diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py index b97c5d7..47e984b 100644 --- a/django/contrib/auth/forms.py +++ b/django/contrib/auth/forms.py @@ -1,6 +1,8 @@ from django import forms +from django.forms.util import flatatt from django.template import loader from django.utils.http import int_to_base36 +from django.utils.safestring import mark_safe from django.utils.translation import ugettext_lazy as _ from django.contrib.auth.models import User @@ -9,6 +11,44 @@ from django.contrib.auth import authenticate from django.contrib.auth.tokens import default_token_generator from django.contrib.sites.models import get_current_site +UNMASKED_DIGITS_TO_SHOW = 6 + + +class ReadOnlyHashedPasswordWidget(forms.Widget): + def render(self, name, value, attrs): + final_attrs = self.build_attrs(attrs) + + if not value: + return "None" + + parts = value.split("$") + if len(parts) != 3: + # Legacy Passwords did not have a hash and were md5 + hash_type = "md5" + masked = "%s%s" % (value[:UNMASKED_DIGITS_TO_SHOW], "*" * max(len(value) - UNMASKED_DIGITS_TO_SHOW, 0)) + else: + hash_type = parts[0] + masked = "%s%s" % (parts[2][:UNMASKED_DIGITS_TO_SHOW], "*" * max(len(parts[2]) - UNMASKED_DIGITS_TO_SHOW, 0)) + + return mark_safe("""