From 398f5c920ba4b3fad543e2acbf02058fde02db30 Mon Sep 17 00:00:00 2001
From: Jon Banafato <jon@jonafato.com>
Date: Tue, 23 Jun 2015 13:23:07 -0400
Subject: [PATCH] Restrict bcrypt to <2.0.0

As of 2.0.0, passlib no longer correctly identifies bcrypt as bcrypt
(instead, it mistakenly applies pybcrypt logic to bcrypt). This results
in all Python 3 logic involving bcrypt failing. As a hotfix, we should
require users to be on a version of bcrypt that passlib can handle a fix
can be pushed into passlib.
---
 docs/configuration.rst | 5 ++++-
 requirements-dev.txt   | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/docs/configuration.rst b/docs/configuration.rst
index 83627d49..3ac4a921 100644
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@@ -23,7 +23,10 @@ Core
                                          passwords. Recommended values for
                                          production systems are ``bcrypt``,
                                          ``sha512_crypt``, or ``pbkdf2_sha512``.
-                                         Defaults to ``plaintext``.
+                                         Defaults to ``plaintext``. Note:
+                                         ``bcrypt>=2.0.0`` is not currently
+                                         supported. If ``bcrypt`` is preferred,
+                                         please use ``bcrypt<2.0``.
 ``SECURITY_PASSWORD_SALT``               Specifies the HMAC salt. This is only
                                          used if the password hash type is set
                                          to something other than plain text.
diff --git a/requirements-dev.txt b/requirements-dev.txt
index 5a20b643..3027ffb3 100644
--- a/requirements-dev.txt
+++ b/requirements-dev.txt
@@ -1,5 +1,5 @@
 Flask-SQLAlchemy>=1.0
-bcrypt>=1.0.2
+bcrypt>=1.0.2,<2.0.0
 flask-mongoengine>=0.7.0
 flask-peewee>=0.6.5
 pymongo==2.8