summaryrefslogtreecommitdiff
path: root/django
diff options
context:
space:
mode:
authorClaude Paroz <claude@2xlibre.net>2022-07-23 12:45:24 +0200
committerMariusz Felisiak <felisiak.mariusz@gmail.com>2022-07-23 21:29:31 +0200
commit3b79dab19a2300a4884a3d81baa6c7c1f2dee059 (patch)
tree325e7d980634e695bee88b6a1ccb2e48c14660da /django
parenta46dfa87d0ba690125be98f7f1b77062a1794fdc (diff)
Refs #33691 -- Deprecated insecure password hashers.
SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher are now deprecated.
Diffstat (limited to 'django')
-rw-r--r--django/contrib/auth/hashers.py29
1 files changed, 28 insertions, 1 deletions
diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py
index 10c9079200..432c624483 100644
--- a/django/contrib/auth/hashers.py
+++ b/django/contrib/auth/hashers.py
@@ -17,7 +17,7 @@ from django.utils.crypto import (
md5,
pbkdf2,
)
-from django.utils.deprecation import RemovedInDjango50Warning
+from django.utils.deprecation import RemovedInDjango50Warning, RemovedInDjango51Warning
from django.utils.module_loading import import_string
from django.utils.translation import gettext_noop as _
@@ -624,6 +624,7 @@ class ScryptPasswordHasher(BasePasswordHasher):
pass
+# RemovedInDjango51Warning.
class SHA1PasswordHasher(BasePasswordHasher):
"""
The SHA1 password hashing algorithm (not recommended)
@@ -631,6 +632,14 @@ class SHA1PasswordHasher(BasePasswordHasher):
algorithm = "sha1"
+ def __init__(self, *args, **kwargs):
+ warnings.warn(
+ "django.contrib.auth.hashers.SHA1PasswordHasher is deprecated.",
+ RemovedInDjango51Warning,
+ stacklevel=2,
+ )
+ super().__init__(*args, **kwargs)
+
def encode(self, password, salt):
self._check_encode_args(password, salt)
hash = hashlib.sha1((salt + password).encode()).hexdigest()
@@ -708,6 +717,7 @@ class MD5PasswordHasher(BasePasswordHasher):
pass
+# RemovedInDjango51Warning.
class UnsaltedSHA1PasswordHasher(BasePasswordHasher):
"""
Very insecure algorithm that you should *never* use; store SHA1 hashes
@@ -720,6 +730,14 @@ class UnsaltedSHA1PasswordHasher(BasePasswordHasher):
algorithm = "unsalted_sha1"
+ def __init__(self, *args, **kwargs):
+ warnings.warn(
+ "django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher is deprecated.",
+ RemovedInDjango51Warning,
+ stacklevel=2,
+ )
+ super().__init__(*args, **kwargs)
+
def salt(self):
return ""
@@ -752,6 +770,7 @@ class UnsaltedSHA1PasswordHasher(BasePasswordHasher):
pass
+# RemovedInDjango51Warning.
class UnsaltedMD5PasswordHasher(BasePasswordHasher):
"""
Incredibly insecure algorithm that you should *never* use; stores unsalted
@@ -766,6 +785,14 @@ class UnsaltedMD5PasswordHasher(BasePasswordHasher):
algorithm = "unsalted_md5"
+ def __init__(self, *args, **kwargs):
+ warnings.warn(
+ "django.contrib.auth.hashers.UnsaltedMD5PasswordHasher is deprecated.",
+ RemovedInDjango51Warning,
+ stacklevel=2,
+ )
+ super().__init__(*args, **kwargs)
+
def salt(self):
return ""