From b86abbceb9a96d7a0fe18047c8fcd6fca90a2f3e Mon Sep 17 00:00:00 2001 From: Tim Graham Date: Thu, 26 Feb 2015 14:04:24 -0500 Subject: Fixed #24115 -- Allowed bcrypt hashers to upgrade passwords on rounds change. Thanks Florian Apolloner for the review. --- django/contrib/auth/hashers.py | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'django') diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py index b56f74f0d9..0188f4a4e7 100644 --- a/django/contrib/auth/hashers.py +++ b/django/contrib/auth/hashers.py @@ -337,6 +337,10 @@ class BCryptSHA256PasswordHasher(BasePasswordHasher): (_('checksum'), mask_hash(checksum)), ]) + def must_update(self, encoded): + algorithm, empty, algostr, rounds, data = encoded.split('$', 4) + return int(rounds) != self.rounds + class BCryptPasswordHasher(BCryptSHA256PasswordHasher): """ -- cgit v1.3