Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed #20675 -- `check_password` should work when no password is spec…

…ified.

The regression was introduced by 2c4fe76. refs #20593.
  • Loading branch information...
commit 8759778185d0539bf9c11e3fda497a9486b9acab 1 parent 067e042
@charettes charettes authored
View
5 django/contrib/auth/hashers.py
@@ -22,6 +22,7 @@
HASHERS = None # lazily loaded from PASSWORD_HASHERS
PREFERRED_HASHER = None # defaults to first item in PASSWORD_HASHERS
+
@receiver(setting_changed)
def reset_hashers(**kwargs):
if kwargs['setting'] == 'PASSWORD_HASHERS':
@@ -34,7 +35,7 @@ def is_password_usable(encoded):
if encoded is None or encoded.startswith(UNUSABLE_PASSWORD_PREFIX):
return False
try:
- hasher = identify_hasher(encoded)
+ identify_hasher(encoded)
except ValueError:
return False
return True
@@ -48,7 +49,7 @@ def check_password(password, encoded, setter=None, preferred='default'):
If setter is specified, it'll be called when you need to
regenerate the password.
"""
- if not is_password_usable(encoded):
+ if password is None or not is_password_usable(encoded):
return False
preferred = get_hasher(preferred)
View
7 django/contrib/auth/tests/test_hashers.py
@@ -187,6 +187,13 @@ def test_unusable(self):
# This might fail one day due to a hash collision.
self.assertNotEqual(encoded, make_password(None), "Random password collision?")
+ def test_unspecified_password(self):
+ """
+ Makes sure specifying no plain password with a valid encoded password
+ returns `False`.
+ """
+ self.assertFalse(check_password(None, make_password('lètmein')))
+
def test_bad_algorithm(self):
with self.assertRaises(ValueError):
make_password('lètmein', hasher='lolcat')
Please sign in to comment.
Something went wrong with that request. Please try again.