From 8aa71f4e8706b6b3e4e60aaffb29d004e1378ae3 Mon Sep 17 00:00:00 2001 From: Hasan Ramezani Date: Thu, 26 Mar 2020 13:23:32 +0100 Subject: Fixed #31375 -- Made contrib.auth.hashers.make_password() accept only bytes or strings. --- django/contrib/auth/hashers.py | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'django') diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py index c8cf0d3bf8..66fb94e7af 100644 --- a/django/contrib/auth/hashers.py +++ b/django/contrib/auth/hashers.py @@ -72,6 +72,11 @@ def make_password(password, salt=None, hasher='default'): """ if password is None: return UNUSABLE_PASSWORD_PREFIX + get_random_string(UNUSABLE_PASSWORD_SUFFIX_LENGTH) + if not isinstance(password, (bytes, str)): + raise TypeError( + 'Password must be a string or bytes, got %s.' + % type(password).__qualname__ + ) hasher = get_hasher(hasher) salt = salt or hasher.salt() return hasher.encode(password, salt) -- cgit v1.3