diff options
| author | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2021-01-12 20:31:36 +0100 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2021-01-14 17:50:04 +0100 |
| commit | 6b4941dd577c494cfa49dbeacfd33594ae770047 (patch) | |
| tree | bf4948ae43a686ae0e5956d64d7f46cfeb331337 /django | |
| parent | d32a232fe92e0162030c7905f877d8a07c09e6c7 (diff) | |
Refs #27468 -- Removed support for the pre-Django 3.1 user sessions.
Per deprecation timeline.
Diffstat (limited to 'django')
| -rw-r--r-- | django/contrib/auth/__init__.py | 9 | ||||
| -rw-r--r-- | django/contrib/auth/base_user.py | 5 |
2 files changed, 2 insertions, 12 deletions
diff --git a/django/contrib/auth/__init__.py b/django/contrib/auth/__init__.py index cad8eff149..1e15665ced 100644 --- a/django/contrib/auth/__init__.py +++ b/django/contrib/auth/__init__.py @@ -190,13 +190,8 @@ def get_user(request): user.get_session_auth_hash() ) if not session_hash_verified: - if not ( - session_hash and - hasattr(user, '_legacy_get_session_auth_hash') and - constant_time_compare(session_hash, user._legacy_get_session_auth_hash()) - ): - request.session.flush() - user = None + request.session.flush() + user = None return user or AnonymousUser() diff --git a/django/contrib/auth/base_user.py b/django/contrib/auth/base_user.py index 3a4a64ee19..26145a7e50 100644 --- a/django/contrib/auth/base_user.py +++ b/django/contrib/auth/base_user.py @@ -121,11 +121,6 @@ class AbstractBaseUser(models.Model): """ return is_password_usable(self.password) - def _legacy_get_session_auth_hash(self): - # RemovedInDjango40Warning: pre-Django 3.1 hashes will be invalid. - key_salt = 'django.contrib.auth.models.AbstractBaseUser.get_session_auth_hash' - return salted_hmac(key_salt, self.password, algorithm='sha1').hexdigest() - def get_session_auth_hash(self): """ Return an HMAC of the password field. |
