Change the password hashers when testing
|Reported by:||Marc Tamlyn||Owned by:||Ash Christopher|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Disclaimer: I'm not completely sure this is a good idea as a default.
The default password hasher is very secure, and very slow to create passwords. This is never an issue in production, but in testing it is *amazingly* slow. Most of the time using the unsalted MD5 hasher as
settings.PASSWORD_HASHERS has resulted in a six-fold increase in speed in my test suites. To be honest, I think we could use a "non-hashing" hasher in these cases.
I'd like to change the "default" to insert this new non-hashing hasher as
setup_test_environment(). For anyone who does not know about this trick, their test suits will automatically speed up. Any tests expecting a certain hasher to have been used when creating would fail in a backwardsly incompatible manner. Any fixtures or similar with passwords created using another hasher would still be valid, but would then update to be the raw password on success. Of course, to validate these passwords the password text would need to be included in plain text in the test suite (See #20916 for an alternative solution to this issue).
Other comparable setting changes done in this way include: turning off translations, using the console email backend, removing allowed_hosts checking, turning debug off.
Am I mental, or is this a sensible optimisation?
Change History (10)
comment:3 Changed 4 years ago by
|Owner:||changed from nobody to Ash Christopher|
|Status:||new → assigned|