django-bot 
							
						 
					 
					
						
						
							
						
						69a93a88ed 
					 
					
						
						
							
							Refs  #36500  -- Rewrapped long docstrings and block comments via a script.  
						
						... 
						
						
						
						Rewrapped long docstrings and block comments to 79 characters + newline
using script from https://github.com/medmunds/autofix-w505 . 
						
						
					 
					
						2025-07-23 20:17:55 -03:00 
						 
				 
			
				
					
						
							
							
								Roel Delos Reyes 
							
						 
					 
					
						
						
							
						
						78fac1b047 
					 
					
						
						
							
							Fixed   #36226  -- Accepted str or bytes for password and salt in password hashers.  
						
						... 
						
						
						
						Co-authored-by: Screamadelica <1621456391@sjtu.edu.cn > 
						
						
					 
					
						2025-07-22 12:15:10 +02:00 
						 
				 
			
				
					
						
							
							
								Sarah Boyce 
							
						 
					 
					
						
						
							
						
						37373d9ae9 
					 
					
						
						
							
							Increased the default PBKDF2 iterations for Django 6.0.  
						
						
						
						
					 
					
						2025-01-15 22:28:37 +01:00 
						 
				 
			
				
					
						
							
							
								Natalia 
							
						 
					 
					
						
						
							
						
						e1606d27b4 
					 
					
						
						
							
							Added test for acheck_password() to ensure make_password is called for unusable passwords.  
						
						... 
						
						
						
						This is a follow up for the fix of CVE-2024-39329
(5d86458579 
						
						
					 
					
						2024-08-08 12:53:36 -03:00 
						 
				 
			
				
					
						
							
							
								Michael Manfre 
							
						 
					 
					
						
						
							
						
						5d86458579 
					 
					
						
						
							
							Fixed CVE-2024-39329 -- Standarized timing of verify_password() when checking unusuable passwords.  
						
						... 
						
						
						
						Refs #20760 .
Thanks Michael Manfre for the fix and to Adam Johnson for the review. 
						
						
					 
					
						2024-07-09 09:21:19 -03:00 
						 
				 
			
				
					
						
							
							
								Natalia 
							
						 
					 
					
						
						
							
						
						04a208d7f1 
					 
					
						
						
							
							Increased the default PBKDF2 iterations for Django 5.2.  
						
						
						
						
					 
					
						2024-05-22 15:44:07 -03:00 
						 
				 
			
				
					
						
							
							
								SaJH 
							
						 
					 
					
						
						
							
						
						8f205acea9 
					 
					
						
						
							
							Fixed   #35428  -- Increased parallelism of the ScryptPasswordHasher.  
						
						
						
						
					 
					
						2024-05-17 17:13:58 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						305757aec1 
					 
					
						
						
							
							Applied Black's 2024 stable style.  
						
						... 
						
						
						
						https://github.com/psf/black/releases/tag/24.1.0  
					
						2024-01-26 12:45:07 +01:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						0e560edf32 
					 
					
						
						
							
							Increased the default PBKDF2 iterations for Django 5.1.  
						
						
						
						
					 
					
						2023-09-18 22:12:40 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						6e4e5523a8 
					 
					
						
						
							
							Refs  #33691  -- Removed insecure password hashers per deprecation timeline.  
						
						
						
						
					 
					
						2023-09-18 22:12:40 +02:00 
						 
				 
			
				
					
						
							
							
								HappyDingning 
							
						 
					 
					
						
						
							
						
						674c23999c 
					 
					
						
						
							
							Fixed   #34565  -- Added support for async checking of user passwords.  
						
						
						
						
					 
					
						2023-05-18 09:39:04 +02:00 
						 
				 
			
				
					
						
							
							
								Liyang Zhang 
							
						 
					 
					
						
						
							
						
						f9f9215d3e 
					 
					
						
						
							
							Fixed some typos in comments, docstrings, and tests.  
						
						
						
						
					 
					
						2023-03-20 08:07:23 +01:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						5e9aded33f 
					 
					
						
						
							
							Increased the default PBKDF2 iterations for Django 5.0.  
						
						... 
						
						
						
						Follow up to 9a1848f48c 
						
						
					 
					
						2023-02-04 13:37:44 +01:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						4fc711a108 
					 
					
						
						
							
							Increased the default PBKDF2 iterations for Django 5.0.  
						
						
						
						
					 
					
						2023-01-17 11:49:15 +01:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						b5ac6e78f8 
					 
					
						
						
							
							Refs  #33691  -- Removed django.contrib.auth.hashers.CryptPasswordHasher per deprecation timeline.  
						
						
						
						
					 
					
						2023-01-17 11:49:15 +01:00 
						 
				 
			
				
					
						
							
							
								HieuPham9720 
							
						 
					 
					
						
						
							
						
						3e928de8ad 
					 
					
						
						
							
							Skipped scrypt tests when OpenSSL 1.1+ is not installed.  
						
						
						
						
					 
					
						2022-10-20 18:50:48 -07:00 
						 
				 
			
				
					
						
							
							
								Claude Paroz 
							
						 
					 
					
						
						
							
						
						3b79dab19a 
					 
					
						
						
							
							Refs  #33691  -- Deprecated insecure password hashers.  
						
