Fixed #28718 -- Allowed user to request a password reset if their password doesn't use an enabled hasher.

Regression in aeb1389442d0f9669edf6660b747fd10693b63a7. Reverted changes to is_password_usable() from 703c266682be39f7153498ad0d8031231f12ee79 and documentation changes from 92f48680dbd2e02f2b33f6ad0e35b7d337889fb2.
author: Tim Graham <timograham@gmail.com> 2018-03-20 17:19:27 -0400
committer: Tim Graham <timograham@gmail.com> 2018-03-22 10:03:43 -0400
commit: a4f0e9aec76ee40c938d3bf450ff63211b7ba1f1 (patch)
tree: 65c8d99ed6a2ef86f6ff4773c87900a349e1c735 /django/contrib/auth/base_user.py
parent: d97cce34096043b019e818a7fb98c0f9f073704c (diff)
1 files changed, 1 insertions, 3 deletions
diff --git a/django/contrib/auth/base_user.py b/django/contrib/auth/base_user.py
index a165677f4c..7e3161bd98 100644
--- a/django/contrib/auth/base_user.py
+++ b/django/contrib/auth/base_user.py
@@ -116,9 +116,7 @@ class AbstractBaseUser(models.Model):
 
     def has_usable_password(self):
         """
-        Return False if set_unusable_password() has been called for this user,
-        or if the password is None, or if the password uses a hasher that's not
-        in the PASSWORD_HASHERS setting.
+        Return False if set_unusable_password() has been called for this user.
         """
         return is_password_usable(self.password)
author	Tim Graham <timograham@gmail.com>	2018-03-20 17:19:27 -0400
committer	Tim Graham <timograham@gmail.com>	2018-03-22 10:03:43 -0400
commit	a4f0e9aec76ee40c938d3bf450ff63211b7ba1f1 (patch)
tree	65c8d99ed6a2ef86f6ff4773c87900a349e1c735 /django/contrib/auth/base_user.py
parent	d97cce34096043b019e818a7fb98c0f9f073704c (diff)