relocate algorithm identification code to hashers module
|Reported by:||Eli Collins <elic@…>||Owned by:||nobody|
|Cc:||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Pretty much all the code for manipulating password hashes has been moved to the contrib.auth.hashers module. I noticed that the one exception to this is a small bit of code in contrib.auth.forms:ReadOnlyPasswordHashWidget, which extracts the algorithm name from the encoded password hash, and then calls get_hasher.
The attached patch moves this code to a new function, contrib.auth.hashers:identify_hasher, and adds unittests for it.
This is pretty much a cosmetic change to the existing code, but for various third-party projects which monkeypatch contrib.auth to handle foreign password hashes (especially ones that don't use the alg$salt$hash format), this patch gives them a single function to patch so that password hashes can be identified correctly.
I know this might not have enough benefit to Django itself to be worth including in the main codebase, but I thought I'd work up the patch anyways.
Change History (5)
Changed 3 years ago by Eli Collins <elic@…>
comment:1 Changed 3 years ago by jezdez
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
- Triage Stage changed from Unreviewed to Accepted
comment:3 Changed 3 years ago by Claude Paroz <claude@…>
- Resolution set to fixed
- Status changed from new to closed