summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorMariusz Felisiak <felisiak.mariusz@gmail.com>2020-04-29 16:45:00 +0200
committerGitHub <noreply@github.com>2020-04-29 16:45:00 +0200
commit54646a423b4501aeb80bbdd9238f20500c84cd5f (patch)
treee4c55114664eb0a38fcd51ab14c116885ada86b2 /docs
parent5869afe32b9c252cacd327f18c58e38c36d1f530 (diff)
Refs #27468 -- Made user sessions use SHA-256 algorithm.
Diffstat (limited to 'docs')
-rw-r--r--docs/internals/deprecation.txt3
-rw-r--r--docs/releases/3.1.txt4
-rw-r--r--docs/topics/auth/customizing.txt4
3 files changed, 11 insertions, 0 deletions
diff --git a/docs/internals/deprecation.txt b/docs/internals/deprecation.txt
index 8d3cc62d90..95b0c5a3a1 100644
--- a/docs/internals/deprecation.txt
+++ b/docs/internals/deprecation.txt
@@ -57,6 +57,9 @@ details on these changes.
* Support for the pre-Django 3.1 ``django.core.signing.Signer`` signatures
(encoded with the SHA-1 algorithm) will be removed.
+* Support for the pre-Django 3.1 user sessions (that use the SHA-1 algorithm)
+ will be removed.
+
* The ``get_request`` argument for
``django.utils.deprecation.MiddlewareMixin.__init__()`` will be required and
won't accept ``None``.
diff --git a/docs/releases/3.1.txt b/docs/releases/3.1.txt
index 16cb9c4e6e..1de4f24684 100644
--- a/docs/releases/3.1.txt
+++ b/docs/releases/3.1.txt
@@ -98,6 +98,10 @@ Minor features
* The password reset mechanism now uses the SHA-256 hashing algorithm. Support
for tokens that use the old hashing algorithm remains until Django 4.0.
+* :meth:`.AbstractBaseUser.get_session_auth_hash` now uses the SHA-256 hashing
+ algorithm. Support for user sessions that use the old hashing algorithm
+ remains until Django 4.0.
+
:mod:`django.contrib.contenttypes`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/docs/topics/auth/customizing.txt b/docs/topics/auth/customizing.txt
index c8a9a39158..6b816c42fd 100644
--- a/docs/topics/auth/customizing.txt
+++ b/docs/topics/auth/customizing.txt
@@ -713,6 +713,10 @@ The following attributes and methods are available on any subclass of
Returns an HMAC of the password field. Used for
:ref:`session-invalidation-on-password-change`.
+ .. versionchanged:: 3.1
+
+ The hashing algorithm was changed to the SHA-256.
+
:class:`~models.AbstractUser` subclasses :class:`~models.AbstractBaseUser`:
.. class:: models.AbstractUser