diff -r e06fa0ab9ee8 django/contrib/auth/models.py
|
a
|
b
|
|
| 10 | 10 | from django.utils.encoding import smart_str |
| 11 | 11 | from django.utils.hashcompat import md5_constructor, sha_constructor |
| 12 | 12 | from django.utils.translation import ugettext_lazy as _ |
| | 13 | from django.utils.crypto import constant_time_compare |
| 13 | 14 | |
| 14 | 15 | |
| 15 | 16 | UNUSABLE_PASSWORD = '!' # This will never be a valid hash |
| … |
… |
|
| 39 | 40 | encryption formats behind the scenes. |
| 40 | 41 | """ |
| 41 | 42 | algo, salt, hsh = enc_password.split('$') |
| 42 | | return hsh == get_hexdigest(algo, salt, raw_password) |
| | 43 | return constant_time_compare(hsh, get_hexdigest(algo, salt, raw_password)) |
| 43 | 44 | |
| 44 | 45 | def update_last_login(sender, user, **kwargs): |
| 45 | 46 | """ |