Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#18184 closed Cleanup/optimization (fixed)

relocate algorithm identification code to hashers module

Reported by: Eli Collins <elic@…> Owned by: nobody
Component: contrib.auth Version: 1.4
Severity: Normal Keywords: hashers
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Pretty much all the code for manipulating password hashes has been moved to the contrib.auth.hashers module. I noticed that the one exception to this is a small bit of code in contrib.auth.forms:ReadOnlyPasswordHashWidget, which extracts the algorithm name from the encoded password hash, and then calls get_hasher.

The attached patch moves this code to a new function, contrib.auth.hashers:identify_hasher, and adds unittests for it.

This is pretty much a cosmetic change to the existing code, but for various third-party projects which monkeypatch contrib.auth to handle foreign password hashes (especially ones that don't use the alg$salt$hash format), this patch gives them a single function to patch so that password hashes can be identified correctly.

I know this might not have enough benefit to Django itself to be worth including in the main codebase, but I thought I'd work up the patch anyways.

Attachments (1)

identify_hasher.patch (5.7 KB) - added by Eli Collins <elic@…> 3 years ago.
patch implementing change, with unittests for new function

Download all attachments as: .zip

Change History (5)

Changed 3 years ago by Eli Collins <elic@…>

patch implementing change, with unittests for new function

comment:1 Changed 3 years ago by jezdez

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted

comment:2 Changed 3 years ago by jezdez

  • Triage Stage changed from Accepted to Ready for checkin

comment:3 Changed 3 years ago by Claude Paroz <claude@…>

  • Resolution set to fixed
  • Status changed from new to closed

In [70a0351fefaab4bce8c1085008ec5f12ba6cf279]:

Fixed #18184 -- Moved algorithm identification code to hashers module

Thanks Eli Collins for the report and the patch.

comment:4 Changed 3 years ago by CollinAnderson

Now, what I need is a way to customize the identify_hasher function.

Note: See TracTickets for help on using tickets.
Back to Top