Drop the sha512_crypt module

This feature was deprecated for removal in the Epoxy cycle. Complete the deprecation process and enable support for Python >= 3.13 which drops the crypt module this feature uses. Change-Id: Ic4f60bc39b1143f436100a169f1afbf08e1b0fea
2025-01-22 10:14:00 +00:00
parent 9eaf07c97d
commit 4a4137d5f7
3 changed files with 7 additions and 47 deletions
--- a/keystone/common/password_hashers/sha512_crypt.py
+++ b/keystone/common/password_hashers/sha512_crypt.py
@@ -1,39 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-import crypt
-
-from keystone.common import password_hashers
-
-
-class Sha512_crypt(password_hashers.PasswordHasher):
-    """passlib transition class for sha512_crypt password hashing"""
-
-    name: str = "sha512_crypt"
-    ident: str = "$6$"
-
-    @staticmethod
-    def verify(password: bytes, hashed: str) -> bool:
-        """Verify hashing password would be equal to the `hashed` value
-
-        :param bytes password: Password to verify
-        :param string hashed: Hashed password. Used to extract hashing
-            parameters
-
-        :returns: boolean whether hashing password with the same parameters
-            would match hashed value
-        """
-
-        return (
-            crypt.crypt(password.decode("utf8"), hashed[0 : hashed.rfind("$")])
-            == hashed
-        )
--- a/keystone/common/password_hashing.py
+++ b/keystone/common/password_hashing.py
@@ -21,7 +21,6 @@ from keystone.common import password_hashers
 from keystone.common.password_hashers import bcrypt
 from keystone.common.password_hashers import pbkdf2
 from keystone.common.password_hashers import scrypt
-from keystone.common.password_hashers import sha512_crypt
 import keystone.conf
 from keystone import exception
 from keystone.i18n import _
@@ -31,13 +30,7 @@ LOG = log.getLogger(__name__)

 SUPPORTED_HASHERS: frozenset[type[password_hashers.PasswordHasher]] = (
    frozenset(
-        [
-            scrypt.Scrypt,
-            bcrypt.Bcrypt,
-            bcrypt.Bcrypt_sha256,
-            sha512_crypt.Sha512_crypt,
-            pbkdf2.Sha512,
-        ]
+        [scrypt.Scrypt, bcrypt.Bcrypt, bcrypt.Bcrypt_sha256, pbkdf2.Sha512]
    )
 )

--- a/releasenotes/notes/remove-sha512_crypt-password-hashing-module-be4c5ed3f50017c0.yaml
+++ b/releasenotes/notes/remove-sha512_crypt-password-hashing-module-be4c5ed3f50017c0.yaml
@@ -0,0 +1,6 @@
+---
+other:
+  - |
+    The sha512_crypt password hashing module has been removed, completing the
+    deprecation process and dropping use of the crypt module which has been
+    dropped in Python >= 3.13.