Ticket #18405: hashers.diff

File hashers.diff, 4.5 KB (added by Claude Paroz, 12 years ago)

Delayed string encoding in hashers

  • django/contrib/auth/forms.py 

    diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py
index f0ef124..deb6cb9 100644
    a b  
    11from django import forms
    22from django.forms.util import flatatt
    33from django.template import loader
    4 from django.utils.encoding import smart_str
    54from django.utils.http import int_to_base36
    65from django.utils.safestring import mark_safe
    76from django.utils.translation import ugettext, ugettext_lazy as _
    class ReadOnlyPasswordHashWidget(forms.Widget):  
    2625
    2726        final_attrs = self.build_attrs(attrs)
    2827
    29         encoded = smart_str(encoded)
    30 
    3128        if len(encoded) == 32 and '$' not in encoded:
    3229            algorithm = 'unsalted_md5'
    3330        else:

  • django/contrib/auth/hashers.py 

    diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py
index 52d204c..11a6313 100644
    a b def check_password(password, encoded, setter=None, preferred='default'):  
    4040        return False
    4141
    4242    preferred = get_hasher(preferred)
    43     raw_password = password
    44     password = smart_str(password)
    45     encoded = smart_str(encoded)
    4643
    4744    if len(encoded) == 32 and '$' not in encoded:
    4845        hasher = get_hasher('unsalted_md5')
    def check_password(password, encoded, setter=None, preferred='default'):  
    5350    must_update = hasher.algorithm != preferred.algorithm
    5451    is_correct = hasher.verify(password, encoded)
    5552    if setter and is_correct and must_update:
    56         setter(raw_password)
     53        setter(password)
    5754    return is_correct
    5855
    5956
    def make_password(password, salt=None, hasher='default'):  
    6966        return UNUSABLE_PASSWORD
    7067
    7168    hasher = get_hasher(hasher)
    72     password = smart_str(password)
    7369
    7470    if not salt:
    7571        salt = hasher.salt()
    76     salt = smart_str(salt)
    7772
    7873    return hasher.encode(password, salt)
    7974
    class SHA1PasswordHasher(BasePasswordHasher):  
    291286    def encode(self, password, salt):
    292287        assert password
    293288        assert salt and '$' not in salt
    294         hash = hashlib.sha1(salt + password).hexdigest()
     289        hash = hashlib.sha1(smart_str(salt + password)).hexdigest()
    295290        return "%s$%s$%s" % (self.algorithm, salt, hash)
    296291
    297292    def verify(self, password, encoded):
    class MD5PasswordHasher(BasePasswordHasher):  
    319314    def encode(self, password, salt):
    320315        assert password
    321316        assert salt and '$' not in salt
    322         hash = hashlib.md5(salt + password).hexdigest()
     317        hash = hashlib.md5(smart_str(salt + password)).hexdigest()
    323318        return "%s$%s$%s" % (self.algorithm, salt, hash)
    324319
    325320    def verify(self, password, encoded):
    class UnsaltedMD5PasswordHasher(BasePasswordHasher):  
    353348        return ''
    354349
    355350    def encode(self, password, salt):
    356         return hashlib.md5(password).hexdigest()
     351        return hashlib.md5(smart_str(password)).hexdigest()
    357352
    358353    def verify(self, password, encoded):
    359354        encoded_2 = self.encode(password, '')

  • django/utils/crypto.py 

    diff --git a/django/utils/crypto.py b/django/utils/crypto.py
index 9d6486c..0fce060 100644
    a b except NotImplementedError:  
    2222    using_sysrandom = False
    2323
    2424from django.conf import settings
     25from django.utils.encoding import smart_str
    2526
    2627
    2728_trans_5c = b"".join([chr(x ^ 0x5C) for x in xrange(256)])
    def pbkdf2(password, salt, iterations, dklen=0, digest=None):  
    137138    assert iterations > 0
    138139    if not digest:
    139140        digest = hashlib.sha256
     141    password = smart_str(password)
     142    salt = smart_str(salt)
    140143    hlen = digest().digest_size
    141144    if not dklen:
    142145        dklen = hlen

  • docs/releases/1.5.txt 

    diff --git a/docs/releases/1.5.txt b/docs/releases/1.5.txt
index 0d86a52..696f332 100644
    a b If you were using the ``data`` parameter in a PUT request without a  
    128128``content_type``, you must encode your data before passing it to the test
    129129client and set the ``content_type`` argument.
    130130
     131String types of hasher method parameters
     132~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     133
     134If you have written a :ref:`custom password hasher <auth_password_storage>`,
     135your ``encode()``, ``verify()`` or ``safe_summary()`` methods should accept
     136Unicode parameters (``password``, ``salt`` or ``encoded``). If any of the
     137hashing methods need byte strings, you can use the
     138:func:`~django.utils.encoding.smart_str` utility to encode the strings.
     139
    131140Features deprecated in 1.5
    132141==========================
    133142
Back to Top