Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

[bug 740013][bug 740431] Upgrade to Django 1.4.3.

* Remove the no longer needed monkeypatch for sha256 password hashes.
* Add a sha256 hasher.
* Update to latest django-authority.
* Minor fixes for test fails.
* Fix fixture related warnings.
* Update password hashes in fixtures to sha256.
* Remove legacy password test as there are none anymore.
  • Loading branch information...
commit 4df97069d6594b08208ff2e7188978631ff86682 1 parent 4199f82
ricky rosario authored
2  apps/customercare/tests/test_views.py
View
@@ -238,6 +238,8 @@ def test_post_reply(self):
'profile_image_url': 'http://example.com/profile.jpg',
'profile_image_url_https': 'https://example.com/profile.jpg', }
request.twitter.api.update_status.return_value = return_value
+ request.user = Mock()
+ request.user.is_authenticated = lambda: False
# Pass the request to the view and verify response.
response = twitter_post(request)
12 apps/kbforums/fixtures/kbusers.json
View
@@ -27,7 +27,7 @@
"last_login": "2010-01-01 00:00:00",
"groups": [],
"user_permissions": [],
- "password": "sha1$d0fcb$661bd5197214051ed4de6da4ecdabe17f5549c7c",
+ "password": "sha256$c0648bd9b3$2d78b7d0504eba77f16fdf168dd7df6b1416075d506faf472a25981c1b3ea781",
"email": "user1@nowhere",
"date_joined": "2010-01-01 00:00:00"
}
@@ -45,7 +45,7 @@
"last_login": "2010-01-01 00:00:00",
"groups": [],
"user_permissions": [],
- "password": "sha1$d0fcb$661bd5197214051ed4de6da4ecdabe17f5549c7c",
+ "password": "sha256$c0648bd9b3$2d78b7d0504eba77f16fdf168dd7df6b1416075d506faf472a25981c1b3ea781",
"email": "user2@nowhere",
"date_joined": "2010-01-01 00:00:00"
}
@@ -63,7 +63,7 @@
"last_login": "2010-04-13 10:20:21",
"groups": [1],
"user_permissions": [],
- "password": "sha1$d0fcb$661bd5197214051ed4de6da4ecdabe17f5549c7c",
+ "password": "sha256$c0648bd9b3$2d78b7d0504eba77f16fdf168dd7df6b1416075d506faf472a25981c1b3ea781",
"email": "user47963@nowhere",
"date_joined": "2008-10-06 10:34:21"
}
@@ -81,7 +81,7 @@
"last_login": "2010-04-26 19:01:45",
"groups": [],
"user_permissions": [],
- "password": "sha1$d0fcb$661bd5197214051ed4de6da4ecdabe17f5549c7c",
+ "password": "sha256$c0648bd9b3$2d78b7d0504eba77f16fdf168dd7df6b1416075d506faf472a25981c1b3ea781",
"email": "user118533@nowhere",
"date_joined": "2009-08-10 16:09:45"
}
@@ -99,7 +99,7 @@
"last_login": "2010-06-29 10:20:21",
"groups": [1],
"user_permissions": [],
- "password": "sha1$d0fcb$661bd5197214051ed4de6da4ecdabe17f5549c7c",
+ "password": "sha256$c0648bd9b3$2d78b7d0504eba77f16fdf168dd7df6b1416075d506faf472a25981c1b3ea781",
"email": "user118577@nowhere",
"date_joined": "2010-06-29 10:20:21"
}
@@ -117,7 +117,7 @@
"last_login": "2010-08-13 15:04:35",
"groups": [],
"user_permissions": [],
- "password": "sha1$d0fcb$661bd5197214051ed4de6da4ecdabe17f5549c7c",
+ "password": "sha256$c0648bd9b3$2d78b7d0504eba77f16fdf168dd7df6b1416075d506faf472a25981c1b3ea781",
"email": "user180054@nowhere",
"date_joined": "2010-06-10 14:08:53"
}
2  apps/kpi/api.py
View
@@ -188,7 +188,7 @@ def get_object_list(self, request):
rs = qs.filter(id__in=aq.values_list('question'))
