Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

[1.6.x] Fixed #20675 -- `check_password` should work when no password…

… is specified.

The regression was introduced by 2c4fe76. refs #20593.

Backport of 8759778 from master.
  • Loading branch information...
commit 2de0d4c4523ca3d1d6744ba0f22b8ef33bedfa03 1 parent 75041d5
Simon Charette authored July 03, 2013
5  django/contrib/auth/hashers.py
@@ -22,6 +22,7 @@
22 22
 HASHERS = None  # lazily loaded from PASSWORD_HASHERS
23 23
 PREFERRED_HASHER = None  # defaults to first item in PASSWORD_HASHERS
24 24
 
  25
+
25 26
 @receiver(setting_changed)
26 27
 def reset_hashers(**kwargs):
27 28
     if kwargs['setting'] == 'PASSWORD_HASHERS':
@@ -34,7 +35,7 @@ def is_password_usable(encoded):
34 35
     if encoded is None or encoded.startswith(UNUSABLE_PASSWORD_PREFIX):
35 36
         return False
36 37
     try:
37  
-        hasher = identify_hasher(encoded)
  38
+        identify_hasher(encoded)
38 39
     except ValueError:
39 40
         return False
40 41
     return True
@@ -48,7 +49,7 @@ def check_password(password, encoded, setter=None, preferred='default'):
48 49
     If setter is specified, it'll be called when you need to
49 50
     regenerate the password.
50 51
     """
51  
-    if not is_password_usable(encoded):
  52
+    if password is None or not is_password_usable(encoded):
52 53
         return False
53 54
 
54 55
     preferred = get_hasher(preferred)
7  django/contrib/auth/tests/test_hashers.py
@@ -186,6 +186,13 @@ def test_unusable(self):
186 186
         # This might fail one day due to a hash collision.
187 187
         self.assertNotEqual(encoded, make_password(None), "Random password collision?")
188 188
 
  189
+    def test_unspecified_password(self):
  190
+        """
  191
+        Makes sure specifying no plain password with a valid encoded password
  192
+        returns `False`.
  193
+        """
  194
+        self.assertFalse(check_password(None, make_password('lètmein')))
  195
+
189 196
     def test_bad_algorithm(self):
190 197
         with self.assertRaises(ValueError):
191 198
             make_password('lètmein', hasher='lolcat')

0 notes on commit 2de0d4c

Please sign in to comment.
Something went wrong with that request. Please try again.