Opened 7 years ago

Closed 7 years ago

#18453 closed Bug (fixed)

Unknown password hashing algorithm error if password is blank

Reported by: Leo Shklovskii Owned by: nobody
Component: contrib.auth Version: 1.4
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Related to #18182 - if the password on the user is blank, Django crashes with the error: Unknown password hashing algorithm ''. Did you specify it in the PASSWORD_HASHERS setting?

Change History (4)

comment:1 Changed 7 years ago by Claude Paroz

Could you please specify at which point does the crash occurs? I've worked on #18182, and I would like to be sure that your use case is addressed.

comment:2 Changed 7 years ago by Leo Shklovskii

Sorry, to clarify, it hits the ValueError which results in a 500:

File "/foo/lib/python2.7/site-packages/django/contrib/auth/", line 115, in get_hasher
  "setting?" % algorithm)

File "/foo/lib/python2.7/site-packages/django/contrib/auth/", line 42, in check_password
  hasher = get_hasher(algorithm)

File "/foo/lib/python2.7/site-packages/django/contrib/auth/", line 304, in check_password
  return check_password(raw_password, self.password, setter)

That happens because the algorithm ends up being ''

comment:3 Changed 7 years ago by Claude Paroz

Triage Stage: UnreviewedAccepted

This should be fixed if current patch of #18182 is committed, however let this one open until then.

comment:4 Changed 7 years ago by Claude Paroz <claude@…>

Resolution: fixed
Status: newclosed

In 703c266682be39f7153498ad0d8031231f12ee79:

Fixed #18182 -- Made is_usable_password check if hashing algorithm is correct

The display of the ReadOnlyPasswordHashWidget has also been improved to
distinguish empty/unusable password from erroneous password.
Fixed #18453 also.
Thanks danielr and Leo for the reports and Moritz Sichert for the
initial patch.

Note: See TracTickets for help on using tickets.
Back to Top