diff options
| author | mimi89999 <michel@lebihan.pl> | 2025-02-09 17:14:08 +0100 |
|---|---|---|
| committer | Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2025-02-18 09:00:31 +0100 |
| commit | cb2ab4ee840e93168d6b4820c5443e1736296ab6 (patch) | |
| tree | 809ba2af65acd3ffcd4e2898683cf45a9425a1c8 | |
| parent | ae391ca368b80e6a3888af859437a5499c451e0c (diff) | |
[5.2.x] Fixed #36179 -- Unhexed entries and removed duplicates in auth/common-passwords.txt.gz.
Backport of 727731d76d9dfd5304d536478d862778f6dd6d9b from main.
| -rw-r--r-- | django/contrib/auth/common-passwords.txt.gz | bin | 82262 -> 80228 bytes | |||
| -rw-r--r-- | django/contrib/auth/password_validation.py | 2 | ||||
| -rw-r--r-- | tests/auth_tests/test_validators.py | 9 |
3 files changed, 10 insertions, 1 deletions
diff --git a/django/contrib/auth/common-passwords.txt.gz b/django/contrib/auth/common-passwords.txt.gz Binary files differindex bc94fdec38..c23afebf30 100644 --- a/django/contrib/auth/common-passwords.txt.gz +++ b/django/contrib/auth/common-passwords.txt.gz diff --git a/django/contrib/auth/password_validation.py b/django/contrib/auth/password_validation.py index d24e69e0ce..8032c72155 100644 --- a/django/contrib/auth/password_validation.py +++ b/django/contrib/auth/password_validation.py @@ -222,7 +222,7 @@ class CommonPasswordValidator: The password is rejected if it occurs in a provided list of passwords, which may be gzipped. The list Django ships with contains 20000 common - passwords (lowercased and deduplicated), created by Royce Williams: + passwords (unhexed, lowercased and deduplicated), created by Royce Williams: https://gist.github.com/roycewilliams/226886fd01572964e1431ac8afc999ce The password list must be lowercased to match the comparison in validate(). """ diff --git a/tests/auth_tests/test_validators.py b/tests/auth_tests/test_validators.py index d7e4968951..d6ee44511d 100644 --- a/tests/auth_tests/test_validators.py +++ b/tests/auth_tests/test_validators.py @@ -273,6 +273,15 @@ class CommonPasswordValidatorTest(SimpleTestCase): CommonPasswordValidator().validate("godzilla") self.assertEqual(cm.exception.messages, [expected_error]) + def test_common_hexed_codes(self): + expected_error = "This password is too common." + common_hexed_passwords = ["asdfjkl:", "ठ:"] + for password in common_hexed_passwords: + with self.subTest(password=password): + with self.assertRaises(ValidationError) as cm: + CommonPasswordValidator().validate(password) + self.assertEqual(cm.exception.messages, [expected_error]) + def test_validate_custom_list(self): path = os.path.join( os.path.dirname(os.path.realpath(__file__)), "common-passwords-custom.txt" |