summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMariusz Felisiak <felisiak.mariusz@gmail.com>2022-05-11 09:13:45 +0200
committerGitHub <noreply@github.com>2022-05-11 09:13:45 +0200
commit02dbf1667c6da61ea9346f7c9f174a158b896811 (patch)
tree56b519f7529b6a29cbb90155c363d57585418e03
parent262fde94de5eb6544fc0f289575583436613c045 (diff)
Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher.
-rw-r--r--django/contrib/auth/hashers.py10
-rw-r--r--docs/internals/deprecation.txt2
-rw-r--r--docs/releases/4.1.txt2
-rw-r--r--docs/topics/auth/passwords.txt2
-rw-r--r--tests/auth_tests/test_hashers.py16
5 files changed, 29 insertions, 3 deletions
diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py
index 3cdbaa75b0..42159531dc 100644
--- a/django/contrib/auth/hashers.py
+++ b/django/contrib/auth/hashers.py
@@ -17,6 +17,7 @@ from django.utils.crypto import (
md5,
pbkdf2,
)
+from django.utils.deprecation import RemovedInDjango50Warning
from django.utils.module_loading import import_string
from django.utils.translation import gettext_noop as _
@@ -797,6 +798,7 @@ class UnsaltedMD5PasswordHasher(BasePasswordHasher):
pass
+# RemovedInDjango50Warning.
class CryptPasswordHasher(BasePasswordHasher):
"""
Password hashing using UNIX crypt (not recommended)
@@ -807,6 +809,14 @@ class CryptPasswordHasher(BasePasswordHasher):
algorithm = "crypt"
library = "crypt"
+ def __init__(self, *args, **kwargs):
+ warnings.warn(
+ "django.contrib.auth.hashers.CryptPasswordHasher is deprecated.",
+ RemovedInDjango50Warning,
+ stacklevel=2,
+ )
+ super().__init__(*args, **kwargs)
+
def salt(self):
return get_random_string(2)
diff --git a/docs/internals/deprecation.txt b/docs/internals/deprecation.txt
index 903f2f7161..39007eb3e9 100644
--- a/docs/internals/deprecation.txt
+++ b/docs/internals/deprecation.txt
@@ -103,6 +103,8 @@ details on these changes.
* The ``django.contrib.gis.admin.OpenLayersWidget`` will be removed.
+* The ``django.contrib.auth.hashers.CryptPasswordHasher`` will be removed.
+
.. _deprecation-removed-in-4.1:
4.1
diff --git a/docs/releases/4.1.txt b/docs/releases/4.1.txt
index a9e6d71cd1..af129a149e 100644
--- a/docs/releases/4.1.txt
+++ b/docs/releases/4.1.txt
@@ -683,6 +683,8 @@ Miscellaneous
* The undocumented ``django.contrib.gis.admin.OpenLayersWidget`` is deprecated.
+* ``django.contrib.auth.hashers.CryptPasswordHasher`` is deprecated.
+
Features removed in 4.1
=======================
diff --git a/docs/topics/auth/passwords.txt b/docs/topics/auth/passwords.txt
index 33a57a8be5..fbac4e567d 100644
--- a/docs/topics/auth/passwords.txt
+++ b/docs/topics/auth/passwords.txt
@@ -439,7 +439,6 @@ The full list of hashers included in Django is::
'django.contrib.auth.hashers.MD5PasswordHasher',
'django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher',
'django.contrib.auth.hashers.UnsaltedMD5PasswordHasher',
- 'django.contrib.auth.hashers.CryptPasswordHasher',
]
The corresponding algorithm names are:
@@ -454,7 +453,6 @@ The corresponding algorithm names are:
* ``md5``
* ``unsalted_sha1``
* ``unsalted_md5``
-* ``crypt``
.. _write-your-own-password-hasher:
diff --git a/tests/auth_tests/test_hashers.py b/tests/auth_tests/test_hashers.py
index b767c2823d..2faf2499b0 100644
--- a/tests/auth_tests/test_hashers.py
+++ b/tests/auth_tests/test_hashers.py
@@ -18,9 +18,11 @@ from django.contrib.auth.hashers import (
is_password_usable,
make_password,
)
-from django.test import SimpleTestCase
+from django.test import SimpleTestCase, ignore_warnings
from django.test.utils import override_settings
+from django.utils.deprecation import RemovedInDjango50Warning
+# RemovedInDjango50Warning.
try:
import crypt
except ImportError:
@@ -201,6 +203,7 @@ class TestUtilsHashPass(SimpleTestCase):
with self.assertRaisesMessage(ValueError, msg):
hasher.encode("password", salt="salt")
+ @ignore_warnings(category=RemovedInDjango50Warning)
@skipUnless(crypt, "no crypt module to generate password.")
@override_settings(
PASSWORD_HASHERS=["django.contrib.auth.hashers.CryptPasswordHasher"]
@@ -219,6 +222,7 @@ class TestUtilsHashPass(SimpleTestCase):
self.assertTrue(check_password("", blank_encoded))
self.assertFalse(check_password(" ", blank_encoded))
+ @ignore_warnings(category=RemovedInDjango50Warning)
@skipUnless(crypt, "no crypt module to generate password.")
@override_settings(
PASSWORD_HASHERS=["django.contrib.auth.hashers.CryptPasswordHasher"]
@@ -229,6 +233,7 @@ class TestUtilsHashPass(SimpleTestCase):
with self.assertRaisesMessage(ValueError, msg):
hasher.encode("password", salt="a")
+ @ignore_warnings(category=RemovedInDjango50Warning)
@skipUnless(crypt, "no crypt module to generate password.")
@override_settings(
PASSWORD_HASHERS=["django.contrib.auth.hashers.CryptPasswordHasher"]
@@ -240,6 +245,15 @@ class TestUtilsHashPass(SimpleTestCase):
with self.assertRaisesMessage(TypeError, msg):
hasher.encode("password", salt="ab")
+ @skipUnless(crypt, "no crypt module to generate password.")
+ @override_settings(
+ PASSWORD_HASHERS=["django.contrib.auth.hashers.CryptPasswordHasher"]
+ )
+ def test_crypt_deprecation_warning(self):
+ msg = "django.contrib.auth.hashers.CryptPasswordHasher is deprecated."
+ with self.assertRaisesMessage(RemovedInDjango50Warning, msg):
+ get_hasher("crypt")
+
@skipUnless(bcrypt, "bcrypt not installed")
def test_bcrypt_sha256(self):
encoded = make_password("lètmein", hasher="bcrypt_sha256")