diff options
| author | Simon Charette <charette.s@gmail.com> | 2013-07-03 13:13:47 -0400 |
|---|---|---|
| committer | Simon Charette <charette.s@gmail.com> | 2013-07-03 14:12:56 -0400 |
| commit | 2de0d4c4523ca3d1d6744ba0f22b8ef33bedfa03 (patch) | |
| tree | b7667c736ed4da64b5f08df79c771a4200699c1d | |
| parent | 75041d5ea3821912abf8b9d1cd5477228a78cb23 (diff) | |
[1.6.x] Fixed #20675 -- `check_password` should work when no password is specified.
The regression was introduced by 2c4fe761a. refs #20593.
Backport of 8759778185 from master.
| -rw-r--r-- | django/contrib/auth/hashers.py | 5 | ||||
| -rw-r--r-- | django/contrib/auth/tests/test_hashers.py | 7 |
2 files changed, 10 insertions, 2 deletions
diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py index 87e4218a8f..7656b50437 100644 --- a/django/contrib/auth/hashers.py +++ b/django/contrib/auth/hashers.py @@ -22,6 +22,7 @@ UNUSABLE_PASSWORD_SUFFIX_LENGTH = 40 # number of random chars to add after UNUS HASHERS = None # lazily loaded from PASSWORD_HASHERS PREFERRED_HASHER = None # defaults to first item in PASSWORD_HASHERS + @receiver(setting_changed) def reset_hashers(**kwargs): if kwargs['setting'] == 'PASSWORD_HASHERS': @@ -34,7 +35,7 @@ def is_password_usable(encoded): if encoded is None or encoded.startswith(UNUSABLE_PASSWORD_PREFIX): return False try: - hasher = identify_hasher(encoded) + identify_hasher(encoded) except ValueError: return False return True @@ -48,7 +49,7 @@ def check_password(password, encoded, setter=None, preferred='default'): If setter is specified, it'll be called when you need to regenerate the password. """ - if not is_password_usable(encoded): + if password is None or not is_password_usable(encoded): return False preferred = get_hasher(preferred) diff --git a/django/contrib/auth/tests/test_hashers.py b/django/contrib/auth/tests/test_hashers.py index 9b7811a335..819e41a2f1 100644 --- a/django/contrib/auth/tests/test_hashers.py +++ b/django/contrib/auth/tests/test_hashers.py @@ -186,6 +186,13 @@ class TestUtilsHashPass(unittest.TestCase): # This might fail one day due to a hash collision. self.assertNotEqual(encoded, make_password(None), "Random password collision?") + def test_unspecified_password(self): + """ + Makes sure specifying no plain password with a valid encoded password + returns `False`. + """ + self.assertFalse(check_password(None, make_password('lètmein'))) + def test_bad_algorithm(self): with self.assertRaises(ValueError): make_password('lètmein', hasher='lolcat') |
