From a741c62cd6edfb1b343c4fd5c52c30fc46bc00ca Mon Sep 17 00:00:00 2001
From: Martin Zimmermann <info@posativ.org>
Date: Thu, 29 May 2014 13:06:03 +0200
Subject: [PATCH] use python-passlib fallback on Debian

---
 CHANGES.rst            | 15 +++++++++------
 isso/views/comments.py | 14 +++++++++++++-
 tox.ini                |  5 +++--
 3 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 6e5d451..8505d9e 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -52,7 +52,7 @@ Changelog for Isso
   Also there is no longer an avatar shown next to the comment box. This is due
   to the new CSS and removes two runtime dependencies.
 
-- You may now set a full From header, #87
+- you may now set a full From header, #87
 
     [smtp]
     from = Foo Bar <spam@local>
@@ -64,15 +64,18 @@ Changelog for Isso
 - a few bugfixes: Disqus import now anonymizes IP addresses, uWSGI spooling for
   Python 3, HTTP-Referer fallback for HTTP-Origin
 
+- remove Django's PBKDF2 implementation in favour of the PBKDF2 function
+  available in werkzeug 0.9 or higher. If you're still using werkzeug 0.8, Isso
+  imports passlib__ as fallback (if available).
+
 
 This release also features a new templating engine Jade__ which replaces
-Markup.js_.  Jade can compile directly to JavaScript with a tiny runtime module
+Markup.js__. Jade can compile directly to JavaScript with a tiny runtime module
 on the client. Along with the removal of sha1.js and pbkdf2.js and a few build
-optimizations, the JS client now weighs only 40kb (12kb gzipped), 52kb
-resp. 17kb before.
-
-In overall, the codebase lost around 2500 LoC :-)
+optimizations, the JS client now weighs only 40kb (12kb gzipped) – 52kb resp.
+17kb before.
 
+.. __: https://pypi.python.org/pypi/passlib
 .. __: http://jade-lang.com/
 .. __: https://github.com/adammark/Markup.js
 
diff --git a/isso/views/comments.py b/isso/views/comments.py
index 6b25d22..edd3c5e 100644
--- a/isso/views/comments.py
+++ b/isso/views/comments.py
@@ -12,7 +12,6 @@ from werkzeug.http import dump_cookie
 from werkzeug.wsgi import get_current_url
 from werkzeug.utils import redirect
 from werkzeug.routing import Rule
-from werkzeug.security import pbkdf2_hex
 from werkzeug.wrappers import Response
 from werkzeug.exceptions import BadRequest, Forbidden, NotFound
 
@@ -22,6 +21,19 @@ from isso import utils, local
 from isso.utils import http, parse, JSONResponse as JSON
 from isso.views import requires
 
+try:
+    from werkzeug.security import pbkdf2_hex
+except ImportError:
+    try:
+        from passlib.utils.pbkdf2 import pbkdf2
+    except ImportError as ex:
+        raise ImportError("No PBKDF2 implementation found. Either upgrade " +
+                          "to `werkzeug` 0.9 or install `passlib`.")
+    else:
+        import base64
+        pbkdf2_hex = lambda text, salt, iterations, dklen: base64.b16encode(
+            pbkdf2(text.encode("utf-8"), salt, iterations, dklen)).lower().decode("utf-8")
+
 # from Django appearently, looks good to me *duck*
 __url_re = re.compile(
     r'^'
diff --git a/tox.ini b/tox.ini
index bfb9a38..6d64448 100755
--- a/tox.ini
+++ b/tox.ini
@@ -21,11 +21,12 @@ deps =
 
 [testenv:debian]
 deps=
-    werkzeug==0.8.3
     html5lib==0.95
-    itsdangerous==0.22
     ipaddr==2.1.10
+    itsdangerous==0.22
     misaka==1.0.2
+    passlib==1.5.3
+    werkzeug==0.8.3
 
 [testenv:squeeze]
 basepython=python2.6