AttributeError: 'SHA512' object has no attribute 'update'

[giovannicimolin]

When migrating my project to version 5.x, I get the following error when running tests:

    response = handler(request, *args, **kwargs)
  File "/code/custom_auth/views.py", line 165, in post
    _, token = AuthToken.objects.create(
  File "/opt/venv/lib/python3.10/site-packages/knox/models.py", line 24, in create
    digest = crypto.hash_token(token)
  File "/opt/venv/lib/python3.10/site-packages/knox/crypto.py", line 30, in hash_token
    digest.update(make_hex_compatible(token))
AttributeError: 'SHA512' object has no attribute 'update'

Related code:

django-rest-knox/knox/crypto.py

Line 15 in 1e379b4

def make_hex_compatible(token: str) -> bytes:

Investigation ongoing.

[giovannicimolin]

I think this was caused by this switch alongside the code changes linked above: #230

[johnraz]

The related code is actually

django-rest-knox/knox/crypto.py

Line 30 in 1e379b4

digest.update(make_hex_compatible(token))

and digest is from

django-rest-knox/knox/crypto.py

Line 6 in 1e379b4

hash_func = knox_settings.SECURE_HASH_ALGORITHM

This is weird because the interface should have the update method according to the Python doc

https://docs.python.org/3/library/hashlib.html#hash-algorithms

What do you have in your settings ? Could you have a bad import there ?

Also the Python version might be a factor here

which version are you using?
edit: it’s clearly 3.10 from the traceback

I recommend we improve the test suite of knox to cover all the hash functions we support.

Cheers !

[giovannicimolin]

@johnraz Yup, that's excatly the place having issues.

I'm using the old default cryptography.hazmat.primitives.hashes.SHA512, but it looks like it's broken now.
I'm investigating to figure out why this happened and why it was working before.

I recommend we improve the test suite of knox to cover all the hash functions we support.

👍 to this.
It was already in my plans but I guess I'll have to work on it earlier than expected.

[giovannicimolin]

In 4.2.0 the code was like this:

    digest = hashes.Hash(sha(), backend=default_backend())
    digest.update(binascii.unhexlify(token))
    return binascii.hexlify(digest.finalize()).decode()

With the signature change the cryptography functions don't work anymore.

I wanted to keep old tokens working with #362, but now I'm not 100% sure it'll work as is currently.

[giovannicimolin]

I'll close this now since the issue was me trying to use a now incompatible hashing method.

If anyone is looking for a solution when bumping into this issue: just remove the line below and let the library use the default from hashlib.

    "SECURE_HASH_ALGORITHM": "cryptography.hazmat.primitives.hashes.SHA512",

I think we'll need to do a better job at documentation when changes like this come in. I'll be more attentive when reviewing PRs related to this now.