mirror of
				https://github.com/django/django.git
				synced 2025-10-24 22:26:08 +00:00 
			
		
		
		
	Refs #26033 -- Added password hasher support for Argon2 v1.3.
The previous version of Argon2 uses encoded hashes of the form: $argon2d$m=8,t=1,p=1$<salt>$<data> The new version of Argon2 adds its version into the hash: $argon2d$v=19$m=8,t=1,p=1$<salt>$<data> This lets Django handle both version properly.
This commit is contained in:
		
				
					committed by
					
						 Tim Graham
						Tim Graham
					
				
			
			
				
	
			
			
			
						parent
						
							1ba0b22a7a
						
					
				
				
					commit
					a5033dbc58
				
			| @@ -457,12 +457,44 @@ class TestUtilsHashPassArgon2(SimpleTestCase): | ||||
|         self.assertTrue(is_password_usable(blank_encoded)) | ||||
|         self.assertTrue(check_password('', blank_encoded)) | ||||
|         self.assertFalse(check_password(' ', blank_encoded)) | ||||
|         # Old hashes without version attribute | ||||
|         encoded = ( | ||||
|             'argon2$argon2i$m=8,t=1,p=1$c29tZXNhbHQ$gwQOXSNhxiOxPOA0+PY10P9QFO' | ||||
|             '4NAYysnqRt1GSQLE55m+2GYDt9FEjPMHhP2Cuf0nOEXXMocVrsJAtNSsKyfg' | ||||
|         ) | ||||
|         self.assertTrue(check_password('secret', encoded)) | ||||
|         self.assertFalse(check_password('wrong', encoded)) | ||||
|  | ||||
|     def test_argon2_upgrade(self): | ||||
|         self._test_argon2_upgrade('time_cost', 'time cost', 1) | ||||
|         self._test_argon2_upgrade('memory_cost', 'memory cost', 16) | ||||
|         self._test_argon2_upgrade('parallelism', 'parallelism', 1) | ||||
|  | ||||
|     def test_argon2_version_upgrade(self): | ||||
|         hasher = get_hasher('argon2') | ||||
|         state = {'upgraded': False} | ||||
|         encoded = ( | ||||
|             'argon2$argon2i$m=8,t=1,p=1$c29tZXNhbHQ$gwQOXSNhxiOxPOA0+PY10P9QFO' | ||||
|             '4NAYysnqRt1GSQLE55m+2GYDt9FEjPMHhP2Cuf0nOEXXMocVrsJAtNSsKyfg' | ||||
|         ) | ||||
|  | ||||
|         def setter(password): | ||||
|             state['upgraded'] = True | ||||
|  | ||||
|         old_m = hasher.memory_cost | ||||
|         old_t = hasher.time_cost | ||||
|         old_p = hasher.parallelism | ||||
|         try: | ||||
|             hasher.memory_cost = 8 | ||||
|             hasher.time_cost = 1 | ||||
|             hasher.parallelism = 1 | ||||
|             self.assertTrue(check_password('secret', encoded, setter, 'argon2')) | ||||
|             self.assertTrue(state['upgraded']) | ||||
|         finally: | ||||
|             hasher.memory_cost = old_m | ||||
|             hasher.time_cost = old_t | ||||
|             hasher.parallelism = old_p | ||||
|  | ||||
|     def _test_argon2_upgrade(self, attr, summary_key, new_value): | ||||
|         hasher = get_hasher('argon2') | ||||
|         self.assertEqual('argon2', hasher.algorithm) | ||||
|   | ||||
| @@ -1,4 +1,4 @@ | ||||
| argon2-cffi == 16.0.0 | ||||
| argon2-cffi >= 16.1.0 | ||||
| bcrypt | ||||
| docutils | ||||
| geoip2 | ||||
|   | ||||
		Reference in New Issue
	
	Block a user