diff --git a/django/contrib/formtools/tests/__init__.py b/django/contrib/formtools/tests/__init__.py index 25a55a41b9..604797f01c 100644 --- a/django/contrib/formtools/tests/__init__.py +++ b/django/contrib/formtools/tests/__init__.py @@ -172,39 +172,6 @@ class PreviewTests(FormToolsTestCase): self.assertNotEqual(response.content, success_string) -class SecurityHashTests(unittest.TestCase): - def setUp(self): - self._warnings_state = get_warnings_state() - warnings.filterwarnings('ignore', category=DeprecationWarning, - module='django.contrib.formtools.utils') - - def tearDown(self): - restore_warnings_state(self._warnings_state) - - def test_textfield_hash(self): - """ - Regression test for #10034: the hash generation function should ignore - leading/trailing whitespace so as to be friendly to broken browsers that - submit it (usually in textareas). - """ - f1 = HashTestForm({'name': 'joe', 'bio': 'Nothing notable.'}) - f2 = HashTestForm({'name': ' joe', 'bio': 'Nothing notable. '}) - hash1 = utils.security_hash(None, f1) - hash2 = utils.security_hash(None, f2) - self.assertEqual(hash1, hash2) - - def test_empty_permitted(self): - """ - Regression test for #10643: the security hash should allow forms with - empty_permitted = True, or forms where data has not changed. - """ - f1 = HashTestBlankForm({}) - f2 = HashTestForm({}, empty_permitted=True) - hash1 = utils.security_hash(None, f1) - hash2 = utils.security_hash(None, f2) - self.assertEqual(hash1, hash2) - - class FormHmacTests(unittest.TestCase): """ Same as SecurityHashTests, but with form_hmac diff --git a/django/contrib/formtools/utils.py b/django/contrib/formtools/utils.py index 3c0f7dba7f..572a0969ee 100644 --- a/django/contrib/formtools/utils.py +++ b/django/contrib/formtools/utils.py @@ -3,43 +3,9 @@ try: except ImportError: import pickle -import hashlib -from django.conf import settings from django.utils.crypto import salted_hmac -def security_hash(request, form, *args): - """ - Calculates a security hash for the given Form instance. - - This creates a list of the form field names/values in a deterministic - order, pickles the result with the SECRET_KEY setting, then takes an md5 - hash of that. - """ - import warnings - warnings.warn("security_hash is deprecated; use form_hmac instead", - DeprecationWarning) - data = [] - for bf in form: - # Get the value from the form data. If the form allows empty or hasn't - # changed then don't call clean() to avoid trigger validation errors. - if form.empty_permitted and not form.has_changed(): - value = bf.data or '' - else: - value = bf.field.clean(bf.data) or '' - if isinstance(value, basestring): - value = value.strip() - data.append((bf.name, value)) - - data.extend(args) - data.append(settings.SECRET_KEY) - - # Use HIGHEST_PROTOCOL because it's the most efficient. - pickled = pickle.dumps(data, pickle.HIGHEST_PROTOCOL) - - return hashlib.md5(pickled).hexdigest() - - def form_hmac(form): """ Calculates a security hash for the given Form instance.