A way to check if a str is actually a hashed password

[Diegovsky]

I noticed that with argon2 at least you can know if a str actually represents a hashed password. It has a specific format that encodes this information.

I'm currently writing a custom type decorator for SQLAlchemy that hashes a password if it is unhashed and to prevent already hashed passwords from being rehashed, it would be nice to have a way (say, a pwdlib.is_hashed function) to check if it at least looks like a hashed password from pwdlib.

If course, I can just tag my passwords with something like a hashed: prefix, but I think this is seriously redundant considering pwd already has this information encoded.

What do you think?

[frankie567]

Interesting! Actually, we already have identify methods on each implemented algorithms, and we use it to determine the right one to apply when verifying a password:

pwdlib/pwdlib/_hash.py

Lines 85 to 87 in 17fd0c6

	for hasher in self.hashers:
	if hasher.identify(hash):
	return hasher.verify(password, hash)

The main wrapper doesn't expose it, but I suppose we could add it. Something like:

class PasswordHash:
    # ...
    def identify(
        self, hash: typing.Union[str, bytes]
    ) -> HasherProtocol:
        for hasher in self.hashers:
            if hasher.identify(hash):
                return hasher
        raise exceptions.UnknownHashError(hash)

If you want to take a stab at a PR, you're very welcome 🙏

[Diegovsky]

I would like to avoid making a PR because I'm not familiar with the codebase (and contributing to python repositories in general), and it looks to me you already have a solution in mind, which fits my needs. Can't this be committed as-is?