Fixed #31842 -- Added DEFAULT_HASHING_ALGORITHM transitional setting.

It's a transitional setting helpful in migrating multiple instance of
the same project to Django 3.1+.

Thanks Markus Holtermann for the report and review, Florian
Apolloner for the implementation idea and review, and Carlton Gibson
for the review.

1 files changed, 9 insertions, 1 deletions

diff --git a/tests/auth_tests/test_middleware.py b/tests/auth_tests/test_middleware.py
index fb23ed9fba..b6151acb19 100644
--- a/tests/auth_tests/test_middleware.py
+++ b/tests/auth_tests/test_middleware.py
@@ -2,7 +2,9 @@ from django.contrib.auth import HASH_SESSION_KEY
 from django.contrib.auth.middleware import AuthenticationMiddleware
 from django.contrib.auth.models import User
 from django.http import HttpRequest, HttpResponse
-from django.test import TestCase
+from django.test import TestCase, override_settings
+from django.test.utils import ignore_warnings
+from django.utils.deprecation import RemovedInDjango40Warning
 
 
 class TestAuthenticationMiddleware(TestCase):
@@ -32,6 +34,12 @@ class TestAuthenticationMiddleware(TestCase):
         self.assertIsNotNone(self.request.user)
         self.assertFalse(self.request.user.is_anonymous)
 
+    @ignore_warnings(category=RemovedInDjango40Warning)
+    def test_session_default_hashing_algorithm(self):
+        hash_session = self.client.session[HASH_SESSION_KEY]
+        with override_settings(DEFAULT_HASHING_ALGORITHM='sha1'):
+            self.assertNotEqual(hash_session, self.user.get_session_auth_hash())
+
     def test_changed_password_invalidates_session(self):
         # After password change, user should be anonymous
         self.user.set_password('new_password')