*1.7.4*.{gz,xz,spec,dsc} /osc/home\:alvistack/python-libs-passlib-1.7.4/
    rm -rf ../python*-passlib*1.7.4*.*

See https://foss.heptapod.net/python-libs/passlib/-/issues/190
See pyca/bcrypt#684

Signed-off-by: Wong Hoi Sing Edison <[email protected]>
houshmand-2005 added a commit to houshmand-2005/chat_app that referenced this issue Feb 26, 2024
issue : pyca/bcrypt#684
passlib seems to be unmaintained!
so i rewrite the hash and verify password my self with pure bcrypt.
@Nikhil22
Copy link

Nikhil22 commented Mar 4, 2024

I resolved it by removing the passlib module and simply using the bcrypt directly for hashing and verification

I like this. Not a fan of using inactive libraries especially for straightforward things like this.

openstack-mirroring pushed a commit to openstack/openstack that referenced this issue Mar 27, 2024
* Update trove from branch 'master'
  to 3367c25e770c45e2a51040566b85329b6003246c
  - stop using passlib
    
    passlib is unmaintained and has not had a release since 2020
    a recent bcrypt release just broke passlib
    see pyca/bcrypt#684
    
    trove's use of passlib is pretty tirval so this change
    just removes it as a depency and delegate the random password
    generation in trove.common.utils to the generate_random_key
    function in the trove.common.crypto_utils module
    
    Change-Id: I6b6c64147c627025d5f89db6032d1c54445df94f
openstack-mirroring pushed a commit to openstack/trove that referenced this issue Mar 27, 2024
passlib is unmaintained and has not had a release since 2020
a recent bcrypt release just broke passlib
see pyca/bcrypt#684

trove's use of passlib is pretty tirval so this change
just removes it as a depency and delegate the random password
generation in trove.common.utils to the generate_random_key
function in the trove.common.crypto_utils module

Change-Id: I6b6c64147c627025d5f89db6032d1c54445df94f
Minwook11 added a commit to Minwook11/Fastapi_study that referenced this issue Mar 29, 2024
 - 새로운 도메인 User와 관련된 기능 추가
  - schema, crud, router 코드 생성
  - main.py에 user router 연결
  - 사용자 정보 중복 상황을 다루기 위한 유효성 검사 반영
  - 비밀번호 암호화를 위한 passlib 사용
   - passlib와 bcrypt 간의 버전 문제가 있는 듯 하다.
    - pyca/bcrypt#684
  - 이메일 정보 포맷 확인을 위한 Pydantic 확장
   - pip install pydantic[email]
@ignore501
Copy link

Yep, passlib seems to be abandoned and the new bcrypt doesn't work with it. Needs to force bcrypt==4.0.1 to keep using passlib.

i dont know how but it solved not only this problem, but also the one with not finding my 'app' package when importing from it. Thank You!

@melakhvision
Copy link

Anyway to solve this issue ?
Fastapi

Environement :

python = ">=3.10,<4.0"
passlib = "^1.7.4"
fastapi = "^0.111.0"

It's like passlib is not compatible maybe because passlib not being maintained anymore?

@antheiz
Copy link

antheiz commented Jun 16, 2024

Anyway to solve this issue ? Fastapi

Environement :

python = ">=3.10,<4.0"
passlib = "^1.7.4"
fastapi = "^0.111.0"

It's like passlib is not compatible maybe because passlib not being maintained anymore?

You can remove passlib module and manually use bcrypt like this: #684 (comment).


And If anyone gets an error like this:

return bcrypt.checkpw(password=password_byte_enc, hashed_password=hashed_password) TypeError: argument 'hashed_password': 'str' object cannot be converted to 'PyBytes'

you can find information on how to resolve it here.

@chetat
Copy link

chetat commented Jun 17, 2024

Anyway to solve this issue ? Fastapi
Environement :

python = ">=3.10,<4.0"
passlib = "^1.7.4"
fastapi = "^0.111.0"

It's like passlib is not compatible maybe because passlib not being maintained anymore?

You can remove passlib module and manually use bcrypt like this: #684 (comment).

And If anyone gets an error like this:

return bcrypt.checkpw(password=password_byte_enc, hashed_password=hashed_password) TypeError: argument 'hashed_password': 'str' object cannot be converted to 'PyBytes'

you can find information on how to resolve it here.

Thank you for SO link. It solved the TypeError: argument 'hashed_password': 'str' object cannot be converted to 'PyBytes' error.

@melakhvision
Copy link

To remove passlib I have to change a lot of thing.
Here is how I fix it.
in my python virtual environment which is devenv, in line 620 the bcrypt.py file, I replace version = _bcrypt.about.version to
version = _bcrypt.version

devenv/lib/python3.10/site-packages/passlib/handlers/bcrypt.py # location of my bcrypt.py file
version = _bcrypt.__version__ # to put in line 620 after the first line of the try block

No no error anymore. The correct version is shown when I run the fastapi project.

