1
0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Commit Graph

65 Commits

Author SHA1 Message Date
Natalia
e1606d27b4 Added test for acheck_password() to ensure make_password is called for unusable passwords.
This is a follow up for the fix of CVE-2024-39329
(5d86458579) where the timing of
verify_password() was standardized when checking unusable passwords.
2024-08-08 12:53:36 -03:00
Michael Manfre
5d86458579 Fixed CVE-2024-39329 -- Standarized timing of verify_password() when checking unusuable passwords.
Refs #20760.

Thanks Michael Manfre for the fix and to Adam Johnson for the review.
2024-07-09 09:21:19 -03:00
Natalia
04a208d7f1 Increased the default PBKDF2 iterations for Django 5.2. 2024-05-22 15:44:07 -03:00
SaJH
8f205acea9 Fixed #35428 -- Increased parallelism of the ScryptPasswordHasher. 2024-05-17 17:13:58 +02:00
Mariusz Felisiak
305757aec1 Applied Black's 2024 stable style.
https://github.com/psf/black/releases/tag/24.1.0
2024-01-26 12:45:07 +01:00
Mariusz Felisiak
0e560edf32 Increased the default PBKDF2 iterations for Django 5.1. 2023-09-18 22:12:40 +02:00
Mariusz Felisiak
6e4e5523a8 Refs #33691 -- Removed insecure password hashers per deprecation timeline. 2023-09-18 22:12:40 +02:00
HappyDingning
674c23999c Fixed #34565 -- Added support for async checking of user passwords. 2023-05-18 09:39:04 +02:00
Liyang Zhang
f9f9215d3e Fixed some typos in comments, docstrings, and tests. 2023-03-20 08:07:23 +01:00
Mariusz Felisiak
5e9aded33f Increased the default PBKDF2 iterations for Django 5.0.
Follow up to 9a1848f48c.
2023-02-04 13:37:44 +01:00
Mariusz Felisiak
4fc711a108 Increased the default PBKDF2 iterations for Django 5.0. 2023-01-17 11:49:15 +01:00
Mariusz Felisiak
b5ac6e78f8 Refs #33691 -- Removed django.contrib.auth.hashers.CryptPasswordHasher per deprecation timeline. 2023-01-17 11:49:15 +01:00
HieuPham9720
3e928de8ad Skipped scrypt tests when OpenSSL 1.1+ is not installed. 2022-10-20 18:50:48 -07:00
Claude Paroz
3b79dab19a Refs #33691 -- Deprecated insecure password hashers.
SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher
are now deprecated.
2022-07-23 21:29:31 +02:00
Carlton Gibson
3c6f1fd1f8 Increased the default PBKDF2 iterations for Django 4.2. 2022-05-17 14:22:06 +02:00
Mariusz Felisiak
02dbf1667c Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher. 2022-05-11 09:13:45 +02:00
Mariusz Felisiak
7119f40c98 Refs #33476 -- Refactored code to strictly match 88 characters line length. 2022-02-07 20:37:05 +01:00
django-bot
9c19aff7c7 Refs #33476 -- Reformatted code with Black. 2022-02-07 20:37:05 +01:00
Mariusz Felisiak
32b7ffc2bb Increased the default PBKDF2 iterations for Django 4.1. 2021-09-20 21:23:01 +02:00
Mateo Radman
a7f27fca52 Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in encode() methods of remaining password hashers. 2021-09-06 07:47:53 +02:00
ryowright
1783b3cb24 Fixed #32275 -- Added scrypt password hasher.
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-22 12:40:33 +02:00
Mariusz Felisiak
83022d279c Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in encode() methods of some password hashers. 2021-07-22 09:42:07 +02:00
Mariusz Felisiak
a948d9df39 Increased the default PBKDF2 iterations for Django 4.0. 2021-01-14 17:50:04 +01:00
Jon Moroney
76ae6ccf85 Fixed #31358 -- Increased salt entropy of password hashers.
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
2021-01-14 11:20:28 +01:00
Jon Moroney
6bd206e1ff Refs #31358 -- Added bcrypt password hashers tests for must_update() with salt(). 2021-01-14 11:20:28 +01:00
Florian Apolloner
c76d51b3ad Refs #31358 -- Fixed decoding salt in Argon2PasswordHasher.
Argon2 encodes the salt as base64 for representation in the final hash
output. To be able to accurately return the used salt from decode(),
add padding, b64decode, and decode from latin1 (for the remote
possibility that someone supplied a custom hash consisting solely of
bytes -- this would require a manual construction of the hash though,
Django's interface does not allow for that).
2020-12-28 11:02:08 +01:00
Jon Moroney
136ec9b62b Refs #31358 -- Added decode() to password hashers.
By convention a hasher which does not use a salt should populate the
decode dict with `None` rather than omit the dict key.

