mirror of
https://github.com/django/django.git
synced 2025-01-20 15:19:20 +00:00
Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in encode() methods of remaining password hashers.
This commit is contained in:
parent
e75a3a770e
commit
a7f27fca52
@ -689,7 +689,8 @@ class UnsaltedSHA1PasswordHasher(BasePasswordHasher):
|
|||||||
return ''
|
return ''
|
||||||
|
|
||||||
def encode(self, password, salt):
|
def encode(self, password, salt):
|
||||||
assert salt == ''
|
if salt != '':
|
||||||
|
raise ValueError('salt must be empty.')
|
||||||
hash = hashlib.sha1(password.encode()).hexdigest()
|
hash = hashlib.sha1(password.encode()).hexdigest()
|
||||||
return 'sha1$$%s' % hash
|
return 'sha1$$%s' % hash
|
||||||
|
|
||||||
@ -733,7 +734,8 @@ class UnsaltedMD5PasswordHasher(BasePasswordHasher):
|
|||||||
return ''
|
return ''
|
||||||
|
|
||||||
def encode(self, password, salt):
|
def encode(self, password, salt):
|
||||||
assert salt == ''
|
if salt != '':
|
||||||
|
raise ValueError('salt must be empty.')
|
||||||
return hashlib.md5(password.encode()).hexdigest()
|
return hashlib.md5(password.encode()).hexdigest()
|
||||||
|
|
||||||
def decode(self, encoded):
|
def decode(self, encoded):
|
||||||
@ -774,9 +776,11 @@ class CryptPasswordHasher(BasePasswordHasher):
|
|||||||
|
|
||||||
def encode(self, password, salt):
|
def encode(self, password, salt):
|
||||||
crypt = self._load_library()
|
crypt = self._load_library()
|
||||||
assert len(salt) == 2
|
if len(salt) != 2:
|
||||||
|
raise ValueError('salt must be of length 2.')
|
||||||
hash = crypt.crypt(password, salt)
|
hash = crypt.crypt(password, salt)
|
||||||
assert hash is not None # A platform like OpenBSD with a dummy crypt module.
|
if hash is None: # A platform like OpenBSD with a dummy crypt module.
|
||||||
|
raise TypeError('hash must be provided.')
|
||||||
# we don't need to store the salt, but Django used to do this
|
# we don't need to store the salt, but Django used to do this
|
||||||
return '%s$%s$%s' % (self.algorithm, '', hash)
|
return '%s$%s$%s' % (self.algorithm, '', hash)
|
||||||
|
|
||||||
|
@ -143,6 +143,13 @@ class TestUtilsHashPass(SimpleTestCase):
|
|||||||
self.assertTrue(check_password('', blank_encoded))
|
self.assertTrue(check_password('', blank_encoded))
|
||||||
self.assertFalse(check_password(' ', blank_encoded))
|
self.assertFalse(check_password(' ', blank_encoded))
|
||||||
|
|
||||||
|
@override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.UnsaltedMD5PasswordHasher'])
|
||||||
|
def test_unsalted_md5_encode_invalid_salt(self):
|
||||||
|
hasher = get_hasher('unsalted_md5')
|
||||||
|
msg = 'salt must be empty.'
|
||||||
|
with self.assertRaisesMessage(ValueError, msg):
|
||||||
|
hasher.encode('password', salt='salt')
|
||||||
|
|
||||||
@override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher'])
|
@override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher'])
|
||||||
def test_unsalted_sha1(self):
|
def test_unsalted_sha1(self):
|
||||||
encoded = make_password('lètmein', '', 'unsalted_sha1')
|
encoded = make_password('lètmein', '', 'unsalted_sha1')
|
||||||
@ -161,6 +168,13 @@ class TestUtilsHashPass(SimpleTestCase):
|
|||||||
self.assertTrue(check_password('', blank_encoded))
|
self.assertTrue(check_password('', blank_encoded))
|
||||||
self.assertFalse(check_password(' ', blank_encoded))
|
self.assertFalse(check_password(' ', blank_encoded))
|
||||||
|
|
||||||
|
@override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher'])
|
||||||
|
def test_unsalted_sha1_encode_invalid_salt(self):
|
||||||
|
hasher = get_hasher('unsalted_sha1')
|
||||||
|
msg = 'salt must be empty.'
|
||||||
|
with self.assertRaisesMessage(ValueError, msg):
|
||||||
|
hasher.encode('password', salt='salt')
|
||||||
|
|
||||||
@skipUnless(crypt, "no crypt module to generate password.")
|
@skipUnless(crypt, "no crypt module to generate password.")
|
||||||
@override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.CryptPasswordHasher'])
|
@override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.CryptPasswordHasher'])
|
||||||
def test_crypt(self):
|
def test_crypt(self):
|
||||||
@ -177,6 +191,23 @@ class TestUtilsHashPass(SimpleTestCase):
|
|||||||
self.assertTrue(check_password('', blank_encoded))
|
self.assertTrue(check_password('', blank_encoded))
|
||||||
self.assertFalse(check_password(' ', blank_encoded))
|
self.assertFalse(check_password(' ', blank_encoded))
|
||||||
|
|
||||||
|
@skipUnless(crypt, 'no crypt module to generate password.')
|
||||||
|
@override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.CryptPasswordHasher'])
|
||||||
|
def test_crypt_encode_invalid_salt(self):
|
||||||
|
hasher = get_hasher('crypt')
|
||||||
|
msg = 'salt must be of length 2.'
|
||||||
|
with self.assertRaisesMessage(ValueError, msg):
|
||||||
|
hasher.encode('password', salt='a')
|
||||||
|
|
||||||
|
@skipUnless(crypt, 'no crypt module to generate password.')
|
||||||
|
@override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.CryptPasswordHasher'])
|
||||||
|
def test_crypt_encode_invalid_hash(self):
|
||||||
|
hasher = get_hasher('crypt')
|
||||||
|
msg = 'hash must be provided.'
|
||||||
|
with mock.patch('crypt.crypt', return_value=None):
|
||||||
|
with self.assertRaisesMessage(TypeError, msg):
|
||||||
|
hasher.encode('password', salt='ab')
|
||||||
|
|
||||||
@skipUnless(bcrypt, "bcrypt not installed")
|
@skipUnless(bcrypt, "bcrypt not installed")
|
||||||
def test_bcrypt_sha256(self):
|
def test_bcrypt_sha256(self):
|
||||||
encoded = make_password('lètmein', hasher='bcrypt_sha256')
|
encoded = make_password('lètmein', hasher='bcrypt_sha256')
|
||||||
|
Loading…
x
Reference in New Issue
Block a user