fix: Default password hashing algorithm depends on Werkzeug version (#…

…2306)

Older version of Werkzeug use different versions of algorithms. For
Apache Airflow and other potential users that are stuck with Werkzeug
that is < 2.3.0 - that version does not support scrypt, so this
changed caused failures with "scrypt not supported" - but if you
have Werkzeug >= 2.3.0, < 3.0.0.

flask_appbuilder/security/manager.py

@@ -229,12 +229,25 @@ def __init__(self, appbuilder):
         app.config.setdefault("AUTH_ROLES_MAPPING", {})
         app.config.setdefault("AUTH_ROLES_SYNC_AT_LOGIN", False)
         app.config.setdefault("AUTH_API_LOGIN_ALLOW_MULTIPLE_PROVIDERS", False)
-        app.config.setdefault(
-            "AUTH_DB_FAKE_PASSWORD_HASH_CHECK",
-            "scrypt:32768:8:1$wiDa0ruWlIPhp9LM$6e409d093e62ad54df2af895d0e125b05ff6cf6414"
-            "8350189ffc4bcc71286edf1b8ad94a442c00f890224bf2b32153d0750c89ee9"
-            "401e62f9dcee5399065e4e5",
-        )
+
+        from packaging.version import Version
+        from werkzeug import __version__ as werkzeug_version
+
+        parsed_werkzeug_version = Version(werkzeug_version)
+        if parsed_werkzeug_version < Version("3.0.0"):
+            app.config.setdefault(
+                "AUTH_DB_FAKE_PASSWORD_HASH_CHECK",
+                "pbkdf2:sha256:150000$Z3t6fmj2$22da622d94a1f8118"
+                "c0976a03d2f18f680bfff877c9a965db9eedc51bc0be87c",
+            )
+        else:
+            app.config.setdefault(
+                "AUTH_DB_FAKE_PASSWORD_HASH_CHECK",
+                "scrypt:32768:8:1$wiDa0ruWlIPhp9LM$6e40"
+                "9d093e62ad54df2af895d0e125b05ff6cf6414"
+                "8350189ffc4bcc71286edf1b8ad94a442c00f8"
+                "90224bf2b32153d0750c89ee9401e62f9dcee5399065e4e5",
+            )
 
         # LDAP Config
         if self.auth_type == AUTH_LDAP: