Ticket #18182: patch_18182.diff

File patch_18182.diff, 1.5 KB (added by moritzs, 3 years ago)
  • django/contrib/auth/hashers.py

    diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py
    index 5824685..8b28d52 100644
    a b PREFERRED_HASHER = None # defaults to first item in PASSWORD_HASHERS 
    1616
    1717
    1818def is_password_usable(encoded):
    19     return (encoded is not None and encoded != UNUSABLE_PASSWORD)
     19    return (encoded is not None and encoded != UNUSABLE_PASSWORD and ('$' in encoded or len(encoded) == 32))
    2020
    2121
    2222def check_password(password, encoded, setter=None, preferred='default'):
    def check_password(password, encoded, setter=None, preferred='default'): 
    3535    password = smart_str(password)
    3636    encoded = smart_str(encoded)
    3737
    38     if len(encoded) == 32 and '$' not in encoded:
     38    if '$' not in encoded:
    3939        hasher = get_hasher('unsalted_md5')
    4040    else:
    4141        algorithm = encoded.split('$', 1)[0]
  • django/contrib/auth/tests/hashers.py

    diff --git a/django/contrib/auth/tests/hashers.py b/django/contrib/auth/tests/hashers.py
    index 8a11511..2520d42 100644
    a b class TestUtilsHashPass(unittest.TestCase): 
    9090            make_password('letmein', hasher='lolcat')
    9191        self.assertRaises(ValueError, doit)
    9292
     93    def test_bad_encoded_pasword(self):
     94        encoded = 'letmeinbadencoded'
     95        self.assertFalse(is_password_usable(encoded))
     96
     97
    9398    def test_low_level_pkbdf2(self):
    9499        hasher = PBKDF2PasswordHasher()
    95100        encoded = hasher.encode('letmein', 'seasalt')
Back to Top