						... 
						
						
						
						SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher
are now deprecated. 
						
						
					 
					
						2022-07-23 21:29:31 +02:00 
						 
				 
			
				
					
						
							
							
								Carlton Gibson 
							
						 
					 
					
						
						
							
						
						3c6f1fd1f8 
					 
					
						
						
							
							Increased the default PBKDF2 iterations for Django 4.2.  
						
						
						
						
					 
					
						2022-05-17 14:22:06 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						02dbf1667c 
					 
					
						
						
							
							Fixed   #33691  -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher.  
						
						
						
						
					 
					
						2022-05-11 09:13:45 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						7119f40c98 
					 
					
						
						
							
							Refs  #33476  -- Refactored code to strictly match 88 characters line length.  
						
						
						
						
					 
					
						2022-02-07 20:37:05 +01:00 
						 
				 
			
				
					
						
							
							
								django-bot 
							
						 
					 
					
						
						
							
						
						9c19aff7c7 
					 
					
						
						
							
							Refs  #33476  -- Reformatted code with Black.  
						
						
						
						
					 
					
						2022-02-07 20:37:05 +01:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						32b7ffc2bb 
					 
					
						
						
							
							Increased the default PBKDF2 iterations for Django 4.1.  
						
						
						
						
					 
					
						2021-09-20 21:23:01 +02:00 
						 
				 
			
				
					
						
							
							
								Mateo Radman 
							
						 
					 
					
						
						
							
						
						a7f27fca52 
					 
					
						
						
							
							Refs  #32508  -- Raised TypeError/ValueError instead of using "assert" in encode() methods of remaining password hashers.  
						
						
						
						
					 
					
						2021-09-06 07:47:53 +02:00 
						 
				 
			
				
					
						
							
							
								ryowright 
							
						 
					 
					
						
						
							
						
						1783b3cb24 
					 
					
						
						
							
							Fixed   #32275  -- Added scrypt password hasher.  
						
						... 
						
						
						
						Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com > 
						
						
					 
					
						2021-07-22 12:40:33 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						83022d279c 
					 
					
						
						
							
							Refs  #32508  -- Raised TypeError/ValueError instead of using "assert" in encode() methods of some password hashers.  
						
						
						
						
					 
					
						2021-07-22 09:42:07 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						a948d9df39 
					 
					
						
						
							
							Increased the default PBKDF2 iterations for Django 4.0.  
						
						
						
						
					 
					
						2021-01-14 17:50:04 +01:00 
						 
				 
			
				
					
						
							
							
								Jon Moroney 
							
						 
					 
					
						
						
							
						
						76ae6ccf85 
					 
					
						
						
							
							Fixed   #31358  -- Increased salt entropy of password hashers.  
						
						... 
						
						
						
						Co-authored-by: Florian Apolloner <florian@apolloner.eu > 
						
						
					 
					
						2021-01-14 11:20:28 +01:00 
						 
				 
			
				
					
						
							
							
								Jon Moroney 
							
						 
					 
					
						
						
							
						
						6bd206e1ff 
					 
					
						
						
							
							Refs  #31358  -- Added bcrypt password hashers tests for must_update() with salt().  
						
						
						
						
					 
					
						2021-01-14 11:20:28 +01:00 
						 
				 
			
				
					
						
							
							
								Florian Apolloner 
							
						 
					 
					
						
						
							
						
						c76d51b3ad 
					 
					
						
						
							
							Refs  #31358  -- Fixed decoding salt in Argon2PasswordHasher.  
						
						... 
						
						
						
						Argon2 encodes the salt as base64 for representation in the final hash
output. To be able to accurately return the used salt from decode(),
add padding, b64decode, and decode from latin1 (for the remote
possibility that someone supplied a custom hash consisting solely of
bytes -- this would require a manual construction of the hash though,
Django's interface does not allow for that). 
						
						
					 
					
						2020-12-28 11:02:08 +01:00 
						 
				 
			
				
					
						
							
							
								Jon Moroney 
							
						 
					 
					
						
						
							
						
						136ec9b62b 
					 
					
						
						
							
							Refs  #31358  -- Added decode() to password hashers.  
						
						... 
						
						
						
						By convention a hasher which does not use a salt should populate the
decode dict with `None` rather than omit the dict key.
Co-Authored-By: Florian Apolloner <apollo13@users.noreply.github.com > 
						
						
					 
					
						2020-06-23 08:36:59 +02:00 
						 
				 
			
				
					
						
							
							
								Florian Apolloner 
							
						 
					 
					
						
						
							
						
						1621f06051 
					 
					
						
						
							
							Fixed   #30472  -- Made Argon2PasswordHasher use Argon2id.  
						
						
						
						
					 
					
						2020-06-17 08:10:41 +02:00 
						 
				 
			
				
					
						
							
							
								Florian Apolloner 
							
						 
					 
					
						
						
							
						
						ee49cf4f35 
					 
					
						
						
							
							Added test for old Argon2i hashes with version attribute.  
						
