Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Removed Django 1.2 compatibility fallback for password reset hash

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15950 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 25aaa359a28095400eefb017e981163a657e2ca6 1 parent 8823021
Luke Plant authored March 30, 2011
22  django/contrib/auth/tests/tokens.py
@@ -51,28 +51,6 @@ def _today(self):
51 51
         p2 = Mocked(date.today() + timedelta(settings.PASSWORD_RESET_TIMEOUT_DAYS + 1))
52 52
         self.assertFalse(p2.check_token(user, tk1))
53 53
 
54  
-    def test_django12_hash(self):
55  
-        """
56  
-        Ensure we can use the hashes generated by Django 1.2
57  
-        """
58  
-        # Hard code in the Django 1.2 algorithm (not the result, as it is time
59  
-        # dependent)
60  
-        def _make_token(user):
61  
-            import hashlib
62  
-            from django.utils.http import int_to_base36
63  
-
64  
-            timestamp = (date.today() - date(2001,1,1)).days
65  
-            ts_b36 = int_to_base36(timestamp)
66  
-            hash = hashlib.sha1(settings.SECRET_KEY + unicode(user.id) +
67  
-                               user.password + user.last_login.strftime('%Y-%m-%d %H:%M:%S') +
68  
-                               unicode(timestamp)).hexdigest()[::2]
69  
-            return "%s-%s" % (ts_b36, hash)
70  
-
71  
-        user = User.objects.create_user('tokentestuser', 'test2@example.com', 'testpw')
72  
-        p0 = PasswordResetTokenGenerator()
73  
-        tk1 = _make_token(user)
74  
-        self.assertTrue(p0.check_token(user, tk1))
75  
-
76 54
     def test_date_length(self):
77 55
         """
78 56
         Make sure we don't allow overly long dates, causing a potential DoS.
15  django/contrib/auth/tokens.py
... ...
@@ -1,5 +1,4 @@
1 1
 from datetime import date
2  
-import hashlib
3 2
 from django.conf import settings
4 3
 from django.utils.http import int_to_base36, base36_to_int
5 4
 from django.utils.crypto import constant_time_compare, salted_hmac
@@ -33,11 +32,7 @@ def check_token(self, user, token):
33 32
 
34 33
         # Check that the timestamp/uid has not been tampered with
35 34
         if not constant_time_compare(self._make_token_with_timestamp(user, ts), token):
36  
-            # Fallback to Django 1.2 method for compatibility.
37  
-            # PendingDeprecationWarning <- here to remind us to remove this in
38  
-            # Django 1.5
39  
-            if not constant_time_compare(self._make_token_with_timestamp_old(user, ts), token):
40  
-                return False
  35
+            return False
41 36
 
42 37
         # Check the timestamp is within limit
43 38
         if (self._num_days(self._today()) - ts) > settings.PASSWORD_RESET_TIMEOUT_DAYS:
@@ -63,14 +58,6 @@ def _make_token_with_timestamp(self, user, timestamp):
63 58
         hash = salted_hmac(key_salt, value).hexdigest()[::2]
64 59
         return "%s-%s" % (ts_b36, hash)
65 60
 
66  
-    def _make_token_with_timestamp_old(self, user, timestamp):
67  
-        # The Django 1.2 method
68  
-        ts_b36 = int_to_base36(timestamp)
69  
-        hash = hashlib.sha1(settings.SECRET_KEY + unicode(user.id) +
70  
-                           user.password + user.last_login.strftime('%Y-%m-%d %H:%M:%S') +
71  
-                           unicode(timestamp)).hexdigest()[::2]
72  
-        return "%s-%s" % (ts_b36, hash)
73  
-
74 61
     def _num_days(self, dt):
75 62
         return (dt - date(2001,1,1)).days
76 63
 

0 notes on commit 25aaa35

Please sign in to comment.
Something went wrong with that request. Please try again.