def initPasswordFile(path: Path) -> HtpasswdFile:
passwordFile = HtpasswdFile(str(path), default_scheme='portable', new=True)
# Marking schemes as deprecated tells passlib to re-hash when a password
# is successfully verified. Instead of marking only known insecure schemes
# as deprecated, we mark everything except the default scheme.
# A good password cannot be brute forced in a reasonable amount of time,
# but few people actually use good passwords, so slowing down an attacker
# by using the best hash algorithm we have available is useful.
orgContext = passwordFile.context
defaultScheme = orgContext.default_scheme()
deprecated = [
scheme for scheme in orgContext.schemes() if scheme != defaultScheme
]
passwordFile.context = orgContext.copy(deprecated=deprecated)
try:
passwordFile.load()
except FileNotFoundError:
path.parent.mkdir(parents=True, exist_ok=True)
# Create empty file.
with path.open('a'):
pass
return passwordFile
