diff options
| author | Hasan Ramezani <hasan.r67@gmail.com> | 2020-03-26 13:23:32 +0100 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-03-31 10:52:56 +0200 |
| commit | 8aa71f4e8706b6b3e4e60aaffb29d004e1378ae3 (patch) | |
| tree | 9b8b61af27e03bc07a5ee4b95f380b525ff7c5df /django | |
| parent | b3ab92cc5ad5e851692f36432465a9150e8b3313 (diff) | |
Fixed #31375 -- Made contrib.auth.hashers.make_password() accept only bytes or strings.
Diffstat (limited to 'django')
| -rw-r--r-- | django/contrib/auth/hashers.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py index c8cf0d3bf8..66fb94e7af 100644 --- a/django/contrib/auth/hashers.py +++ b/django/contrib/auth/hashers.py @@ -72,6 +72,11 @@ def make_password(password, salt=None, hasher='default'): """ if password is None: return UNUSABLE_PASSWORD_PREFIX + get_random_string(UNUSABLE_PASSWORD_SUFFIX_LENGTH) + if not isinstance(password, (bytes, str)): + raise TypeError( + 'Password must be a string or bytes, got %s.' + % type(password).__qualname__ + ) hasher = get_hasher(hasher) salt = salt or hasher.salt() return hasher.encode(password, salt) |