diff options
| author | Claude Paroz <claude@2xlibre.net> | 2022-07-23 12:45:24 +0200 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2022-07-23 21:29:31 +0200 |
| commit | 3b79dab19a2300a4884a3d81baa6c7c1f2dee059 (patch) | |
| tree | 325e7d980634e695bee88b6a1ccb2e48c14660da /django | |
| parent | a46dfa87d0ba690125be98f7f1b77062a1794fdc (diff) | |
Refs #33691 -- Deprecated insecure password hashers.
SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher
are now deprecated.
Diffstat (limited to 'django')
| -rw-r--r-- | django/contrib/auth/hashers.py | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py index 10c9079200..432c624483 100644 --- a/django/contrib/auth/hashers.py +++ b/django/contrib/auth/hashers.py @@ -17,7 +17,7 @@ from django.utils.crypto import ( md5, pbkdf2, ) -from django.utils.deprecation import RemovedInDjango50Warning +from django.utils.deprecation import RemovedInDjango50Warning, RemovedInDjango51Warning from django.utils.module_loading import import_string from django.utils.translation import gettext_noop as _ @@ -624,6 +624,7 @@ class ScryptPasswordHasher(BasePasswordHasher): pass +# RemovedInDjango51Warning. class SHA1PasswordHasher(BasePasswordHasher): """ The SHA1 password hashing algorithm (not recommended) @@ -631,6 +632,14 @@ class SHA1PasswordHasher(BasePasswordHasher): algorithm = "sha1" + def __init__(self, *args, **kwargs): + warnings.warn( + "django.contrib.auth.hashers.SHA1PasswordHasher is deprecated.", + RemovedInDjango51Warning, + stacklevel=2, + ) + super().__init__(*args, **kwargs) + def encode(self, password, salt): self._check_encode_args(password, salt) hash = hashlib.sha1((salt + password).encode()).hexdigest() @@ -708,6 +717,7 @@ class MD5PasswordHasher(BasePasswordHasher): pass +# RemovedInDjango51Warning. class UnsaltedSHA1PasswordHasher(BasePasswordHasher): """ Very insecure algorithm that you should *never* use; store SHA1 hashes @@ -720,6 +730,14 @@ class UnsaltedSHA1PasswordHasher(BasePasswordHasher): algorithm = "unsalted_sha1" + def __init__(self, *args, **kwargs): + warnings.warn( + "django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher is deprecated.", + RemovedInDjango51Warning, + stacklevel=2, + ) + super().__init__(*args, **kwargs) + def salt(self): return "" @@ -752,6 +770,7 @@ class UnsaltedSHA1PasswordHasher(BasePasswordHasher): pass +# RemovedInDjango51Warning. class UnsaltedMD5PasswordHasher(BasePasswordHasher): """ Incredibly insecure algorithm that you should *never* use; stores unsalted @@ -766,6 +785,14 @@ class UnsaltedMD5PasswordHasher(BasePasswordHasher): algorithm = "unsalted_md5" + def __init__(self, *args, **kwargs): + warnings.warn( + "django.contrib.auth.hashers.UnsaltedMD5PasswordHasher is deprecated.", + RemovedInDjango51Warning, + stacklevel=2, + ) + super().__init__(*args, **kwargs) + def salt(self): return "" |
