Code

Ticket #18182: 18182-3.diff

File 18182-3.diff, 4.6 KB (added by claudep, 23 months ago)

Proper display in ReadOnlyPasswordHashWidget

Line 
1diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py
2index 780b0c0..b61d149 100644
3--- a/django/contrib/auth/forms.py
4+++ b/django/contrib/auth/forms.py
5@@ -20,19 +20,21 @@ class ReadOnlyPasswordHashWidget(forms.Widget):
6     def render(self, name, value, attrs):
7         encoded = value
8 
9-        if not is_password_usable(encoded):
10-            return "None"
11-
12         final_attrs = self.build_attrs(attrs)
13 
14-        try:
15-            hasher = identify_hasher(encoded)
16-        except ValueError:
17-            summary = "<strong>Invalid password format or unknown hashing algorithm.</strong>"
18+        if encoded == UNUSABLE_PASSWORD:
19+            summary = "<strong>%s</strong>" % ugettext(
20+                "Unusable password, the user cannot login.")
21         else:
22-            summary = ""
23-            for key, value in hasher.safe_summary(encoded).iteritems():
24-                summary += "<strong>%(key)s</strong>: %(value)s " % {"key": ugettext(key), "value": value}
25+            try:
26+                hasher = identify_hasher(encoded)
27+            except ValueError:
28+                summary = "<strong>%s</strong>" % ugettext(
29+                    "Invalid password format or unknown hashing algorithm.")
30+            else:
31+                summary = ""
32+                for key, value in hasher.safe_summary(encoded).iteritems():
33+                    summary += "<strong>%(key)s</strong>: %(value)s " % {"key": ugettext(key), "value": value}
34 
35         return mark_safe("<div%(attrs)s>%(summary)s</div>" % {"attrs": flatatt(final_attrs), "summary": summary})
36 
37diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py
38index 96ec40b..18a11a4 100644
39--- a/django/contrib/auth/hashers.py
40+++ b/django/contrib/auth/hashers.py
41@@ -27,7 +27,13 @@ def reset_hashers(**kwargs):
42 
43 
44 def is_password_usable(encoded):
45-    return (encoded is not None and encoded != UNUSABLE_PASSWORD)
46+    if encoded is None or encoded == UNUSABLE_PASSWORD:
47+        return False
48+    try:
49+        hasher = identify_hasher(encoded)
50+    except ValueError:
51+        return False
52+    return True
53 
54 
55 def check_password(password, encoded, setter=None, preferred='default'):
56diff --git a/django/contrib/auth/tests/forms.py b/django/contrib/auth/tests/forms.py
57index 2ab8958..f3d9bfb 100644
58--- a/django/contrib/auth/tests/forms.py
59+++ b/django/contrib/auth/tests/forms.py
60@@ -234,23 +234,31 @@ class UserChangeFormTest(TestCase):
61         # Just check we can create it
62         form = MyUserForm({})
63 
64+    def test_unsuable_password(self):
65+        user = User.objects.get(username='empty_password')
66+        user.set_unusable_password()
67+        user.save()
68+        form = UserChangeForm(instance=user)
69+        self.assertIn(_("Unusable password, the user cannot login."),
70+            form.as_table())
71+
72     def test_bug_17944_empty_password(self):
73         user = User.objects.get(username='empty_password')
74         form = UserChangeForm(instance=user)
75-        # Just check that no error is raised.
76-        form.as_table()
77+        self.assertIn(_("Invalid password format or unknown hashing algorithm."),
78+            form.as_table())
79 
80     def test_bug_17944_unmanageable_password(self):
81         user = User.objects.get(username='unmanageable_password')
82         form = UserChangeForm(instance=user)
83-        # Just check that no error is raised.
84-        form.as_table()
85+        self.assertIn(_("Invalid password format or unknown hashing algorithm."),
86+            form.as_table())
87 
88     def test_bug_17944_unknown_password_algorithm(self):
89         user = User.objects.get(username='unknown_password')
90         form = UserChangeForm(instance=user)
91-        # Just check that no error is raised.
92-        form.as_table()
93+        self.assertIn(_("Invalid password format or unknown hashing algorithm."),
94+            form.as_table())
95 
96 
97 @override_settings(USE_TZ=False, PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',))
98diff --git a/django/contrib/auth/tests/hashers.py b/django/contrib/auth/tests/hashers.py
99index 673263b..d867a57 100644
100--- a/django/contrib/auth/tests/hashers.py
101+++ b/django/contrib/auth/tests/hashers.py
102@@ -100,6 +100,10 @@ class TestUtilsHashPass(unittest.TestCase):
103         self.assertRaises(ValueError, doit)
104         self.assertRaises(ValueError, identify_hasher, "lolcat$salt$hash")
105 
106+    def test_bad_encoded(self):
107+        self.assertFalse(is_password_usable('letmein_badencoded'))
108+        self.assertFalse(is_password_usable(''))
109+
110     def test_low_level_pkbdf2(self):
111         hasher = PBKDF2PasswordHasher()
112         encoded = hasher.encode('letmein', 'seasalt')