Code

#18453 closed Bug (fixed)

Unknown password hashing algorithm error if password is blank

Reported by: Leo Owned by: nobody
Component: contrib.auth Version: 1.4
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Related to #18182 - if the password on the user is blank, Django crashes with the error: Unknown password hashing algorithm ''. Did you specify it in the PASSWORD_HASHERS setting?

Attachments (0)

Change History (4)

comment:1 Changed 23 months ago by claudep

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

Could you please specify at which point does the crash occurs? I've worked on #18182, and I would like to be sure that your use case is addressed.

comment:2 Changed 23 months ago by Leo

Sorry, to clarify, it hits the ValueError which results in a 500:

File "/foo/lib/python2.7/site-packages/django/contrib/auth/hashers.py", line 115, in get_hasher
  "setting?" % algorithm)

File "/foo/lib/python2.7/site-packages/django/contrib/auth/hashers.py", line 42, in check_password
  hasher = get_hasher(algorithm)

File "/foo/lib/python2.7/site-packages/django/contrib/auth/models.py", line 304, in check_password
  return check_password(raw_password, self.password, setter)

That happens because the algorithm ends up being ''

comment:3 Changed 23 months ago by claudep

  • Triage Stage changed from Unreviewed to Accepted

This should be fixed if current patch of #18182 is committed, however let this one open until then.

comment:4 Changed 20 months ago by Claude Paroz <claude@…>

  • Resolution set to fixed
  • Status changed from new to closed

In 703c266682be39f7153498ad0d8031231f12ee79:

Fixed #18182 -- Made is_usable_password check if hashing algorithm is correct

The display of the ReadOnlyPasswordHashWidget has also been improved to
distinguish empty/unusable password from erroneous password.
Fixed #18453 also.
Thanks danielr and Leo for the reports and Moritz Sichert for the
initial patch.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.