Refs #28215 -- Marked auth form passwords as sensitive variables.

2025-10-31 09:41:08 +00:00 · 2024-10-07 16:09:21 +02:00
parent 91c879eda5
commit 037e740ec5
2 changed files with 136 additions and 1 deletions
--- a/django/contrib/auth/forms.py
+++ b/django/contrib/auth/forms.py
@@ -15,6 +15,7 @@ from django.utils.http import urlsafe_base64_encode
 from django.utils.text import capfirst
 from django.utils.translation import gettext
 from django.utils.translation import gettext_lazy as _
+from django.views.decorators.debug import sensitive_variables

 UserModel = get_user_model()
 logger = logging.getLogger("django.contrib.auth")
@@ -122,6 +123,7 @@ class SetPasswordMixin:
        )
        return password1, password2

+    @sensitive_variables("password1", "password2")
    def validate_passwords(
        self,
        password1_field_name="password1",
@@ -151,6 +153,7 @@ class SetPasswordMixin:
            )
            self.add_error(password2_field_name, error)

+    @sensitive_variables("password")
    def validate_password_for_user(self, user, password_field_name="password2"):
        password = self.cleaned_data.get(password_field_name)
        if password:
@@ -348,6 +351,7 @@ class AuthenticationForm(forms.Form):
        if self.fields["username"].label is None:
            self.fields["username"].label = capfirst(self.username_field.verbose_name)

+    @sensitive_variables()
    def clean(self):
        username = self.cleaned_data.get("username")
        password = self.cleaned_data.get("password")
@@ -539,6 +543,7 @@ class PasswordChangeForm(SetPasswordForm):

    field_order = ["old_password", "new_password1", "new_password2"]

+    @sensitive_variables("old_password")
    def clean_old_password(self):
        """
        Validate that the old_password field is correct.