Fixed #36226 -- Accepted str or bytes for password and salt in password hashers.

Co-authored-by: Screamadelica <1621456391@sjtu.edu.cn>
2025-10-30 17:16:10 +00:00 · 2025-07-09 00:14:00 +08:00
parent e709301000
commit 78fac1b047
3 changed files with 63 additions and 7 deletions
--- a/tests/auth_tests/test_hashers.py
+++ b/tests/auth_tests/test_hashers.py
@@ -5,6 +5,7 @@ from django.conf.global_settings import PASSWORD_HASHERS
 from django.contrib.auth.hashers import (
    UNUSABLE_PASSWORD_PREFIX,
    UNUSABLE_PASSWORD_SUFFIX_LENGTH,
+    Argon2PasswordHasher,
    BasePasswordHasher,
    BCryptPasswordHasher,
    BCryptSHA256PasswordHasher,
@@ -520,6 +521,54 @@ class TestUtilsHashPass(SimpleTestCase):
                    with self.assertRaisesMessage(ValueError, msg):
                        hasher.encode("password", salt)

+    def test_password_and_salt_in_str_and_bytes(self):
+        hasher_classes = [
+            MD5PasswordHasher,
+            PBKDF2PasswordHasher,
+            PBKDF2SHA1PasswordHasher,
+            ScryptPasswordHasher,
+        ]
+        for hasher_class in hasher_classes:
+            hasher = hasher_class()
+            with self.subTest(hasher_class.__name__):
+                passwords = ["password", b"password"]
+                for password in passwords:
+                    for salt in [hasher.salt(), hasher.salt().encode()]:
+                        encoded = hasher.encode(password, salt)
+                        for password_to_verify in passwords:
+                            self.assertIs(
+                                hasher.verify(password_to_verify, encoded), True
+                            )
+
+    @skipUnless(argon2, "argon2-cffi not installed")
+    def test_password_and_salt_in_str_and_bytes_argon2(self):
+        hasher = Argon2PasswordHasher()
+        passwords = ["password", b"password"]
+        for password in passwords:
+            for salt in [hasher.salt(), hasher.salt().encode()]:
+                encoded = hasher.encode(password, salt)
+                for password_to_verify in passwords:
+                    self.assertIs(hasher.verify(password_to_verify, encoded), True)
+
+    @skipUnless(bcrypt, "bcrypt not installed")
+    def test_password_and_salt_in_str_and_bytes_bcrypt(self):
+        hasher_classes = [
+            BCryptPasswordHasher,
+            BCryptSHA256PasswordHasher,
+        ]
+        for hasher_class in hasher_classes:
+            hasher = hasher_class()
+            with self.subTest(hasher_class.__name__):
+                passwords = ["password", b"password"]
+                for password in passwords:
+                    salts = [hasher.salt().decode(), hasher.salt()]
+                    for salt in salts:
+                        encoded = hasher.encode(password, salt)
+                        for password_to_verify in passwords:
+                            self.assertIs(
+                                hasher.verify(password_to_verify, encoded), True
+                            )
+
    def test_encode_password_required(self):
        hasher_classes = [
            MD5PasswordHasher,