Code

Opened 6 years ago

Closed 2 years ago

#6858 closed New feature (fixed)

Migrate legacy md5 password support out of the User model

Reported by: ubernostrum Owned by: nobody
Component: contrib.auth Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: yes
Needs tests: yes Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

As proposed on the developers' list, I'd like to remove the checks in django.contrib.auth.models.User.check_password() for dealing with legacy unsalted md5 passwords (which were the default before the 0.91 release). Attached is a patch which removes this, and moves the transparent "password upgrade" functionality into an auth backend for legacy support, which can be used by sites that need to worry about this.

Attachments (1)

legacy_auth.diff (2.9 KB) - added by ubernostrum 6 years ago.

Download all attachments as: .zip

Change History (7)

Changed 6 years ago by ubernostrum

comment:1 Changed 6 years ago by ubernostrum

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Design decision needed

comment:2 Changed 6 years ago by ubernostrum

  • Needs documentation set
  • Needs tests set

comment:3 Changed 3 years ago by gabrielhurley

  • Component changed from Contrib apps to contrib.auth

comment:4 Changed 3 years ago by julien

  • Severity set to Normal
  • Type set to New feature

comment:5 Changed 3 years ago by SmileyChris

  • Easy pickings unset
  • Triage Stage changed from Design decision needed to Accepted

Sure, feel free to update this for current trunk and provide tests & docs.

comment:6 Changed 2 years ago by aaugustin

  • Resolution set to fixed
  • Status changed from new to closed
  • UI/UX unset

New password hashing features were introduced at r17253 and r17254.

The offending code was removed by the first of these commits.

I don't think upgrading from Django <0.91 is still a concern today.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.