@jhonshua
Copy link

jhonshua commented Jul 15, 2024

So my working fix is to change [line 620] like this:

venv\Lib\site-packages\passlib\handlers\bcrypt.py

version = _bcrypt.__about__.__version__

Previous ->version = _bcrypt.__about__.__version__

New -> version = getattr(_bcrypt, '__version__', '<unknown>')So my working fix is to change [line 620]

@himanshu076
Copy link

Screenshot_2024-07-21-00-12-57-219_com.android.chrome.jpg

May this version 1.8 resolve this issue.

@himanshu076
Copy link

@BrentHuang
Copy link

BrentHuang commented Jul 29, 2024

bcrypt version 4.2.0, passlib-1.7.4
There is still this error in fastapi: "(trapped) error reading bcrypt version"

@imikay
Copy link

imikay commented Aug 8, 2024

pip show bcrypt  # check package location
cd /home/xxx/.pyenv/versions/3.10.10/envs/venv/lib/python3.10/site-packages/bcrypt # cd package location 

Remove everything in bcrypt folder, will regenerate upon the install process following.

rm -rf *  # remove everything in bcrypt folder

Reinstall it

pip uninstall bcrypt
pip install bcrypt

The package folder original contains _bcrypt.cpython-310-x86_64-linux-gnu.so, this .so file seems corrupt, this file will not get deleted when you do pip uninstall bcrypt, so you should delete it manually, after the new installation, the generated .so file called _bcrypt.abi3.so this time, I don't know why.

@zeeshanrafiqrana
Copy link

Still facing this error FastAPI
Python 3.12 , 3.11
Version current latest 4.2.0

/lib/python3.12/site-packages/passlib/handlers/bcrypt.py", line 620, in _load_backend_mixin
version = _bcrypt.about.version
^^^^^^^^^^^^^^^^^
AttributeError: module 'bcrypt' has no attribute 'about'

@dann2333
Copy link

Really need to consider replacing this out-of-maintenanced lib.

@to-sta
Copy link

to-sta commented Oct 6, 2024

Had the same issue in FastAPI with using passlib[bcrypt] and moved down to bcrypt 4.0.1, that solved the error for me.

@DarkJedi
Copy link

Had the same issue in FastAPI with using passlib[bcrypt] and moved down to bcrypt 4.0.1, that solved the error for me.

I'd strongly recommend using bcrypt directly, and removing passlib altogether. It was pretty much a single line change in my FastAPI project (changing pwd_context.verify to bcrypt.checkpw) as passlib as described in the FastAPI documentation acts purely as a wrapper around bcrypt anyway.
Better to remove the redundant dependency and not pin your project to out of date libraries!

@storenth
Copy link

Issue looks old fashioned, FastApi's open question still here: fastapi/full-stack-fastapi-template#1369
Screenshot 2024-10-17 at 00 36 39

@carluma
Copy link

carluma commented Oct 22, 2024

Due to the issue explained here, I solved it by creating a dataclass with a version attribute, setting it equal to the new standalone __version__ attribute of bcrypt, and then assigning it to a new attribute __about__ for bcrypt.

import bcrypt
from dataclasses import dataclass

@dataclass
class SolveBugBcryptWarning:
    __version__: str = getattr(bcrypt, "__version__")

setattr(bcrypt, "__about__", SolveBugBcryptWarning())

This way, we can still see the log warnings from passlib, and the bug also disappears.
Now, for example, this code works without any warnings or issues:

from dataclasses import dataclass

import bcrypt
from passlib.context import CryptContext


@dataclass
class SolveBugBcryptWarning:
    __version__: str = getattr(bcrypt, "__version__")


setattr(bcrypt, "__about__", SolveBugBcryptWarning())

pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")


def verify_password(plain_password, hashed_password):
    return pwd_context.verify(plain_password, hashed_password)


def get_password_hash(password):
    return pwd_context.hash(password)


hashed = get_password_hash(("1234"))
print(hashed)

@karpulix
Copy link

karpulix commented Nov 8, 2024

So my working fix is to change [line 620] like this:

venv\Lib\site-packages\passlib\handlers\bcrypt.py

version = _bcrypt.__about__.__version__

Previous ->version = _bcrypt.__about__.__version__

New -> version = getattr(_bcrypt, '__version__', '<unknown>')So my working fix is to change [line 620]

in order not to interfere with the library's source code, I tried this patch – it seems to work

import bcrypt
if not hasattr(bcrypt, '__about__'):
    bcrypt.__about__ = type('about', (object,), {'__version__': bcrypt.__version__})

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests