Code

Ticket #18182: patch_18182.diff

File patch_18182.diff, 1.5 KB (added by moritzs, 2 years ago)
Line 
1diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py
2index 5824685..8b28d52 100644
3--- a/django/contrib/auth/hashers.py
4+++ b/django/contrib/auth/hashers.py
5@@ -16,7 +16,7 @@ PREFERRED_HASHER = None  # defaults to first item in PASSWORD_HASHERS
6 
7 
8 def is_password_usable(encoded):
9-    return (encoded is not None and encoded != UNUSABLE_PASSWORD)
10+    return (encoded is not None and encoded != UNUSABLE_PASSWORD and ('$' in encoded or len(encoded) == 32))
11 
12 
13 def check_password(password, encoded, setter=None, preferred='default'):
14@@ -35,7 +35,7 @@ def check_password(password, encoded, setter=None, preferred='default'):
15     password = smart_str(password)
16     encoded = smart_str(encoded)
17 
18-    if len(encoded) == 32 and '$' not in encoded:
19+    if '$' not in encoded:
20         hasher = get_hasher('unsalted_md5')
21     else:
22         algorithm = encoded.split('$', 1)[0]
23diff --git a/django/contrib/auth/tests/hashers.py b/django/contrib/auth/tests/hashers.py
24index 8a11511..2520d42 100644
25--- a/django/contrib/auth/tests/hashers.py
26+++ b/django/contrib/auth/tests/hashers.py
27@@ -90,6 +90,11 @@ class TestUtilsHashPass(unittest.TestCase):
28             make_password('letmein', hasher='lolcat')
29         self.assertRaises(ValueError, doit)
30 
31+    def test_bad_encoded_pasword(self):
32+        encoded = 'letmeinbadencoded'
33+        self.assertFalse(is_password_usable(encoded))
34+
35+
36     def test_low_level_pkbdf2(self):
37         hasher = PBKDF2PasswordHasher()
38         encoded = hasher.encode('letmein', 'seasalt')