summaryrefslogtreecommitdiff
path: root/tests/auth_tests/test_hashers.py
AgeCommit message (Collapse)Author
2023-02-04[4.2.x] Increased the default PBKDF2 iterations for Django 4.2.Mariusz Felisiak
See https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2. Thanks Markus Holtermann for the report.
2022-10-20Skipped scrypt tests when OpenSSL 1.1+ is not installed.HieuPham9720
2022-07-23Refs #33691 -- Deprecated insecure password hashers.Claude Paroz
SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher are now deprecated.
2022-05-17Increased the default PBKDF2 iterations for Django 4.2.Carlton Gibson
2022-05-11Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher.Mariusz Felisiak
2022-02-07Refs #33476 -- Refactored code to strictly match 88 characters line length.Mariusz Felisiak
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2021-09-20Increased the default PBKDF2 iterations for Django 4.1.Mariusz Felisiak
2021-09-06Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in ↵Mateo Radman
encode() methods of remaining password hashers.
2021-07-22Fixed #32275 -- Added scrypt password hasher.ryowright
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-22Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in ↵Mariusz Felisiak
encode() methods of some password hashers.
2021-01-14Increased the default PBKDF2 iterations for Django 4.0.Mariusz Felisiak
2021-01-14Fixed #31358 -- Increased salt entropy of password hashers.Jon Moroney
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
2021-01-14Refs #31358 -- Added bcrypt password hashers tests for must_update() with ↵Jon Moroney
salt().
2020-12-28Refs #31358 -- Fixed decoding salt in Argon2PasswordHasher.Florian Apolloner
Argon2 encodes the salt as base64 for representation in the final hash output. To be able to accurately return the used salt from decode(), add padding, b64decode, and decode from latin1 (for the remote possibility that someone supplied a custom hash consisting solely of bytes -- this would require a manual construction of the hash though, Django's interface does not allow for that).
2020-06-23Refs #31358 -- Added decode() to password hashers.Jon Moroney
By convention a hasher which does not use a salt should populate the decode dict with `None` rather than omit the dict key. Co-Authored-By: Florian Apolloner <apollo13@users.noreply.github.com>
2020-06-17Fixed #30472 -- Made Argon2PasswordHasher use Argon2id.Florian Apolloner
2020-06-17Added test for old Argon2i hashes with version attribute.Florian Apolloner
2020-05-13Increased the default PBKDF2 iterations for Django 3.2.Mariusz Felisiak
2020-03-31Fixed #31375 -- Made contrib.auth.hashers.make_password() accept only bytes ↵Hasan Ramezani
or strings.
2020-03-31Refs #31375 -- Added test for contrib.auth.hashers.make_password() bytes ↵Hasan Ramezani
support.
2020-01-30Replaced assertWarns() with SimpleTestCase.assertWarnsMessage() in tests.Hasan Ramezani
2020-01-03Refs #31040 -- Fixed crypt.crypt() call in test_hashers.py.Mariusz Felisiak
An empty string is invalid salt in Python 3 and raises exception since Python 3.9, see https://bugs.python.org/issue38402.
2019-09-12Increased the default PBKDF2 iterations for Django 3.1.Carlton Gibson
2019-01-17Increased the default PBKDF2 iterations for Django 3.0.Tim Graham
2018-05-17Increased the default PBKDF2 iterations for Django 2.2.Tim Graham
2018-05-13Increased the default PBKDF2 iterations for Django 2.1.Tim Graham
2018-03-22Fixed #28718 -- Allowed user to request a password reset if their password ↵Tim Graham
doesn't use an enabled hasher. Regression in aeb1389442d0f9669edf6660b747fd10693b63a7. Reverted changes to is_password_usable() from 703c266682be39f7153498ad0d8031231f12ee79 and documentation changes from 92f48680dbd2e02f2b33f6ad0e35b7d337889fb2.
2018-02-26Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS.Tim Graham
2018-02-07Refs #27795 -- Removed force_bytes/text() usage in tests.Tim Graham
2017-09-29Completed test coverage for BasePasswordHasher.Mads Jensen
2017-09-29Moved BasePasswordHasher tests to its own test case.Mads Jensen
2017-05-24Refs #27804 -- Used subTest() in several tests.Bruno Alla
2017-01-25Refs #23919 -- Removed misc Python 2/3 references.Tim Graham
2017-01-20Refs #23919 -- Removed django.test.mock Python 2 compatibility shim.Tim Graham
2017-01-20Refs #23919 -- Simplified assertRaisesRegex()'s that accounted for Python 2.Tim Graham
2017-01-19Refs #23919 -- Removed str() conversion of type and method __name__.Simon Charette
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
2017-01-17Increased the default PBKDF2 iterations for the 1.11 release cycle.Tim Graham
2016-12-07Fixed #27579 -- Added aliases for Python 3's assertion names in SimpleTestCase.Tim Graham
2016-11-10Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings.za
2016-05-20Increased the default PBKDF2 iterations.Tim Graham
2016-04-25Refs #26033 -- Added password hasher support for Argon2 v1.3.Bas Westerbaan
The previous version of Argon2 uses encoded hashes of the form: $argon2d$m=8,t=1,p=1$<salt>$<data> The new version of Argon2 adds its version into the hash: $argon2d$v=19$m=8,t=1,p=1$<salt>$<data> This lets Django handle both version properly.
2016-04-08Fixed E128 flake8 warnings in tests/.Tim Graham
2016-03-22Fixed #26395 -- Skipped the CryptPasswordHasher tests on platforms with a ↵Tim Graham
dummy crypt module.
2016-03-08Fixed #26033 -- Added Argon2 password hasher.Bas Westerbaan
2016-03-01Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.Florian Apolloner
This is a security fix.
2016-02-22Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS.Tim Graham
2016-01-29Refs #26022 -- Used context manager version of assertRaises in tests.Hasan
2015-09-23Increased the default PBKDF2 iterations for the 1.10 release cycle.Tim Graham