Opened 5 years ago

Closed 4 years ago

Last modified 4 years ago

#18184 closed Cleanup/optimization (fixed)

relocate algorithm identification code to hashers module

Reported by: Eli Collins <elic@…> Owned by: nobody
Component: contrib.auth Version: 1.4
Severity: Normal Keywords: hashers
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Pretty much all the code for manipulating password hashes has been moved to the contrib.auth.hashers module. I noticed that the one exception to this is a small bit of code in contrib.auth.forms:ReadOnlyPasswordHashWidget, which extracts the algorithm name from the encoded password hash, and then calls get_hasher.

The attached patch moves this code to a new function, contrib.auth.hashers:identify_hasher, and adds unittests for it.

This is pretty much a cosmetic change to the existing code, but for various third-party projects which monkeypatch contrib.auth to handle foreign password hashes (especially ones that don't use the alg$salt$hash format), this patch gives them a single function to patch so that password hashes can be identified correctly.

I know this might not have enough benefit to Django itself to be worth including in the main codebase, but I thought I'd work up the patch anyways.

Attachments (1)

identify_hasher.patch (5.7 KB) - added by Eli Collins <elic@…> 5 years ago.
patch implementing change, with unittests for new function

Download all attachments as: .zip

Change History (5)

Changed 5 years ago by Eli Collins <elic@…>

Attachment: identify_hasher.patch added

patch implementing change, with unittests for new function

comment:1 Changed 4 years ago by Jannis Leidel

Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset
Triage Stage: UnreviewedAccepted

comment:2 Changed 4 years ago by Jannis Leidel

Triage Stage: AcceptedReady for checkin

comment:3 Changed 4 years ago by Claude Paroz <claude@…>

Resolution: fixed
Status: newclosed

In [70a0351fefaab4bce8c1085008ec5f12ba6cf279]:

Fixed #18184 -- Moved algorithm identification code to hashers module

Thanks Eli Collins for the report and the patch.

comment:4 Changed 4 years ago by Collin Anderson

Now, what I need is a way to customize the identify_hasher function.

Note: See TracTickets for help on using tickets.
Back to Top