summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--django/contrib/comments/forms.py14
-rw-r--r--tests/regressiontests/comment_tests/tests/comment_form_tests.py18
2 files changed, 1 insertions, 31 deletions
diff --git a/django/contrib/comments/forms.py b/django/contrib/comments/forms.py
index a0cfc2452c..d497572488 100644
--- a/django/contrib/comments/forms.py
+++ b/django/contrib/comments/forms.py
@@ -1,5 +1,4 @@
import datetime
-import hashlib
import time
from django import forms
from django.forms.util import ErrorDict
@@ -47,12 +46,7 @@ class CommentSecurityForm(forms.Form):
expected_hash = self.generate_security_hash(**security_hash_dict)
actual_hash = self.cleaned_data["security_hash"]
if not constant_time_compare(expected_hash, actual_hash):
- # Fallback to Django 1.2 method for compatibility
- # PendingDeprecationWarning <- here to remind us to remove this
- # fallback in Django 1.5
- expected_hash_old = self._generate_security_hash_old(**security_hash_dict)
- if not constant_time_compare(expected_hash_old, actual_hash):
- raise forms.ValidationError("Security hash check failed.")
+ raise forms.ValidationError("Security hash check failed.")
return actual_hash
def clean_timestamp(self):
@@ -95,12 +89,6 @@ class CommentSecurityForm(forms.Form):
value = "-".join(info)
return salted_hmac(key_salt, value).hexdigest()
- def _generate_security_hash_old(self, content_type, object_pk, timestamp):
- """Generate a (SHA1) security hash from the provided info."""
- # Django 1.2 compatibility
- info = (content_type, object_pk, timestamp, settings.SECRET_KEY)
- return hashlib.sha1("".join(info)).hexdigest()
-
class CommentDetailsForm(CommentSecurityForm):
"""
Handles the specific details of the comment (name, comment, etc.).
diff --git a/tests/regressiontests/comment_tests/tests/comment_form_tests.py b/tests/regressiontests/comment_tests/tests/comment_form_tests.py
index 956ca53bfd..2c5e1fe551 100644
--- a/tests/regressiontests/comment_tests/tests/comment_form_tests.py
+++ b/tests/regressiontests/comment_tests/tests/comment_form_tests.py
@@ -1,4 +1,3 @@
-import hashlib
import time
from django.conf import settings
@@ -46,23 +45,6 @@ class CommentFormTests(CommentTestCase):
def testObjectPKTampering(self):
self.tamperWithForm(object_pk="3")
- def testDjango12Hash(self):
- # Ensure we can use the hashes generated by Django 1.2
- a = Article.objects.get(pk=1)
- d = self.getValidData(a)
-
- content_type = d['content_type']
- object_pk = d['object_pk']
- timestamp = d['timestamp']
-
- # The Django 1.2 method hard-coded here:
- info = (content_type, object_pk, timestamp, settings.SECRET_KEY)
- security_hash = hashlib.sha1("".join(info)).hexdigest()
-
- d['security_hash'] = security_hash
- f = CommentForm(a, data=d)
- self.assertTrue(f.is_valid(), f.errors)
-
def testSecurityErrors(self):
f = self.tamperWithForm(honeypot="I am a robot")
self.assertTrue("honeypot" in f.security_errors())