mirror of
https://github.com/django/django.git
synced 2025-10-24 06:06:09 +00:00
Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher.
This commit is contained in:
@@ -17,6 +17,7 @@ from django.utils.crypto import (
|
|||||||
md5,
|
md5,
|
||||||
pbkdf2,
|
pbkdf2,
|
||||||
)
|
)
|
||||||
|
from django.utils.deprecation import RemovedInDjango50Warning
|
||||||
from django.utils.module_loading import import_string
|
from django.utils.module_loading import import_string
|
||||||
from django.utils.translation import gettext_noop as _
|
from django.utils.translation import gettext_noop as _
|
||||||
|
|
||||||
@@ -797,6 +798,7 @@ class UnsaltedMD5PasswordHasher(BasePasswordHasher):
|
|||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
# RemovedInDjango50Warning.
|
||||||
class CryptPasswordHasher(BasePasswordHasher):
|
class CryptPasswordHasher(BasePasswordHasher):
|
||||||
"""
|
"""
|
||||||
Password hashing using UNIX crypt (not recommended)
|
Password hashing using UNIX crypt (not recommended)
|
||||||
@@ -807,6 +809,14 @@ class CryptPasswordHasher(BasePasswordHasher):
|
|||||||
algorithm = "crypt"
|
algorithm = "crypt"
|
||||||
library = "crypt"
|
library = "crypt"
|
||||||
|
|
||||||
|
def __init__(self, *args, **kwargs):
|
||||||
|
warnings.warn(
|
||||||
|
"django.contrib.auth.hashers.CryptPasswordHasher is deprecated.",
|
||||||
|
RemovedInDjango50Warning,
|
||||||
|
stacklevel=2,
|
||||||
|
)
|
||||||
|
super().__init__(*args, **kwargs)
|
||||||
|
|
||||||
def salt(self):
|
def salt(self):
|
||||||
return get_random_string(2)
|
return get_random_string(2)
|
||||||
|
|
||||||
|
@@ -103,6 +103,8 @@ details on these changes.
|
|||||||
|
|
||||||
* The ``django.contrib.gis.admin.OpenLayersWidget`` will be removed.
|
* The ``django.contrib.gis.admin.OpenLayersWidget`` will be removed.
|
||||||
|
|
||||||
|
* The ``django.contrib.auth.hashers.CryptPasswordHasher`` will be removed.
|
||||||
|
|
||||||
.. _deprecation-removed-in-4.1:
|
.. _deprecation-removed-in-4.1:
|
||||||
|
|
||||||
4.1
|
4.1
|
||||||
|
@@ -683,6 +683,8 @@ Miscellaneous
|
|||||||
|
|
||||||
* The undocumented ``django.contrib.gis.admin.OpenLayersWidget`` is deprecated.
|
* The undocumented ``django.contrib.gis.admin.OpenLayersWidget`` is deprecated.
|
||||||
|
|
||||||
|
* ``django.contrib.auth.hashers.CryptPasswordHasher`` is deprecated.
|
||||||
|
|
||||||
Features removed in 4.1
|
Features removed in 4.1
|
||||||
=======================
|
=======================
|
||||||
|
|
||||||
|
@@ -439,7 +439,6 @@ The full list of hashers included in Django is::
|
|||||||
'django.contrib.auth.hashers.MD5PasswordHasher',
|
'django.contrib.auth.hashers.MD5PasswordHasher',
|
||||||
'django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher',
|
'django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher',
|
||||||
'django.contrib.auth.hashers.UnsaltedMD5PasswordHasher',
|
'django.contrib.auth.hashers.UnsaltedMD5PasswordHasher',
|
||||||
'django.contrib.auth.hashers.CryptPasswordHasher',
|
|
||||||
]
|
]
|
||||||
|
|
||||||
The corresponding algorithm names are:
|
The corresponding algorithm names are:
|
||||||
@@ -454,7 +453,6 @@ The corresponding algorithm names are:
|
|||||||
* ``md5``
|
* ``md5``
|
||||||
* ``unsalted_sha1``
|
* ``unsalted_sha1``
|
||||||
* ``unsalted_md5``
|
* ``unsalted_md5``
|
||||||
* ``crypt``
|
|
||||||
|
|
||||||
.. _write-your-own-password-hasher:
|
.. _write-your-own-password-hasher:
|
||||||
|
|
||||||
|
@@ -18,9 +18,11 @@ from django.contrib.auth.hashers import (
|
|||||||
is_password_usable,
|
is_password_usable,
|
||||||
make_password,
|
make_password,
|
||||||
)
|
)
