Ticket #17944: 17944.3.patch

django/contrib/auth/tests/forms.py

@@ -65 +65 @@
 
     def test_success(self):
         # The success case.
-
         data = {
             'username': 'jsmith@example.com',
             'password1': 'test123',
@@ -236 +235 @@
         # Just check we can create it
         form = MyUserForm({})
 
+    def test_bug_17944_empty_password(self):
+        user = User.objects.get(username='empty_password')
+        form = UserChangeForm(instance=user)
+        # Just check that no error is raised.
+        form.as_table()
+
+    def test_bug_17944_unmanageable_password(self):
+        user = User.objects.get(username='unmanageable_password')
+        form = UserChangeForm(instance=user)
+        # Just check that no error is raised.
+        form.as_table()
+
+    def test_bug_17944_unknown_password_algorithm(self):
+        user = User.objects.get(username='unknown_password')
+        form = UserChangeForm(instance=user)
+        # Just check that no error is raised.
+        form.as_table()
+
+
 UserChangeFormTest = override_settings(USE_TZ=False)(UserChangeFormTest)
 
 

django/contrib/auth/fixtures/authtestdata.json

@@ -1 +1 @@
 [
     {
-        "pk": "1", 
-        "model": "auth.user", 
+        "pk": "1",
+        "model": "auth.user",
         "fields": {
-            "username": "testclient", 
-            "first_name": "Test", 
-            "last_name": "Client", 
-            "is_active": true, 
-            "is_superuser": false, 
-            "is_staff": false, 
-            "last_login": "2006-12-17 07:03:31", 
-            "groups": [], 
-            "user_permissions": [], 
-            "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161", 
-            "email": "testclient@example.com", 
+            "username": "testclient",
+            "first_name": "Test",
+            "last_name": "Client",
+            "is_active": true,
+            "is_superuser": false,
+            "is_staff": false,
+            "last_login": "2006-12-17 07:03:31",
+            "groups": [],
+            "user_permissions": [],
+            "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161",
+            "email": "testclient@example.com",
             "date_joined": "2006-12-17 07:03:31"
         }
     },
     {
-        "pk": "2", 
-        "model": "auth.user", 
+        "pk": "2",
+        "model": "auth.user",
         "fields": {
-            "username": "inactive", 
-            "first_name": "Inactive", 
-            "last_name": "User", 
-            "is_active": false, 
-            "is_superuser": false, 
-            "is_staff": false, 
-            "last_login": "2006-12-17 07:03:31", 
-            "groups": [], 
-            "user_permissions": [], 
-            "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161", 
+            "username": "inactive",
+            "first_name": "Inactive",
+            "last_name": "User",
+            "is_active": false,
+            "is_superuser": false,
+            "is_staff": false,
+            "last_login": "2006-12-17 07:03:31",
+            "groups": [],
+            "user_permissions": [],
+            "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161",
             "email": "testclient2@example.com",
             "date_joined": "2006-12-17 07:03:31"
         }
     },
     {
-        "pk": "3", 
-        "model": "auth.user", 
+        "pk": "3",
+        "model": "auth.user",
         "fields": {
-            "username": "staff", 
-            "first_name": "Staff", 
-            "last_name": "Member", 
-            "is_active": true, 
-            "is_superuser": false, 
-            "is_staff": true, 
-            "last_login": "2006-12-17 07:03:31", 
-            "groups": [], 
-            "user_permissions": [], 
-            "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161", 
-            "email": "staffmember@example.com", 
+            "username": "staff",
+            "first_name": "Staff",
+            "last_name": "Member",
+            "is_active": true,
+            "is_superuser": false,
+            "is_staff": true,
+            "last_login": "2006-12-17 07:03:31",
+            "groups": [],
+            "user_permissions": [],
+            "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161",
+            "email": "staffmember@example.com",
             "date_joined": "2006-12-17 07:03:31"
         }
+    },
+    {
+        "pk": "4",
+        "model": "auth.user",
+        "fields": {
+            "username": "empty_password",
+            "first_name": "Empty",
+            "last_name": "Password",
+            "is_active": true,
+            "is_superuser": false,
+            "is_staff": false,
+            "last_login": "2006-12-17 07:03:31",
+            "groups": [],
+            "user_permissions": [],
+            "password": "",
+            "email": "empty_password@example.com",
+            "date_joined": "2006-12-17 07:03:31"
+        }
+    },
+    {
+        "pk": "5",
+        "model": "auth.user",
+        "fields": {
+            "username": "unmanageable_password",
+            "first_name": "Unmanageable",
+            "last_name": "Password",
+            "is_active": true,
+            "is_superuser": false,
+            "is_staff": false,
+            "last_login": "2006-12-17 07:03:31",
+            "groups": [],
+            "user_permissions": [],
+            "password": "$",
+            "email": "unmanageable_password@example.com",
+            "date_joined": "2006-12-17 07:03:31"
+        }
+    },
+    {
+        "pk": "6",
+        "model": "auth.user",
+        "fields": {
+            "username": "unknown_password",
+            "first_name": "Unknown",
+            "last_name": "Password",
+            "is_active": true,
+            "is_superuser": false,
+            "is_staff": false,
+            "last_login": "2006-12-17 07:03:31",
+            "groups": [],
+            "user_permissions": [],
+            "password": "foo$bar",
+            "email": "unknown_password@example.com",
+            "date_joined": "2006-12-17 07:03:31"
+        }
     }
 ]

django/contrib/auth/forms.py

@@ -29 +29 @@
         encoded = smart_str(encoded)
 
         if len(encoded) == 32 and '$' not in encoded:
-            hasher = get_hasher('unsalted_md5')
+            algorithm = 'unsalted_md5'
         else:
             algorithm = encoded.split('$', 1)[0]
+
+        try:
             hasher = get_hasher(algorithm)
+        except ValueError:
+            summary = "<strong>%s</strong>" % ugettext("Invalid password format or unknown hashing algorithm.")
+        else:
+            summary = ""
+            for key, value in hasher.safe_summary(encoded).iteritems():
+                summary += "<strong>%(key)s</strong>: %(value)s " % {"key": ugettext(key), "value": value}
 
-        summary = ""
-        for key, value in hasher.safe_summary(encoded).iteritems():
-            summary += "<strong>%(key)s</strong>: %(value)s " % {"key": ugettext(key), "value": value}
-
         return mark_safe("<div%(attrs)s>%(summary)s</div>" % {"attrs": flatatt(final_attrs), "summary": summary})