# Questions with a solution.
- qs_with_solutions = qs.filter(solution__isnull=False)
+ qs_with_solutions = qs.exclude(solution_id=None)
return merge_results(
questions=qs,
8 apps/search/fixtures/search/documents.json
View
@@ -100,7 +100,7 @@
"model": "wiki.revision",
"fields": {
"comment": "",
- "based_on": 11,
+ "based_on": null,
"is_approved": true,
"created": "2010-09-14 15:09:35",
"summary": "\u30d8\u30eb\u30d7\u3068\u30c1\u30e5\u30fc\u30c8\u30ea\u30a2\u30eb\u4eba\u6c17\u306e\u30b5\u30dd\u30fc\u30c8\u8a18\u4e8b",
@@ -118,7 +118,7 @@
"model": "wiki.revision",
"fields": {
"comment": "",
- "based_on": 5,
+ "based_on": null,
"is_approved": true,
"created": "2010-09-17 07:32:11",
"summary": "yeah OK whatever",
@@ -136,7 +136,7 @@
"model": "wiki.revision",
"fields": {
"comment": "",
- "based_on": 18,
+ "based_on": null,
"is_approved": true,
"created": "2010-09-23 08:18:56",
"summary": "ceci n'est pas une pipe!",
@@ -154,7 +154,7 @@
"model": "wiki.revision",
"fields": {
"comment": "",
- "based_on": 20,
+ "based_on": null,
"is_approved": true,
"created": "2010-09-29 09:09:52",
"summary": "the keyword audio only appears in the summary of this article",
14 apps/sumo/fixtures/users.json
View
@@ -20,7 +20,7 @@
"last_login": "2010-01-01 00:00:00",
"groups": [],
"user_permissions": [],
- "password": "sha1$d0fcb$661bd5197214051ed4de6da4ecdabe17f5549c7c",
+ "password": "sha256$c0648bd9b3$2d78b7d0504eba77f16fdf168dd7df6b1416075d506faf472a25981c1b3ea781",
"email": "user1@nowhere",
"date_joined": "2010-01-01 00:00:00"
}
@@ -38,7 +38,7 @@
"last_login": "2010-01-01 00:00:00",
"groups": [],
"user_permissions": [],
- "password": "sha1$d0fcb$661bd5197214051ed4de6da4ecdabe17f5549c7c",
+ "password": "sha256$c0648bd9b3$2d78b7d0504eba77f16fdf168dd7df6b1416075d506faf472a25981c1b3ea781",
"email": "user2@nowhere",
"date_joined": "2010-01-01 00:00:00"
}
@@ -56,7 +56,7 @@
"last_login": "2010-04-13 10:20:21",
"groups": [1],
"user_permissions": [],
- "password": "sha1$d0fcb$661bd5197214051ed4de6da4ecdabe17f5549c7c",
+ "password": "sha256$c0648bd9b3$2d78b7d0504eba77f16fdf168dd7df6b1416075d506faf472a25981c1b3ea781",
"email": "user47963@nowhere",
"date_joined": "2008-10-06 10:34:21"
}
@@ -74,7 +74,7 @@
"last_login": "2010-04-26 19:01:45",
"groups": [],
"user_permissions": [],
- "password": "sha1$d0fcb$661bd5197214051ed4de6da4ecdabe17f5549c7c",
+ "password": "sha256$c0648bd9b3$2d78b7d0504eba77f16fdf168dd7df6b1416075d506faf472a25981c1b3ea781",
"email": "user118533@nowhere",
"date_joined": "2009-08-10 16:09:45"
}
@@ -92,7 +92,7 @@
"last_login": "2010-06-29 10:20:21",
"groups": [1],
"user_permissions": [],
- "password": "sha1$d0fcb$661bd5197214051ed4de6da4ecdabe17f5549c7c",
+ "password": "sha256$c0648bd9b3$2d78b7d0504eba77f16fdf168dd7df6b1416075d506faf472a25981c1b3ea781",
"email": "user1583173@nowhere",
"date_joined": "2010-06-29 10:20:21"
}
@@ -110,7 +110,7 @@
"last_login": "2010-06-29 10:20:21",
"groups": [1],
"user_permissions": [],
- "password": "sha1$d0fcb$661bd5197214051ed4de6da4ecdabe17f5549c7c",
+ "password": "sha256$c0648bd9b3$2d78b7d0504eba77f16fdf168dd7df6b1416075d506faf472a25981c1b3ea781",
