summaryrefslogtreecommitdiff
path: root/django
diff options
context:
space:
mode:
authorMariusz Felisiak <felisiak.mariusz@gmail.com>2021-01-12 20:31:36 +0100
committerMariusz Felisiak <felisiak.mariusz@gmail.com>2021-01-14 17:50:04 +0100
commit6b4941dd577c494cfa49dbeacfd33594ae770047 (patch)
treebf4948ae43a686ae0e5956d64d7f46cfeb331337 /django
parentd32a232fe92e0162030c7905f877d8a07c09e6c7 (diff)
Refs #27468 -- Removed support for the pre-Django 3.1 user sessions.
Per deprecation timeline.
Diffstat (limited to 'django')
-rw-r--r--django/contrib/auth/__init__.py9
-rw-r--r--django/contrib/auth/base_user.py5
2 files changed, 2 insertions, 12 deletions
diff --git a/django/contrib/auth/__init__.py b/django/contrib/auth/__init__.py
index cad8eff149..1e15665ced 100644
--- a/django/contrib/auth/__init__.py
+++ b/django/contrib/auth/__init__.py
@@ -190,13 +190,8 @@ def get_user(request):
user.get_session_auth_hash()
)
if not session_hash_verified:
- if not (
- session_hash and
- hasattr(user, '_legacy_get_session_auth_hash') and
- constant_time_compare(session_hash, user._legacy_get_session_auth_hash())
- ):
- request.session.flush()
- user = None
+ request.session.flush()
+ user = None
return user or AnonymousUser()
diff --git a/django/contrib/auth/base_user.py b/django/contrib/auth/base_user.py
index 3a4a64ee19..26145a7e50 100644
--- a/django/contrib/auth/base_user.py
+++ b/django/contrib/auth/base_user.py
@@ -121,11 +121,6 @@ class AbstractBaseUser(models.Model):
"""
return is_password_usable(self.password)
- def _legacy_get_session_auth_hash(self):
- # RemovedInDjango40Warning: pre-Django 3.1 hashes will be invalid.
- key_salt = 'django.contrib.auth.models.AbstractBaseUser.get_session_auth_hash'
- return salted_hmac(key_salt, self.password, algorithm='sha1').hexdigest()
-
def get_session_auth_hash(self):
"""
Return an HMAC of the password field.