Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

unicode: Fixed #4314 -- Allow non-ASCII characters in password strings.

git-svn-id: http://code.djangoproject.com/svn/django/branches/unicode@5269 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit abba09c6d2264e8151128cb429dee33693f8218a 1 parent d5946c5
Malcolm Tredinnick authored May 16, 2007

Showing 1 changed file with 6 additions and 5 deletions. Show diff stats Hide diff stats

  1. 11  django/contrib/auth/models.py
11  django/contrib/auth/models.py
@@ -2,6 +2,7 @@
2 2
 from django.core.exceptions import ImproperlyConfigured
3 3
 from django.db import backend, connection, models
4 4
 from django.contrib.contenttypes.models import ContentType
  5
+from django.utils.encoding import smart_str
5 6
 from django.utils.translation import ugettext_lazy, ugettext as _
6 7
 import datetime
7 8
 import urllib
@@ -14,16 +15,16 @@ def check_password(raw_password, enc_password):
14 15
     algo, salt, hsh = enc_password.split('$')
15 16
     if algo == 'md5':
16 17
         import md5
17  
-        return hsh == md5.new(salt+raw_password).hexdigest()
  18
+        return hsh == md5.new(smart_str(salt + raw_password)).hexdigest()
18 19
     elif algo == 'sha1':
19 20
         import sha
20  
-        return hsh == sha.new(salt+raw_password).hexdigest()
  21
+        return hsh == sha.new(smart_str(salt + raw_password)).hexdigest()
21 22
     elif algo == 'crypt':
22 23
         try:
23 24
             import crypt
24 25
         except ImportError:
25 26
             raise ValueError, "Crypt password algorithm not supported in this environment."
26  
-        return hsh == crypt.crypt(raw_password, salt)
  27
+        return hsh == crypt.crypt(smart_str(raw_password), smart_str(salt))
27 28
     raise ValueError, "Got unknown password algorithm type in password."
28 29
 
29 30
 class SiteProfileNotAvailable(Exception):
@@ -153,7 +154,7 @@ def set_password(self, raw_password):
153 154
         import sha, random
154 155
         algo = 'sha1'
155 156
         salt = sha.new(str(random.random())).hexdigest()[:5]
156  
-        hsh = sha.new(salt+raw_password).hexdigest()
  157
+        hsh = sha.new(salt + smart_str(raw_password)).hexdigest()
157 158
         self.password = '%s$%s$%s' % (algo, salt, hsh)
158 159
 
159 160
     def check_password(self, raw_password):
@@ -165,7 +166,7 @@ def check_password(self, raw_password):
165 166
         # algorithm or salt.
166 167
         if '$' not in self.password:
167 168
             import md5
168  
-            is_correct = (self.password == md5.new(raw_password).hexdigest())
  169
+            is_correct = (self.password == md5.new(smart_str(raw_password)).hexdigest())
169 170
             if is_correct:
170 171
                 # Convert the password to the new, more secure format.
171 172
                 self.set_password(raw_password)

0 notes on commit abba09c

Please sign in to comment.
Something went wrong with that request. Please try again.