Code

Ticket #18182: 18182-2.diff

File 18182-2.diff, 1.2 KB (added by claudep, 2 years ago)

Updated and using identify_hasher

Line 
1diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py
2index 96ec40b..18a11a4 100644
3--- a/django/contrib/auth/hashers.py
4+++ b/django/contrib/auth/hashers.py
5@@ -27,7 +27,13 @@ def reset_hashers(**kwargs):
6 
7 
8 def is_password_usable(encoded):
9-    return (encoded is not None and encoded != UNUSABLE_PASSWORD)
10+    if encoded is None or encoded == UNUSABLE_PASSWORD:
11+        return False
12+    try:
13+        hasher = identify_hasher(encoded)
14+    except ValueError:
15+        return False
16+    return True
17 
18 
19 def check_password(password, encoded, setter=None, preferred='default'):
20diff --git a/django/contrib/auth/tests/hashers.py b/django/contrib/auth/tests/hashers.py
21index 673263b..cb9d97d 100644
22--- a/django/contrib/auth/tests/hashers.py
23+++ b/django/contrib/auth/tests/hashers.py
24@@ -100,6 +100,10 @@ class TestUtilsHashPass(unittest.TestCase):
25         self.assertRaises(ValueError, doit)
26         self.assertRaises(ValueError, identify_hasher, "lolcat$salt$hash")
27 
28+    def test_bad_encoded(self):
29+        encoded = 'letmein_badencoded'
30+        self.assertFalse(is_password_usable(encoded))
31+
32     def test_low_level_pkbdf2(self):
33         hasher = PBKDF2PasswordHasher()
34         encoded = hasher.encode('letmein', 'seasalt')