Ticket #4314: unicode-password.diff

File unicode-password.diff, 2.1 KB (added by anonymous, 8 years ago)
  • contrib/auth/models.py

     
    22from django.core.exceptions import ImproperlyConfigured
    33from django.db import backend, connection, models
    44from django.contrib.contenttypes.models import ContentType
     5from django.utils.encoding import smart_str
    56from django.utils.translation import ugettext_lazy, ugettext as _
    67import datetime
    78import urllib
     
    1415    algo, salt, hsh = enc_password.split('$')
    1516    if algo == 'md5':
    1617        import md5
    17         return hsh == md5.new(salt+raw_password).hexdigest()
     18        return hsh == md5.new(smart_str(salt + raw_password)).hexdigest()
    1819    elif algo == 'sha1':
    1920        import sha
    20         return hsh == sha.new(salt+raw_password).hexdigest()
     21        return hsh == sha.new(smart_str(salt + raw_password)).hexdigest()
    2122    elif algo == 'crypt':
    2223        try:
    2324            import crypt
    2425        except ImportError:
    2526            raise ValueError, "Crypt password algorithm not supported in this environment."
    26         return hsh == crypt.crypt(raw_password, salt)
     27        return hsh == crypt.crypt(smart_str(raw_password), smart_str(salt))
    2728    raise ValueError, "Got unknown password algorithm type in password."
    2829
    2930class SiteProfileNotAvailable(Exception):
     
    153154        import sha, random
    154155        algo = 'sha1'
    155156        salt = sha.new(str(random.random())).hexdigest()[:5]
    156         hsh = sha.new(salt+raw_password).hexdigest()
     157        hsh = sha.new(salt + smart_str(raw_password)).hexdigest()
    157158        self.password = '%s$%s$%s' % (algo, salt, hsh)
    158159
    159160    def check_password(self, raw_password):
     
    165166        # algorithm or salt.
    166167        if '$' not in self.password:
    167168            import md5
    168             is_correct = (self.password == md5.new(raw_password).hexdigest())
     169            is_correct = (self.password == md5.new(smart_str(raw_password)).hexdigest())
    169170            if is_correct:
    170171                # Convert the password to the new, more secure format.
    171172                self.set_password(raw_password)
Back to Top