Fixed #28718 -- Allowed user to request a password reset if their password doesn't use an enabled hasher.

Regression in aeb1389442. Reverted changes to is_password_usable() from 703c266682 and documentation changes from 92f48680db.
2025-10-24 06:06:09 +00:00 · 2018-03-20 17:19:27 -04:00
parent d97cce3409
commit a4f0e9aec7
7 changed files with 50 additions and 19 deletions
--- a/tests/auth_tests/test_hashers.py
+++ b/tests/auth_tests/test_hashers.py
@@ -276,9 +276,11 @@ class TestUtilsHashPass(SimpleTestCase):
        with self.assertRaisesMessage(ValueError, msg % 'lolcat'):
            identify_hasher('lolcat$salt$hash')

-    def test_bad_encoded(self):
-        self.assertFalse(is_password_usable('lètmein_badencoded'))
-        self.assertFalse(is_password_usable(''))
+    def test_is_password_usable(self):
+        passwords = ('lètmein_badencoded', '', None)
+        for password in passwords:
+            with self.subTest(password=password):
+                self.assertIs(is_password_usable(password), True)

    def test_low_level_pbkdf2(self):
        hasher = PBKDF2PasswordHasher()