Change the password hashers when testing
|Reported by:||mjtamlyn||Owned by:||ashchristopher|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Disclaimer: I'm not completely sure this is a good idea as a default.
The default password hasher is very secure, and very slow to create passwords. This is never an issue in production, but in testing it is *amazingly* slow. Most of the time using the unsalted MD5 hasher as settings.PASSWORD_HASHERS has resulted in a six-fold increase in speed in my test suites. To be honest, I think we could use a "non-hashing" hasher in these cases.
I'd like to change the "default" to insert this new non-hashing hasher as settings.PASSWORD_HASHERS during setup_test_environment(). For anyone who does not know about this trick, their test suits will automatically speed up. Any tests expecting a certain hasher to have been used when creating would fail in a backwardsly incompatible manner. Any fixtures or similar with passwords created using another hasher would still be valid, but would then update to be the raw password on success. Of course, to validate these passwords the password text would need to be included in plain text in the test suite (See #20916 for an alternative solution to this issue).
Other comparable setting changes done in this way include: turning off translations, using the console email backend, removing allowed_hosts checking, turning debug off.
Am I mental, or is this a sensible optimisation?
Change History (10)
comment:1 Changed 23 months ago by tomchristie
- Cc tom@… added
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
comment:3 Changed 22 months ago by ashchristopher
- Owner changed from nobody to ashchristopher
- Status changed from new to assigned