mirror of
				https://github.com/django/django.git
				synced 2025-10-25 22:56:12 +00:00 
			
		
		
		
	Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in encode() methods of remaining password hashers.
This commit is contained in:
		
				
					committed by
					
						 Mariusz Felisiak
						Mariusz Felisiak
					
				
			
			
				
	
			
			
			
						parent
						
							e75a3a770e
						
					
				
				
					commit
					a7f27fca52
				
			| @@ -689,7 +689,8 @@ class UnsaltedSHA1PasswordHasher(BasePasswordHasher): | |||||||
|         return '' |         return '' | ||||||
|  |  | ||||||
|     def encode(self, password, salt): |     def encode(self, password, salt): | ||||||
|         assert salt == '' |         if salt != '': | ||||||
|  |             raise ValueError('salt must be empty.') | ||||||
|         hash = hashlib.sha1(password.encode()).hexdigest() |         hash = hashlib.sha1(password.encode()).hexdigest() | ||||||
|         return 'sha1$$%s' % hash |         return 'sha1$$%s' % hash | ||||||
|  |  | ||||||
| @@ -733,7 +734,8 @@ class UnsaltedMD5PasswordHasher(BasePasswordHasher): | |||||||
|         return '' |         return '' | ||||||
|  |  | ||||||
|     def encode(self, password, salt): |     def encode(self, password, salt): | ||||||
|         assert salt == '' |         if salt != '': | ||||||
|  |             raise ValueError('salt must be empty.') | ||||||
|         return hashlib.md5(password.encode()).hexdigest() |         return hashlib.md5(password.encode()).hexdigest() | ||||||
|  |  | ||||||
|     def decode(self, encoded): |     def decode(self, encoded): | ||||||
| @@ -774,9 +776,11 @@ class CryptPasswordHasher(BasePasswordHasher): | |||||||
|  |  | ||||||
|     def encode(self, password, salt): |     def encode(self, password, salt): | ||||||
|         crypt = self._load_library() |         crypt = self._load_library() | ||||||
|         assert len(salt) == 2 |         if len(salt) != 2: | ||||||
|  |             raise ValueError('salt must be of length 2.') | ||||||
|         hash = crypt.crypt(password, salt) |         hash = crypt.crypt(password, salt) | ||||||
|         assert hash is not None  # A platform like OpenBSD with a dummy crypt module. |         if hash is None:  # A platform like OpenBSD with a dummy crypt module. | ||||||
|  |             raise TypeError('hash must be provided.') | ||||||
|         # we don't need to store the salt, but Django used to do this |         # we don't need to store the salt, but Django used to do this | ||||||
|         return '%s$%s$%s' % (self.algorithm, '', hash) |         return '%s$%s$%s' % (self.algorithm, '', hash) | ||||||
|  |  | ||||||
|   | |||||||
| @@ -143,6 +143,13 @@ class TestUtilsHashPass(SimpleTestCase): | |||||||
|         self.assertTrue(check_password('', blank_encoded)) |         self.assertTrue(check_password('', blank_encoded)) | ||||||
|         self.assertFalse(check_password(' ', blank_encoded)) |         self.assertFalse(check_password(' ', blank_encoded)) | ||||||
|  |  | ||||||
|  |     @override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.UnsaltedMD5PasswordHasher']) | ||||||
|  |     def test_unsalted_md5_encode_invalid_salt(self): | ||||||
|  |         hasher = get_hasher('unsalted_md5') | ||||||
|  |         msg = 'salt must be empty.' | ||||||
|  |         with self.assertRaisesMessage(ValueError, msg): | ||||||
|  |             hasher.encode('password', salt='salt') | ||||||
|  |  | ||||||
|     @override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher']) |     @override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher']) | ||||||
|     def test_unsalted_sha1(self): |     def test_unsalted_sha1(self): | ||||||
|         encoded = make_password('lètmein', '', 'unsalted_sha1') |         encoded = make_password('lètmein', '', 'unsalted_sha1') | ||||||
| @@ -161,6 +168,13 @@ class TestUtilsHashPass(SimpleTestCase): | |||||||
|         self.assertTrue(check_password('', blank_encoded)) |         self.assertTrue(check_password('', blank_encoded)) | ||||||
|         self.assertFalse(check_password(' ', blank_encoded)) |         self.assertFalse(check_password(' ', blank_encoded)) | ||||||
|  |  | ||||||
|  |     @override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher']) | ||||||
|  |     def test_unsalted_sha1_encode_invalid_salt(self): | ||||||
|  |         hasher = get_hasher('unsalted_sha1') | ||||||
|  |         msg = 'salt must be empty.' | ||||||
|  |         with self.assertRaisesMessage(ValueError, msg): | ||||||
|  |             hasher.encode('password', salt='salt') | ||||||
|  |  | ||||||
|     @skipUnless(crypt, "no crypt module to generate password.") |     @skipUnless(crypt, "no crypt module to generate password.") | ||||||
|     @override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.CryptPasswordHasher']) |     @override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.CryptPasswordHasher']) | ||||||
|     def test_crypt(self): |     def test_crypt(self): | ||||||
| @@ -177,6 +191,23 @@ class TestUtilsHashPass(SimpleTestCase): | |||||||
|         self.assertTrue(check_password('', blank_encoded)) |         self.assertTrue(check_password('', blank_encoded)) | ||||||
|         self.assertFalse(check_password(' ', blank_encoded)) |         self.assertFalse(check_password(' ', blank_encoded)) | ||||||
|  |  | ||||||
|  |     @skipUnless(crypt, 'no crypt module to generate password.') | ||||||
|  |     @override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.CryptPasswordHasher']) | ||||||
|  |     def test_crypt_encode_invalid_salt(self): | ||||||
|  |         hasher = get_hasher('crypt') | ||||||
|  |         msg = 'salt must be of length 2.' | ||||||
|  |         with self.assertRaisesMessage(ValueError, msg): | ||||||
|  |             hasher.encode('password', salt='a') | ||||||
|  |  | ||||||
|  |     @skipUnless(crypt, 'no crypt module to generate password.') | ||||||
|  |     @override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.CryptPasswordHasher']) | ||||||
|  |     def test_crypt_encode_invalid_hash(self): | ||||||
|  |         hasher = get_hasher('crypt') | ||||||
|  |         msg = 'hash must be provided.' | ||||||
|  |         with mock.patch('crypt.crypt', return_value=None): | ||||||
|  |             with self.assertRaisesMessage(TypeError, msg): | ||||||
|  |                 hasher.encode('password', salt='ab') | ||||||
|  |  | ||||||
|     @skipUnless(bcrypt, "bcrypt not installed") |     @skipUnless(bcrypt, "bcrypt not installed") | ||||||
|     def test_bcrypt_sha256(self): |     def test_bcrypt_sha256(self): | ||||||
|         encoded = make_password('lètmein', hasher='bcrypt_sha256') |         encoded = make_password('lètmein', hasher='bcrypt_sha256') | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user