summaryrefslogtreecommitdiff
path: root/django
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2015-02-26 14:04:24 -0500
committerTim Graham <timograham@gmail.com>2015-03-30 18:52:59 -0400
commitb86abbceb9a96d7a0fe18047c8fcd6fca90a2f3e (patch)
tree30da9fcf251ff7a7cb33a1329e76669c7772de83 /django
parente4cf8c8420634d6f2dc8ce873246256ce635972d (diff)
Fixed #24115 -- Allowed bcrypt hashers to upgrade passwords on rounds change.
Thanks Florian Apolloner for the review.
Diffstat (limited to 'django')
-rw-r--r--django/contrib/auth/hashers.py4
1 files changed, 4 insertions, 0 deletions
diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py
index b56f74f0d9..0188f4a4e7 100644
--- a/django/contrib/auth/hashers.py
+++ b/django/contrib/auth/hashers.py
@@ -337,6 +337,10 @@ class BCryptSHA256PasswordHasher(BasePasswordHasher):
(_('checksum'), mask_hash(checksum)),
])
+ def must_update(self, encoded):
+ algorithm, empty, algostr, rounds, data = encoded.split('$', 4)
+ return int(rounds) != self.rounds
+
class BCryptPasswordHasher(BCryptSHA256PasswordHasher):
"""