|
||||||
from django.test import SimpleTestCase
|
from django.test import SimpleTestCase, ignore_warnings
|
||||||
from django.test.utils import override_settings
|
from django.test.utils import override_settings
|
||||||
|
from django.utils.deprecation import RemovedInDjango50Warning
|
||||||
|
|
||||||
|
# RemovedInDjango50Warning.
|
||||||
try:
|
try:
|
||||||
import crypt
|
import crypt
|
||||||
except ImportError:
|
except ImportError:
|
||||||
@@ -201,6 +203,7 @@ class TestUtilsHashPass(SimpleTestCase):
|
|||||||
with self.assertRaisesMessage(ValueError, msg):
|
with self.assertRaisesMessage(ValueError, msg):
|
||||||
hasher.encode("password", salt="salt")
|
hasher.encode("password", salt="salt")
|
||||||
|
|
||||||
|
@ignore_warnings(category=RemovedInDjango50Warning)
|
||||||
@skipUnless(crypt, "no crypt module to generate password.")
|
@skipUnless(crypt, "no crypt module to generate password.")
|
||||||
@override_settings(
|
@override_settings(
|
||||||
PASSWORD_HASHERS=["django.contrib.auth.hashers.CryptPasswordHasher"]
|
PASSWORD_HASHERS=["django.contrib.auth.hashers.CryptPasswordHasher"]
|
||||||
@@ -219,6 +222,7 @@ class TestUtilsHashPass(SimpleTestCase):
|
|||||||
self.assertTrue(check_password("", blank_encoded))
|
self.assertTrue(check_password("", blank_encoded))
|
||||||
self.assertFalse(check_password(" ", blank_encoded))
|
self.assertFalse(check_password(" ", blank_encoded))
|
||||||
|
|
||||||
|
@ignore_warnings(category=RemovedInDjango50Warning)
|
||||||
@skipUnless(crypt, "no crypt module to generate password.")
|
@skipUnless(crypt, "no crypt module to generate password.")
|
||||||
@override_settings(
|
@override_settings(
|
||||||
PASSWORD_HASHERS=["django.contrib.auth.hashers.CryptPasswordHasher"]
|
PASSWORD_HASHERS=["django.contrib.auth.hashers.CryptPasswordHasher"]
|
||||||
@@ -229,6 +233,7 @@ class TestUtilsHashPass(SimpleTestCase):
|
|||||||
with self.assertRaisesMessage(ValueError, msg):
|
with self.assertRaisesMessage(ValueError, msg):
|
||||||
hasher.encode("password", salt="a")
|
hasher.encode("password", salt="a")
|
||||||
|
|
||||||
|
@ignore_warnings(category=RemovedInDjango50Warning)
|
||||||
@skipUnless(crypt, "no crypt module to generate password.")
|
@skipUnless(crypt, "no crypt module to generate password.")
|
||||||
@override_settings(
|
@override_settings(
|
||||||
PASSWORD_HASHERS=["django.contrib.auth.hashers.CryptPasswordHasher"]
|
PASSWORD_HASHERS=["django.contrib.auth.hashers.CryptPasswordHasher"]
|
||||||
@@ -240,6 +245,15 @@ class TestUtilsHashPass(SimpleTestCase):
|
|||||||
with self.assertRaisesMessage(TypeError, msg):
|
with self.assertRaisesMessage(TypeError, msg):
|
||||||
hasher.encode("password", salt="ab")
|
hasher.encode("password", salt="ab")
|
||||||
|
|
||||||
|
@skipUnless(crypt, "no crypt module to generate password.")
|
||||||
|
@override_settings(
|
||||||
|
PASSWORD_HASHERS=["django.contrib.auth.hashers.CryptPasswordHasher"]
|
||||||
|
)
|
||||||
|
def test_crypt_deprecation_warning(self):
|
||||||
|
msg = "django.contrib.auth.hashers.CryptPasswordHasher is deprecated."
|
||||||
|
with self.assertRaisesMessage(RemovedInDjango50Warning, msg):
|
||||||
|
get_hasher("crypt")
|
||||||
|
|
||||||
@skipUnless(bcrypt, "bcrypt not installed")
|
@skipUnless(bcrypt, "bcrypt not installed")
|
||||||
def test_bcrypt_sha256(self):
|
def test_bcrypt_sha256(self):
|
||||||
encoded = make_password("lètmein", hasher="bcrypt_sha256")
|
encoded = make_password("lètmein", hasher="bcrypt_sha256")
|
||||||
|
Reference in New Issue
Block a user