Co-Authored-By: Florian Apolloner <apollo13@users.noreply.github.com>
2020-06-23 08:36:59 +02:00
Florian Apolloner
1621f06051 Fixed #30472 -- Made Argon2PasswordHasher use Argon2id. 2020-06-17 08:10:41 +02:00
Florian Apolloner
ee49cf4f35 Added test for old Argon2i hashes with version attribute. 2020-06-17 08:10:41 +02:00
Mariusz Felisiak
f2187a227f Increased the default PBKDF2 iterations for Django 3.2. 2020-05-13 09:07:51 +02:00
Hasan Ramezani
8aa71f4e87 Fixed #31375 -- Made contrib.auth.hashers.make_password() accept only bytes or strings. 2020-03-31 10:52:56 +02:00
Hasan Ramezani
b3ab92cc5a Refs #31375 -- Added test for contrib.auth.hashers.make_password() bytes support. 2020-03-31 10:49:39 +02:00
Hasan Ramezani
579f33eb79 Replaced assertWarns() with SimpleTestCase.assertWarnsMessage() in tests. 2020-01-30 11:19:50 +01:00
Mariusz Felisiak
1960d55f8b Refs #31040 -- Fixed crypt.crypt() call in test_hashers.py.
An empty string is invalid salt in Python 3 and raises exception since
Python 3.9, see https://bugs.python.org/issue38402.
2020-01-03 07:47:04 +01:00
Carlton Gibson
b5db65c4fb Increased the default PBKDF2 iterations for Django 3.1. 2019-09-12 17:24:01 +02:00
Tim Graham
06670015f7 Increased the default PBKDF2 iterations for Django 3.0. 2019-01-17 11:15:27 -05:00
Tim Graham
9792af3648 Increased the default PBKDF2 iterations for Django 2.2. 2018-05-17 11:05:45 -04:00
Tim Graham
cae0107287 Increased the default PBKDF2 iterations for Django 2.1. 2018-05-13 20:06:20 -04:00
Tim Graham
a4f0e9aec7 Fixed #28718 -- Allowed user to request a password reset if their password doesn't use an enabled hasher.
Regression in aeb1389442.
Reverted changes to is_password_usable() from
703c266682 and documentation changes from
92f48680db.
2018-03-22 10:03:43 -04:00
Tim Graham
5b589a47b9 Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS. 2018-02-26 09:05:18 -05:00
Tim Graham
fa75b2cb51 Refs #27795 -- Removed force_bytes/text() usage in tests. 2018-02-07 14:20:04 -05:00
Mads Jensen
3e72f4b7b6 Completed test coverage for BasePasswordHasher. 2017-09-29 09:28:25 -04:00
Mads Jensen
776f6902d9 Moved BasePasswordHasher tests to its own test case. 2017-09-29 09:28:24 -04:00
Bruno Alla
6092ea8fa6 Refs #27804 -- Used subTest() in several tests. 2017-05-24 08:36:34 -04:00
Tim Graham
1c466994d9 Refs #23919 -- Removed misc Python 2/3 references. 2017-01-25 13:59:25 -05:00
Tim Graham
7aba69145d Refs #23919 -- Removed django.test.mock Python 2 compatibility shim. 2017-01-20 08:17:20 -05:00
Tim Graham
109b33f64c Refs #23919 -- Simplified assertRaisesRegex()'s that accounted for Python 2. 2017-01-20 08:49:47 +01:00
Simon Charette
9695b14982 Refs #23919 -- Removed str() conversion of type and method __name__. 2017-01-19 11:31:07 -05:00
Claude Paroz
d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Tim Graham
0bf3228eec Increased the default PBKDF2 iterations for the 1.11 release cycle. 2017-01-17 20:52:05 -05:00