diff options
| author | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-04-29 16:45:00 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-29 16:45:00 +0200 |
| commit | 54646a423b4501aeb80bbdd9238f20500c84cd5f (patch) | |
| tree | e4c55114664eb0a38fcd51ab14c116885ada86b2 /docs | |
| parent | 5869afe32b9c252cacd327f18c58e38c36d1f530 (diff) | |
Refs #27468 -- Made user sessions use SHA-256 algorithm.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/internals/deprecation.txt | 3 | ||||
| -rw-r--r-- | docs/releases/3.1.txt | 4 | ||||
| -rw-r--r-- | docs/topics/auth/customizing.txt | 4 |
3 files changed, 11 insertions, 0 deletions
diff --git a/docs/internals/deprecation.txt b/docs/internals/deprecation.txt index 8d3cc62d90..95b0c5a3a1 100644 --- a/docs/internals/deprecation.txt +++ b/docs/internals/deprecation.txt @@ -57,6 +57,9 @@ details on these changes. * Support for the pre-Django 3.1 ``django.core.signing.Signer`` signatures (encoded with the SHA-1 algorithm) will be removed. +* Support for the pre-Django 3.1 user sessions (that use the SHA-1 algorithm) + will be removed. + * The ``get_request`` argument for ``django.utils.deprecation.MiddlewareMixin.__init__()`` will be required and won't accept ``None``. diff --git a/docs/releases/3.1.txt b/docs/releases/3.1.txt index 16cb9c4e6e..1de4f24684 100644 --- a/docs/releases/3.1.txt +++ b/docs/releases/3.1.txt @@ -98,6 +98,10 @@ Minor features * The password reset mechanism now uses the SHA-256 hashing algorithm. Support for tokens that use the old hashing algorithm remains until Django 4.0. +* :meth:`.AbstractBaseUser.get_session_auth_hash` now uses the SHA-256 hashing + algorithm. Support for user sessions that use the old hashing algorithm + remains until Django 4.0. + :mod:`django.contrib.contenttypes` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/docs/topics/auth/customizing.txt b/docs/topics/auth/customizing.txt index c8a9a39158..6b816c42fd 100644 --- a/docs/topics/auth/customizing.txt +++ b/docs/topics/auth/customizing.txt @@ -713,6 +713,10 @@ The following attributes and methods are available on any subclass of Returns an HMAC of the password field. Used for :ref:`session-invalidation-on-password-change`. + .. versionchanged:: 3.1 + + The hashing algorithm was changed to the SHA-256. + :class:`~models.AbstractUser` subclasses :class:`~models.AbstractBaseUser`: .. class:: models.AbstractUser |
