From 438d5f1735e84210ea85e603632e5b84929b7307 Mon Sep 17 00:00:00 2001
From: Peter Bieringer <pb@bieringer.de>
Date: Wed, 6 Mar 2024 22:42:37 +0100
Subject: [PATCH 1/2] fix for https://github.com/Kozea/Radicale/issues/1350
 replacing passlib[bcrypt] with direct call to bcrypt

---
 config                    |  2 +-
 radicale/auth/htpasswd.py | 10 +++-------
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/config b/config
index 7c77f5f9..4c283bbf 100644
--- a/config
+++ b/config
@@ -60,7 +60,7 @@
 
 # Htpasswd encryption method
 # Value: plain | bcrypt | md5
-# bcrypt requires the installation of radicale[bcrypt].
+# bcrypt requires the installation of 'bcrypt' module.
 #htpasswd_encryption = md5
 
 # Incorrect authentication delay (seconds)
diff --git a/radicale/auth/htpasswd.py b/radicale/auth/htpasswd.py
index 872f7277..dbc40b91 100644
--- a/radicale/auth/htpasswd.py
+++ b/radicale/auth/htpasswd.py
@@ -73,15 +73,11 @@ def __init__(self, configuration: config.Configuration) -> None:
             self._verify = self._md5apr1
         elif encryption == "bcrypt":
             try:
-                from passlib.hash import bcrypt
+                import bcrypt
             except ImportError as e:
                 raise RuntimeError(
                     "The htpasswd encryption method 'bcrypt' requires "
-                    "the passlib[bcrypt] module.") from e
-            # A call to `encrypt` raises passlib.exc.MissingBackendError with a
-            # good error message if bcrypt backend is not available. Trigger
-            # this here.
-            bcrypt.hash("test-bcrypt-backend")
+                    "the bcrypt module.") from e
             self._verify = functools.partial(self._bcrypt, bcrypt)
         else:
             raise RuntimeError("The htpasswd encryption method %r is not "
@@ -92,7 +88,7 @@ def _plain(self, hash_value: str, password: str) -> bool:
         return hmac.compare_digest(hash_value.encode(), password.encode())
 
     def _bcrypt(self, bcrypt: Any, hash_value: str, password: str) -> bool:
-        return bcrypt.verify(password, hash_value.strip())
+        return bcrypt.checkpw(password = password.encode('utf-8'), hashed_password = hash_value.encode())
 
     def _md5apr1(self, hash_value: str, password: str) -> bool:
         return apr_md5_crypt.verify(password, hash_value.strip())

From 1593742ce239a059a29177b52361955df771fe7c Mon Sep 17 00:00:00 2001
From: Peter Bieringer <pb@bieringer.de>
Date: Wed, 6 Mar 2024 22:46:07 +0100
Subject: [PATCH 2/2] make flake8 happy

---
 radicale/auth/htpasswd.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/radicale/auth/htpasswd.py b/radicale/auth/htpasswd.py
index dbc40b91..67c9b769 100644
--- a/radicale/auth/htpasswd.py
+++ b/radicale/auth/htpasswd.py
@@ -88,7 +88,7 @@ def _plain(self, hash_value: str, password: str) -> bool:
         return hmac.compare_digest(hash_value.encode(), password.encode())
 
     def _bcrypt(self, bcrypt: Any, hash_value: str, password: str) -> bool:
-        return bcrypt.checkpw(password = password.encode('utf-8'), hashed_password = hash_value.encode())
+        return bcrypt.checkpw(password=password.encode('utf-8'), hashed_password=hash_value.encode())
 
     def _md5apr1(self, hash_value: str, password: str) -> bool:
         return apr_md5_crypt.verify(password, hash_value.strip())