From fa4bbfcbfb4f693955f653bd06f384dd786e3c93 Mon Sep 17 00:00:00 2001
From: Luke Plant <L.Plant.98@cantab.net>
Date: Wed, 30 Mar 2011 17:34:49 +0000
Subject: [PATCH] Removed Django 1.2 compatibility fallback for form wizard
 hash

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15951 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 django/contrib/formtools/tests/__init__.py | 39 +---------------------
 django/contrib/formtools/tests/urls.py     |  3 --
 django/contrib/formtools/wizard.py         | 21 ++----------
 3 files changed, 3 insertions(+), 60 deletions(-)

diff --git a/django/contrib/formtools/tests/__init__.py b/django/contrib/formtools/tests/__init__.py
index cc38546866..a4324903bc 100644
--- a/django/contrib/formtools/tests/__init__.py
+++ b/django/contrib/formtools/tests/__init__.py
@@ -249,14 +249,6 @@ class WizardClass(wizard.FormWizard):
         return http.HttpResponse(success_string)
 
 
-class UserSecuredWizardClass(WizardClass):
-    """
-    Wizard with a custum security_hash method
-    """
-    def security_hash(self, request, form):
-        return "123"
-
-
 class DummyRequest(http.HttpRequest):
 
     def __init__(self, POST=None):
@@ -310,36 +302,7 @@ class WizardTests(TestCase):
                                      "wizard_step": "1"})
         self.assertEqual(0, response.context['step0'])
 
-    def test_good_hash_django12(self):
-        """
-        Form should advance if the hash is present and good, as calculated using
-        django 1.2 method.
-        """
-        # We are hard-coding a hash value here, but that is OK, since we want to
-        # ensure that we don't accidentally change the algorithm.
-        data = {"0-field": "test",
-                "1-field": "test2",
-                "hash_0": "2fdbefd4c0cad51509478fbacddf8b13",
-                "wizard_step": "1"}
-        response = self.client.post('/wizard/', data)
-        self.assertEqual(2, response.context['step0'])
-
-    def test_good_hash_django12_subclass(self):
-        """
-        The Django 1.2 method of calulating hashes should *not* be used as a
-        fallback if the FormWizard subclass has provided their own method
-        of calculating a hash.
-        """
-        # We are hard-coding a hash value here, but that is OK, since we want to
-        # ensure that we don't accidentally change the algorithm.
-        data = {"0-field": "test",
-                "1-field": "test2",
-                "hash_0": "2fdbefd4c0cad51509478fbacddf8b13",
-                "wizard_step": "1"}
-        response = self.client.post('/wizard2/', data)
-        self.assertEqual(0, response.context['step0'])
-
-    def test_good_hash_current(self):
+    def test_good_hash(self):
         """
         Form should advance if the hash is present and good, as calculated using
         current method.
diff --git a/django/contrib/formtools/tests/urls.py b/django/contrib/formtools/tests/urls.py
index b89b6e6ed1..45888f99b6 100644
--- a/django/contrib/formtools/tests/urls.py
+++ b/django/contrib/formtools/tests/urls.py
@@ -11,7 +11,4 @@ urlpatterns = patterns('',
                        (r'^wizard/$', WizardClass([WizardPageOneForm,
                                                    WizardPageTwoForm,
                                                    WizardPageThreeForm])),
-                       (r'^wizard2/$', UserSecuredWizardClass([WizardPageOneForm,
-                                                               WizardPageTwoForm,
-                                                               WizardPageThreeForm]))
                       )
diff --git a/django/contrib/formtools/wizard.py b/django/contrib/formtools/wizard.py
index d581f0df83..af6f97bf45 100644
--- a/django/contrib/formtools/wizard.py
+++ b/django/contrib/formtools/wizard.py
@@ -11,7 +11,7 @@ except ImportError:
 
 from django import forms
 from django.conf import settings
-from django.contrib.formtools.utils import security_hash, form_hmac
+from django.contrib.formtools.utils import form_hmac
 from django.http import Http404
 from django.shortcuts import render_to_response
 from django.template.context import RequestContext
@@ -58,24 +58,7 @@ class FormWizard(object):
 
     def _check_security_hash(self, token, request, form):
         expected = self.security_hash(request, form)
-        if constant_time_compare(token, expected):
-            return True
-        else:
-            # Fall back to Django 1.2 method, for compatibility with forms that
-            # are in the middle of being used when the upgrade occurs. However,
-            # we don't want to do this fallback if a subclass has provided their
-            # own security_hash method - because they might have implemented a
-            # more secure method, and this would punch a hole in that.
-
-            # PendingDeprecationWarning <- left here to remind us that this
-            # compatibility fallback should be removed in Django 1.5
-            FormWizard_expected = FormWizard.security_hash(self, request, form)
-            if expected == FormWizard_expected:
-                # They didn't override security_hash, do the fallback:
-                old_expected = security_hash(request, form)
-                return constant_time_compare(token, old_expected)
-            else:
-                return False
+        return constant_time_compare(token, expected)
 
     @method_decorator(csrf_protect)
     def __call__(self, request, *args, **kwargs):