Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Removed Django 1.2 compatibility fallback for contrib.comments forms …

…hash.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15953 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 5fa11b00352ec14c30a1eeea1377339adc8fc3ff 1 parent c922a04
Luke Plant authored March 30, 2011
14  django/contrib/comments/forms.py
... ...
@@ -1,5 +1,4 @@
1 1
 import datetime
2  
-import hashlib
3 2
 import time
4 3
 from django import forms
5 4
 from django.forms.util import ErrorDict
@@ -47,12 +46,7 @@ def clean_security_hash(self):
47 46
         expected_hash = self.generate_security_hash(**security_hash_dict)
48 47
         actual_hash = self.cleaned_data["security_hash"]
49 48
         if not constant_time_compare(expected_hash, actual_hash):
50  
-            # Fallback to Django 1.2 method for compatibility
51  
-            # PendingDeprecationWarning <- here to remind us to remove this
52  
-            # fallback in Django 1.5
53  
-            expected_hash_old = self._generate_security_hash_old(**security_hash_dict)
54  
-            if not constant_time_compare(expected_hash_old, actual_hash):
55  
-                raise forms.ValidationError("Security hash check failed.")
  49
+            raise forms.ValidationError("Security hash check failed.")
56 50
         return actual_hash
57 51
 
58 52
     def clean_timestamp(self):
@@ -95,12 +89,6 @@ def generate_security_hash(self, content_type, object_pk, timestamp):
95 89
         value = "-".join(info)
96 90
         return salted_hmac(key_salt, value).hexdigest()
97 91
 
98  
-    def _generate_security_hash_old(self, content_type, object_pk, timestamp):
99  
-        """Generate a (SHA1) security hash from the provided info."""
100  
-        # Django 1.2 compatibility
101  
-        info = (content_type, object_pk, timestamp, settings.SECRET_KEY)
102  
-        return hashlib.sha1("".join(info)).hexdigest()
103  
-
104 92
 class CommentDetailsForm(CommentSecurityForm):
105 93
     """
106 94
     Handles the specific details of the comment (name, comment, etc.).
18  tests/regressiontests/comment_tests/tests/comment_form_tests.py
... ...
@@ -1,4 +1,3 @@
1  
-import hashlib
2 1
 import time
3 2
 
4 3
 from django.conf import settings
@@ -46,23 +45,6 @@ def testContentTypeTampering(self):
46 45
     def testObjectPKTampering(self):
47 46
         self.tamperWithForm(object_pk="3")
48 47
 
49  
-    def testDjango12Hash(self):
50  
-        # Ensure we can use the hashes generated by Django 1.2
51  
-        a = Article.objects.get(pk=1)
52  
-        d = self.getValidData(a)
53  
-
54  
-        content_type = d['content_type']
55  
-        object_pk = d['object_pk']
56  
-        timestamp = d['timestamp']
57  
-
58  
-        # The Django 1.2 method hard-coded here:
59  
-        info = (content_type, object_pk, timestamp, settings.SECRET_KEY)
60  
-        security_hash = hashlib.sha1("".join(info)).hexdigest()
61  
-
62  
-        d['security_hash'] = security_hash
63  
-        f = CommentForm(a, data=d)
64  
-        self.assertTrue(f.is_valid(), f.errors)
65  
-
66 48
     def testSecurityErrors(self):
67 49
         f = self.tamperWithForm(honeypot="I am a robot")
68 50
         self.assertTrue("honeypot" in f.security_errors())

0 notes on commit 5fa11b0

Please sign in to comment.
Something went wrong with that request. Please try again.