"email": "user118577@nowhere",
"date_joined": "2010-06-29 10:20:21"
}
@@ -128,7 +128,7 @@
"last_login": "2010-08-13 15:04:35",
"groups": [],
"user_permissions": [],
- "password": "sha1$d0fcb$661bd5197214051ed4de6da4ecdabe17f5549c7c",
+ "password": "sha256$c0648bd9b3$2d78b7d0504eba77f16fdf168dd7df6b1416075d506faf472a25981c1b3ea781",
"email": "user180054@nowhere",
"date_joined": "2010-06-10 14:08:53"
}
6 apps/sumo/middleware.py
View
@@ -2,9 +2,9 @@
import re
import urllib
+from django.core.urlresolvers import is_valid_path
from django.http import HttpResponseRedirect, HttpResponsePermanentRedirect
from django.http import HttpResponseForbidden
-from django.middleware import common
from django.utils.encoding import iri_to_uri, smart_str, smart_unicode
import jingo
@@ -134,8 +134,8 @@ class RemoveSlashMiddleware(object):
def process_response(self, request, response):
if (response.status_code == 404
and request.path_info.endswith('/')
- and not common._is_valid_path(request.path_info)
- and common._is_valid_path(request.path_info[:-1])):
+ and not is_valid_path(request.path_info)
+ and is_valid_path(request.path_info[:-1])):
# Use request.path because we munged app/locale in path_info.
newurl = request.path[:-1]
if request.GET:
39 apps/users/backends.py
View
@@ -1,41 +1,8 @@
-import hashlib
-import os
-
-from django.contrib.auth import models as auth_models
from django.contrib.auth.backends import ModelBackend
-# http://fredericiana.com/2010/10/12/adding-support-for-stronger-password-hashes-to-django/
-"""
-from future import django_sha256_support
-
-Monkey-patch SHA-256 support into Django's auth system. If Django ticket #5600
-ever gets fixed, this can be removed.
-"""
-
-
-def get_hexdigest(algorithm, salt, raw_password):
- """Generate SHA-256 hash."""
- if algorithm == 'sha256':
- return hashlib.sha256((salt + raw_password).encode('utf8')).hexdigest()
- else:
- return get_hexdigest_old(algorithm, salt, raw_password)
-get_hexdigest_old = auth_models.get_hexdigest
-auth_models.get_hexdigest = get_hexdigest
-
-
-def set_password(self, raw_password):
- """Set SHA-256 password."""
- algo = 'sha256'
- salt = os.urandom(5).encode('hex') # Random, 10-digit (hex) salt.
- hsh = get_hexdigest(algo, salt, raw_password)
- self.password = '$'.join((algo, salt, hsh))
-auth_models.User.set_password = set_password
-
-
+# Live sessions will still be using this backend for a while.
+# TODO: Remove after there are no more sessions using this in prod.
class Sha256Backend(ModelBackend):
- """
- Overriding the Django model backend without changes ensures our
- monkeypatching happens by the time we import auth.
- """
+ """Overriding the Django model backend without changes."""
pass
33 apps/users/hashers.py
View
@@ -0,0 +1,33 @@
+import hashlib
+
+from django.contrib.auth.hashers import BasePasswordHasher, mask_hash
+from django.utils.crypto import constant_time_compare
+from django.utils.datastructures import SortedDict
+
+from tower import ugettext as _
+
+
+class SHA256PasswordHasher(BasePasswordHasher):
+ """The SHA256 password hashing algorithm."""
