Utilities
Various utility functions shipped with Werkzeug.
HTML Helpers
- class werkzeug.utils.HTMLBuilder(dialect)
- class werkzeug.utils.cached_property(func, name=None, doc=None)
- class werkzeug.urls.Href(base='./', charset='utf-8', sort=False, key=None)
- class werkzeug.useragents.UserAgent(environ_or_string)
0.6.1 新版功能.
- werkzeug.security.generate_password_hash(password, method='pbkdf2:sha1', salt_length=8)
Hash a password with the given method and salt with with a string of the given length. The format of the string returned includes the method that was used so that werkzeug.security.check_password_hash" title="werkzeug.security.check_password_hash can check the hash.
The format for the hashed string looks like this:
method$salt$hash
This method can not generate unsalted passwords but it is possible to set the method to plain to enforce plaintext passwords. If a salt is used, hmac is used internally to salt the password.
If PBKDF2 is wanted it can be enabled by setting the method to pbkdf2:method:iterations where iterations is optional:
pbkdf2:sha1:2000$salt$hash pbkdf2:sha1$salt$hash
参数: - password – the password to hash
- method – the hash method to use (one that hashlib supports), can optionally be in the format pbpdf2:<method>[:iterations] to enable PBKDF2.
- salt_length – the length of the salt in letters
- werkzeug.security.check_password_hash(pwhash, password)
check a password against a given salted and hashed password value. In order to support unsalted legacy passwords this method supports plain text passwords, md5 and sha1 hashes (both salted and unsalted).
Returns True if the password matched, False otherwise.
参数: - pwhash – a hashed string like returned by werkzeug.security.generate_password_hash" title="werkzeug.security.generate_password_hash
- password – the plaintext password to compare against the hash
- werkzeug.security.safe_str_cmp(a, b)
This function compares strings in somewhat constant time. This requires that the length of at least one string is known in advance.
Returns True if the two strings are equal or False if they are not.
0.7 新版功能.
- werkzeug.security.safe_join(directory, filename)
Safely join directory and filename. If this cannot be done, this function returns None.
参数: - directory – the base directory.
- filename – the untrusted filename relative to that directory.
- werkzeug.security.pbkdf2_hex(data, salt, iterations=1000, keylen=None, hashfunc=None)
Like werkzeug.security.pbkdf2_bin" title="werkzeug.security.pbkdf2_bin but returns a hex encoded string.
0.9 新版功能.
参数: - data – the data to derive.
- salt – the salt for the derivation.
- iterations – the number of iterations.
- keylen – the length of the resulting key. If not provided the digest size will be used.
- hashfunc – the hash function to use. This can either be the string name of a known hash function or a function from the hashlib module. Defaults to sha1.
- werkzeug.security.pbkdf2_bin(data, salt, iterations=1000, keylen=None, hashfunc=None)
Returns a binary digest for the PBKDF2 hash algorithm of data with the given salt. It iterates iterations time and produces a key of keylen bytes. By default SHA-1 is used as hash function, a different hashlib hashfunc can be provided.
0.9 新版功能.
参数: - data – the data to derive.
- salt – the salt for the derivation.
- iterations – the number of iterations.
- keylen – the length of the resulting key. If not provided the digest size will be used.
- hashfunc – the hash function to use. This can either be the string name of a known hash function or a function from the hashlib module. Defaults to sha1.