						
						
						
					 
					
						2020-06-17 08:10:41 +02:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						f2187a227f 
					 
					
						
						
							
							Increased the default PBKDF2 iterations for Django 3.2.  
						
						
						
						
					 
					
						2020-05-13 09:07:51 +02:00 
						 
				 
			
				
					
						
							
							
								Hasan Ramezani 
							
						 
					 
					
						
						
							
						
						8aa71f4e87 
					 
					
						
						
							
							Fixed   #31375  -- Made contrib.auth.hashers.make_password() accept only bytes or strings.  
						
						
						
						
					 
					
						2020-03-31 10:52:56 +02:00 
						 
				 
			
				
					
						
							
							
								Hasan Ramezani 
							
						 
					 
					
						
						
							
						
						b3ab92cc5a 
					 
					
						
						
							
							Refs  #31375  -- Added test for contrib.auth.hashers.make_password() bytes support.  
						
						
						
						
					 
					
						2020-03-31 10:49:39 +02:00 
						 
				 
			
				
					
						
							
							
								Hasan Ramezani 
							
						 
					 
					
						
						
							
						
						579f33eb79 
					 
					
						
						
							
							Replaced assertWarns() with SimpleTestCase.assertWarnsMessage() in tests.  
						
						
						
						
					 
					
						2020-01-30 11:19:50 +01:00 
						 
				 
			
				
					
						
							
							
								Mariusz Felisiak 
							
						 
					 
					
						
						
							
						
						1960d55f8b 
					 
					
						
						
							
							Refs  #31040  -- Fixed crypt.crypt() call in test_hashers.py.  
						
						... 
						
						
						
						An empty string is invalid salt in Python 3 and raises exception since
Python 3.9, see https://bugs.python.org/issue38402 . 
						
						
					 
					
						2020-01-03 07:47:04 +01:00 
						 
				 
			
				
					
						
							
							
								Carlton Gibson 
							
						 
					 
					
						
						
							
						
						b5db65c4fb 
					 
					
						
						
							
							Increased the default PBKDF2 iterations for Django 3.1.  
						
						
						
						
					 
					
						2019-09-12 17:24:01 +02:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						06670015f7 
					 
					
						
						
							
							Increased the default PBKDF2 iterations for Django 3.0.  
						
						
						
						
					 
					
						2019-01-17 11:15:27 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						9792af3648 
					 
					
						
						
							
							Increased the default PBKDF2 iterations for Django 2.2.  
						
						
						
						
					 
					
						2018-05-17 11:05:45 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						cae0107287 
					 
					
						
						
							
							Increased the default PBKDF2 iterations for Django 2.1.  
						
						
						
						
					 
					
						2018-05-13 20:06:20 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						a4f0e9aec7 
					 
					
						
						
							
							Fixed   #28718  -- Allowed user to request a password reset if their password doesn't use an enabled hasher.  
						
						... 
						
						
						
						Regression in aeb1389442703c26668292f48680db 
						
						
					 
					
						2018-03-22 10:03:43 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						5b589a47b9 
					 
					
						
						
							
							Fixed   #29161  -- Removed BCryptPasswordHasher from PASSWORD_HASHERS.  
						
						
						
						
					 
					
						2018-02-26 09:05:18 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						fa75b2cb51 
					 
					
						
						
							
							Refs  #27795  -- Removed force_bytes/text() usage in tests.  
						
						
						
						
					 
					
						2018-02-07 14:20:04 -05:00 
						 
				 
			
				
					
						
							
							
								Mads Jensen 
							
						 
					 
					
						
						
							
						
						3e72f4b7b6 
					 
					
						
						
							
							Completed test coverage for BasePasswordHasher.  
						
						
						
						
					 
					
						2017-09-29 09:28:25 -04:00 
						 
				 
			
				
					
						
							
							
								Mads Jensen 
							
						 
					 
					
						
						
							
						
						776f6902d9 
					 
					
						
						
							
							Moved BasePasswordHasher tests to its own test case.  
						
						
						
						
					 
					
						2017-09-29 09:28:24 -04:00 
						 
				 
			
				
					
						
							
							
								Bruno Alla 
							
						 
					 
					
						
						
							
						
						6092ea8fa6 
					 
					
						
						
							
							Refs  #27804  -- Used subTest() in several tests.  
						
						
						
						
					 
					
						2017-05-24 08:36:34 -04:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						1c466994d9 
					 
					
						
						
							
							Refs  #23919  -- Removed misc Python 2/3 references.  
						
						
						
						
					 
					
						2017-01-25 13:59:25 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						7aba69145d 
					 
					
						
						
							
							Refs  #23919  -- Removed django.test.mock Python 2 compatibility shim.  
						
						
						
						
					 
					
						2017-01-20 08:17:20 -05:00 
						 
				 
			
				
					
						
							
							
								Tim Graham 
							
						 
					 
					
						
						
							
						
						109b33f64c 
					 
					
						
						
							
							Refs  #23919  -- Simplified assertRaisesRegex()'s that accounted for Python 2.  
						
						
						
						
					 
					
						2017-01-20 08:49:47 +01:00