Fixed #36546 -- Deprecated django.utils.crypto.constant_time_compare() in favor of hmac.compare_digest().

Signed-off-by: SaJH <wogur981208@gmail.com>
author: SaJH <wogur981208@gmail.com> 2025-08-22 15:32:09 +0200
committer: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> 2025-08-25 14:45:16 +0200
commit: 0246f478882c26bc1fe293224653074cd46a90d0 (patch)
tree: ed94f807ae565c16be1ad634654bae98ea7596a9 /django/utils
parent: 3ba24c18e70dd242ae237fd955fb8be30f99bc4d (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/django/utils/crypto.py b/django/utils/crypto.py
index 4b8146695a..b6145709c3 100644
--- a/django/utils/crypto.py
+++ b/django/utils/crypto.py
@@ -5,8 +5,10 @@ Django's standard crypto functions and utilities.
 import hashlib
 import hmac
 import secrets
+import warnings
 
 from django.conf import settings
+from django.utils.deprecation import RemovedInDjango70Warning
 from django.utils.encoding import force_bytes
 
 
@@ -64,7 +66,12 @@ def get_random_string(length, allowed_chars=RANDOM_STRING_CHARS):
 
 def constant_time_compare(val1, val2):
     """Return True if the two strings are equal, False otherwise."""
-    return secrets.compare_digest(force_bytes(val1), force_bytes(val2))
+    warnings.warn(
+        "constant_time_compare() is deprecated. Use hmac.compare_digest() instead.",
+        RemovedInDjango70Warning,
+        stacklevel=2,
+    )
+    return hmac.compare_digest(val1, val2)
 
 
 def pbkdf2(password, salt, iterations, dklen=0, digest=None):
author	SaJH <wogur981208@gmail.com>	2025-08-22 15:32:09 +0200
committer	Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>	2025-08-25 14:45:16 +0200
commit	0246f478882c26bc1fe293224653074cd46a90d0 (patch)
tree	ed94f807ae565c16be1ad634654bae98ea7596a9 /django/utils
parent	3ba24c18e70dd242ae237fd955fb8be30f99bc4d (diff)