Pretty much all the code for manipulating password hashes has been moved to the contrib.auth.hashers
module. I noticed that the one exception to this is a small bit of code in contrib.auth.forms:ReadOnlyPasswordHashWidget
, which extracts the algorithm name from the encoded password hash, and then calls get_hasher
.
The attached patch moves this code to a new function, contrib.auth.hashers:identify_hasher
, and adds unittests for it.
This is pretty much a cosmetic change to the existing code, but for various third-party projects which monkeypatch contrib.auth
to handle foreign password hashes (especially ones that don't use the alg$salt$hash format), this patch gives them a single function to patch so that password hashes can be identified correctly.
I know this might not have enough benefit to Django itself to be worth including in the main codebase, but I thought I'd work up the patch anyways.
patch implementing change, with unittests for new function