Opened 4 hours ago

Last modified 43 minutes ago

#36226 new Bug

Only PBKDF2PasswordHasher supports str and bytes password

Reported by: Jason Held Owned by:
Component: contrib.auth Version: 5.1
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The other password hashers in their encode method all at some point call .encode on their password in some way. Thus, the other hasher classes, in the django source code, do not support the API and docstring of make_password.
This seems pretty easy to fix on the whole and I'd be happy to make a PR for it.

Change History (1)

comment:1 by Sarah Boyce, 43 minutes ago

Triage Stage: UnreviewedAccepted

Replicated thank you! PRs welcome

  • tests/auth_tests/test_hashers.py

    a b class TestUtilsHashPass(SimpleTestCase):  
    520520                    with self.assertRaisesMessage(ValueError, msg):
    521521                        hasher.encode("password", salt)
    522522
     523    def test_password_bytes(self):
     524        hasher_classes = [
     525            MD5PasswordHasher,
     526            PBKDF2PasswordHasher,
     527            PBKDF2SHA1PasswordHasher,
     528            ScryptPasswordHasher,
     529        ]
     530        for hasher_class in hasher_classes:
     531            hasher = hasher_class()
     532            with self.subTest(hasher_class.__name__):
     533                encoded = hasher.encode(b"password", hasher.salt())
     534                self.assertTrue(hasher.verify(b"password", encoded))
     535
    523536    def test_encode_password_required(self):
    524537        hasher_classes = [
    525538            MD5PasswordHasher,
Note: See TracTickets for help on using tickets.
Back to Top