Opened 3 days ago

Last modified 12 hours ago

#36226 assigned Bug

Only PBKDF2PasswordHasher supports str and bytes password

Reported by: Jason Held Owned by: Screamadelica
Component: contrib.auth Version: 5.1
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no
Pull Requests:19231 build:success, 19230 unmerged, 19229 unmerged

Description

The other password hashers in their encode method all at some point call .encode on their password in some way. Thus, the other hasher classes, in the django source code, do not support the API and docstring of make_password.
This seems pretty easy to fix on the whole and I'd be happy to make a PR for it.

According to the ticket's flags, the next step(s) to move this issue forward are:

  • For anyone except the patch author to review the patch using the patch review checklist and either mark the ticket as "Ready for checkin" if everything looks good, or leave comments for improvement and mark the ticket as "Patch needs improvement".

Change History (6)

comment:1 by Sarah Boyce, 3 days ago

Triage Stage: UnreviewedAccepted

Replicated thank you! PRs welcome

  • TabularUnified tests/auth_tests/test_hashers.py

    a b class TestUtilsHashPass(SimpleTestCase):  
    520520                    with self.assertRaisesMessage(ValueError, msg):
    521521                        hasher.encode("password", salt)
    522522
     523    def test_password_bytes(self):
     524        hasher_classes = [
     525            MD5PasswordHasher,
     526            PBKDF2PasswordHasher,
     527            PBKDF2SHA1PasswordHasher,
     528            ScryptPasswordHasher,
     529        ]
     530        for hasher_class in hasher_classes:
     531            hasher = hasher_class()
     532            with self.subTest(hasher_class.__name__):
     533                encoded = hasher.encode(b"password", hasher.salt())
     534                self.assertTrue(hasher.verify(b"password", encoded))
     535
    523536    def test_encode_password_required(self):
    524537        hasher_classes = [
    525538            MD5PasswordHasher,

comment:2 by Screamadelica, 32 hours ago

Owner: set to Screamadelica
Status: newassigned

Hi, I'm new to this community and find this a decent good first issue. I will try to fix this bug :)

comment:3 by Antoliny, 14 hours ago

Has patch: set

comment:4 by Screamadelica, 14 hours ago

Just finished a pr and all checks have passed.
https://github.com/django/django/pull/19231

in reply to:  4 ; comment:5 by Antoliny, 13 hours ago

Replying to Screamadelica:

Just finished a pr and all checks have passed.
https://github.com/django/django/pull/19231

It looks like you've submitted a PR, so I’ve set the "has patch" flag. Now, all that’s left is to wait for reviews from the fellows :)

in reply to:  5 comment:6 by Screamadelica, 12 hours ago

Replying to Antoliny:

Replying to Screamadelica:

Just finished a pr and all checks have passed.
https://github.com/django/django/pull/19231

It looks like you've submitted a PR, so I’ve set the "has patch" flag. Now, all that’s left is to wait for reviews from the fellows :)

Thanks a lot, I will remember to change the flag after submitting PR later :)

Note: See TracTickets for help on using tickets.
Back to Top