summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--django/contrib/auth/hashers.py5
-rw-r--r--django/contrib/auth/tests/test_hashers.py7
2 files changed, 10 insertions, 2 deletions
diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py
index 87e4218a8f..7656b50437 100644
--- a/django/contrib/auth/hashers.py
+++ b/django/contrib/auth/hashers.py
@@ -22,6 +22,7 @@ UNUSABLE_PASSWORD_SUFFIX_LENGTH = 40 # number of random chars to add after UNUS
HASHERS = None # lazily loaded from PASSWORD_HASHERS
PREFERRED_HASHER = None # defaults to first item in PASSWORD_HASHERS
+
@receiver(setting_changed)
def reset_hashers(**kwargs):
if kwargs['setting'] == 'PASSWORD_HASHERS':
@@ -34,7 +35,7 @@ def is_password_usable(encoded):
if encoded is None or encoded.startswith(UNUSABLE_PASSWORD_PREFIX):
return False
try:
- hasher = identify_hasher(encoded)
+ identify_hasher(encoded)
except ValueError:
return False
return True
@@ -48,7 +49,7 @@ def check_password(password, encoded, setter=None, preferred='default'):
If setter is specified, it'll be called when you need to
regenerate the password.
"""
- if not is_password_usable(encoded):
+ if password is None or not is_password_usable(encoded):
return False
preferred = get_hasher(preferred)
diff --git a/django/contrib/auth/tests/test_hashers.py b/django/contrib/auth/tests/test_hashers.py
index 9b7811a335..819e41a2f1 100644
--- a/django/contrib/auth/tests/test_hashers.py
+++ b/django/contrib/auth/tests/test_hashers.py
@@ -186,6 +186,13 @@ class TestUtilsHashPass(unittest.TestCase):
# This might fail one day due to a hash collision.
self.assertNotEqual(encoded, make_password(None), "Random password collision?")
+ def test_unspecified_password(self):
+ """
+ Makes sure specifying no plain password with a valid encoded password
+ returns `False`.
+ """
+ self.assertFalse(check_password(None, make_password('lètmein')))
+
def test_bad_algorithm(self):
with self.assertRaises(ValueError):
make_password('lètmein', hasher='lolcat')