summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMathew Payne <2772944+GeekMasher@users.noreply.github.com>2018-11-15 19:11:03 +0000
committerTim Graham <timograham@gmail.com>2018-11-15 14:11:03 -0500
commit26bb2611a567d43bc258aa7806eef766b7adcfe5 (patch)
treebe060089e750c37274b8725eaf40b8a27b83a56b
parent9b15ff08ba638a7070fb51c1ab4c01e245556ae8 (diff)
Fixed #29952 -- Lowercased all passwords in contrib.auth's auth/common-passwords.txt.gz.
-rw-r--r--django/contrib/auth/common-passwords.txt.gzbin82603 -> 81355 bytes
-rw-r--r--django/contrib/auth/password_validation.py8
-rw-r--r--docs/releases/2.1.4.txt4
-rw-r--r--tests/auth_tests/test_validators.py5
4 files changed, 13 insertions, 4 deletions
diff --git a/django/contrib/auth/common-passwords.txt.gz b/django/contrib/auth/common-passwords.txt.gz
index 87cdd596f4..e758dbe9a7 100644
--- a/django/contrib/auth/common-passwords.txt.gz
+++ b/django/contrib/auth/common-passwords.txt.gz
Binary files differ
diff --git a/django/contrib/auth/password_validation.py b/django/contrib/auth/password_validation.py
index d270ab7173..948ded6dbc 100644
--- a/django/contrib/auth/password_validation.py
+++ b/django/contrib/auth/password_validation.py
@@ -161,9 +161,11 @@ class CommonPasswordValidator:
"""
Validate whether the password is a common password.
- The password is rejected if it occurs in a provided list, which may be gzipped.
- The list Django ships with contains 20000 common passwords, created by
- Royce Williams: https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7
+ The password is rejected if it occurs in a provided list of passwords,
+ which may be gzipped. The list Django ships with contains 20000 common
+ passwords (lowercased and deduplicated), created by Royce Williams:
+ https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7
+ The password list must be lowercased to match the comparison in validate().
"""
DEFAULT_PASSWORD_LIST_PATH = Path(__file__).resolve().parent / 'common-passwords.txt.gz'
diff --git a/docs/releases/2.1.4.txt b/docs/releases/2.1.4.txt
index 274b5ede07..6f05a04357 100644
--- a/docs/releases/2.1.4.txt
+++ b/docs/releases/2.1.4.txt
@@ -9,4 +9,6 @@ Django 2.1.4 fixes several bugs in 2.1.3.
Bugfixes
========
-* ...
+* Corrected the default password list that ``CommonPasswordValidator`` uses by
+ lowercasing all passwords to match the format expected by the validator
+ (:ticket:`29952`).
diff --git a/tests/auth_tests/test_validators.py b/tests/auth_tests/test_validators.py
index e50da39663..b29f64766b 100644
--- a/tests/auth_tests/test_validators.py
+++ b/tests/auth_tests/test_validators.py
@@ -202,6 +202,11 @@ class CommonPasswordValidatorTest(TestCase):
self.assertEqual(cm.exception.messages, [expected_error])
self.assertEqual(cm.exception.error_list[0].code, 'password_too_common')
+ def test_validate_django_supplied_file(self):
+ validator = CommonPasswordValidator()
+ for password in validator.passwords:
+ self.assertEqual(password, password.lower())
+
def test_help_text(self):
self.assertEqual(
CommonPasswordValidator().get_help_text(),