+ algorithm = "sha256"
+
+ def encode(self, password, salt):
+ assert password
+ assert salt and '$' not in salt
+ hash = hashlib.sha256(salt + password).hexdigest()
+ return "%s$%s$%s" % (self.algorithm, salt, hash)
+
+ def verify(self, password, encoded):
+ algorithm, salt, hash = encoded.split('$', 2)
+ assert algorithm == self.algorithm
+ encoded_2 = self.encode(password, salt)
+ return constant_time_compare(encoded, encoded_2)
+
+ def safe_summary(self, encoded):
+ algorithm, salt, hash = encoded.split('$', 2)
+ assert algorithm == self.algorithm
+ return SortedDict([
+ (_('algorithm'), algorithm),
+ (_('salt'), mask_hash(salt, show=2)),
+ (_('hash'), mask_hash(hash)),
+ ])
22 apps/users/tests/test_templates.py
View
@@ -108,28 +108,6 @@ def test_login_invalid_next_parameter(self, get_current):
eq_(302, response.status_code)
eq_('http://testserver' + valid_next, response['location'])
- def test_login_legacy_password(self):
- '''Test logging in with a legacy md5 password.'''
- legacypw = 'legacypass'
-
- # Set the user's password to an md5
- self.u.password = hashlib.md5(legacypw).hexdigest()
- self.u.save()
-
- # Log in and verify that it's updated to a SHA-256
- response = self.client.post(reverse('users.login'),
- {'username': self.u.username,
- 'password': legacypw})
- eq_(302, response.status_code)
- u = User.objects.get(username=self.u.username)
- assert u.password.startswith('sha256$')
-
- # Try to log in again.
- response = self.client.post(reverse('users.login'),
- {'username': self.u.username,
- 'password': legacypw})
- eq_(302, response.status_code)
-
class PasswordResetTests(TestCaseBase):
1  apps/users/views.py
View
@@ -29,7 +29,6 @@
from sumo.urlresolvers import reverse
from sumo.utils import get_next_url
from upload.tasks import _create_image_thumbnail
-from users.backends import Sha256Backend # Monkey patch User.set_password.
from users.forms import (ProfileForm, AvatarForm, EmailConfirmationForm,
AuthenticationForm, EmailChangeForm, SetPasswordForm,
PasswordChangeForm, SettingsForm, ForgotUsernameForm,
12 settings.py
View
@@ -222,9 +222,6 @@
# Examples: "http://media.lawrence.com", "http://example.com/media/"
MEDIA_URL = '/media/'
-# TODO: Remove this when we upgrade to django 1.4
-ADMIN_MEDIA_PREFIX = '/admin-media/'
-
STATIC_ROOT = path('static')
STATIC_URL = '/static/'
@@ -299,9 +296,7 @@
)
# Auth
-AUTHENTICATION_BACKENDS = (
- 'users.backends.Sha256Backend',
-)
+AUTHENTICATION_BACKENDS = ('django.contrib.auth.backends.ModelBackend',)
AUTH_PROFILE_MODULE = 'users.Profile'
USER_AVATAR_PATH = 'uploads/avatars/'
DEFAULT_AVATAR = MEDIA_URL + 'img/avatar.png'
@@ -311,6 +306,11 @@
ACCOUNT_ACTIVATION_DAYS = 30
+PASSWORD_HASHERS = (
+ 'users.hashers.SHA256PasswordHasher',
+ 'users.hashers.PasswordDisabledHasher',
+)
+
PASSWORD_BLACKLIST = path('configs/password-blacklist.txt')
USERNAME_BLACKLIST = path('configs/username-blacklist.txt')
2  vendor/src/django
@@ -1 +1 @@
-Subproject commit 25d23d9846f945a7a0bbd562302e6ccb9ca5a5c1
+Subproject commit f2530dcb17bf0601cb48e452d1a67d35e5e5d518
2  vendor/src/django-authority
@@ -1 +1 @@
-Subproject commit 543c39a889444488de2b16be72da61b1845b9141
+Subproject commit 5e77becad262345148199abdacf799030d2c7ba3
Please sign in to comment.
Something went wrong with that request. Please try again.