summaryrefslogtreecommitdiff
path: root/tests/auth_tests/test_hashers.py
AgeCommit message (Collapse)Author
2025-01-15Increased the default PBKDF2 iterations for Django 6.0.Sarah Boyce
2024-08-08Added test for acheck_password() to ensure make_password is called for ↵Natalia
unusable passwords. This is a follow up for the fix of CVE-2024-39329 (5d8645857936c142a3973694799c52165e2bdcdb) where the timing of verify_password() was standardized when checking unusable passwords.
2024-07-09Fixed CVE-2024-39329 -- Standarized timing of verify_password() when ↵Michael Manfre
checking unusuable passwords. Refs #20760. Thanks Michael Manfre for the fix and to Adam Johnson for the review.
2024-05-22Increased the default PBKDF2 iterations for Django 5.2.Natalia
2024-05-17Fixed #35428 -- Increased parallelism of the ScryptPasswordHasher.SaJH
2024-01-26Applied Black's 2024 stable style.Mariusz Felisiak
https://github.com/psf/black/releases/tag/24.1.0
2023-09-18Increased the default PBKDF2 iterations for Django 5.1.Mariusz Felisiak
2023-09-18Refs #33691 -- Removed insecure password hashers per deprecation timeline.Mariusz Felisiak
2023-05-18Fixed #34565 -- Added support for async checking of user passwords.HappyDingning
2023-03-20Fixed some typos in comments, docstrings, and tests.Liyang Zhang
2023-02-04Increased the default PBKDF2 iterations for Django 5.0.Mariusz Felisiak
Follow up to 9a1848f48c1f7f627a52b2063a8a8428e77765d6.
2023-01-17Increased the default PBKDF2 iterations for Django 5.0.Mariusz Felisiak
2023-01-17Refs #33691 -- Removed django.contrib.auth.hashers.CryptPasswordHasher per ↵Mariusz Felisiak
deprecation timeline.
2022-10-20Skipped scrypt tests when OpenSSL 1.1+ is not installed.HieuPham9720
2022-07-23Refs #33691 -- Deprecated insecure password hashers.Claude Paroz
SHA1PasswordHasher, UnsaltedSHA1PasswordHasher, and UnsaltedMD5PasswordHasher are now deprecated.
2022-05-17Increased the default PBKDF2 iterations for Django 4.2.Carlton Gibson
2022-05-11Fixed #33691 -- Deprecated django.contrib.auth.hashers.CryptPasswordHasher.Mariusz Felisiak
2022-02-07Refs #33476 -- Refactored code to strictly match 88 characters line length.Mariusz Felisiak
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2021-09-20Increased the default PBKDF2 iterations for Django 4.1.Mariusz Felisiak
2021-09-06Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in ↵Mateo Radman
encode() methods of remaining password hashers.
2021-07-22Fixed #32275 -- Added scrypt password hasher.ryowright
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-07-22Refs #32508 -- Raised TypeError/ValueError instead of using "assert" in ↵Mariusz Felisiak
encode() methods of some password hashers.
2021-01-14Increased the default PBKDF2 iterations for Django 4.0.Mariusz Felisiak
2021-01-14Fixed #31358 -- Increased salt entropy of password hashers.Jon Moroney
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
2021-01-14Refs #31358 -- Added bcrypt password hashers tests for must_update() with ↵Jon Moroney
salt().
2020-12-28Refs #31358 -- Fixed decoding salt in Argon2PasswordHasher.Florian Apolloner
Argon2 encodes the salt as base64 for representation in the final hash output. To be able to accurately return the used salt from decode(), add padding, b64decode, and decode from latin1 (for the remote possibility that someone supplied a custom hash consisting solely of bytes -- this would require a manual construction of the hash though, Django's interface does not allow for that).
2020-06-23Refs #31358 -- Added decode() to password hashers.Jon Moroney
By convention a hasher which does not use a salt should populate the decode dict with `None` rather than omit the dict key. Co-Authored-By: Florian Apolloner <apollo13@users.noreply.github.com>
2020-06-17Fixed #30472 -- Made Argon2PasswordHasher use Argon2id.Florian Apolloner
2020-06-17Added test for old Argon2i hashes with version attribute.Florian Apolloner
2020-05-13Increased the default PBKDF2 iterations for Django 3.2.Mariusz Felisiak
2020-03-31Fixed #31375 -- Made contrib.auth.hashers.make_password() accept only bytes ↵Hasan Ramezani
or strings.
2020-03-31Refs #31375 -- Added test for contrib.auth.hashers.make_password() bytes ↵Hasan Ramezani
support.
2020-01-30Replaced assertWarns() with SimpleTestCase.assertWarnsMessage() in tests.Hasan Ramezani
2020-01-03Refs #31040 -- Fixed crypt.crypt() call in test_hashers.py.Mariusz Felisiak
An empty string is invalid salt in Python 3 and raises exception since Python 3.9, see https://bugs.python.org/issue38402.
2019-09-12Increased the default PBKDF2 iterations for Django 3.1.Carlton Gibson
2019-01-17Increased the default PBKDF2 iterations for Django 3.0.Tim Graham
2018-05-17Increased the default PBKDF2 iterations for Django 2.2.Tim Graham
2018-05-13Increased the default PBKDF2 iterations for Django 2.1.Tim Graham
2018-03-22Fixed #28718 -- Allowed user to request a password reset if their password ↵Tim Graham
doesn't use an enabled hasher. Regression in aeb1389442d0f9669edf6660b747fd10693b63a7. Reverted changes to is_password_usable() from 703c266682be39f7153498ad0d8031231f12ee79 and documentation changes from 92f48680dbd2e02f2b33f6ad0e35b7d337889fb2.
2018-02-26Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS.Tim Graham
2018-02-07Refs #27795 -- Removed force_bytes/text() usage in tests.Tim Graham
2017-09-29Completed test coverage for BasePasswordHasher.Mads Jensen
2017-09-29Moved BasePasswordHasher tests to its own test case.Mads Jensen
2017-05-24Refs #27804 -- Used subTest() in several tests.Bruno Alla
2017-01-25Refs #23919 -- Removed misc Python 2/3 references.Tim Graham
2017-01-20Refs #23919 -- Removed django.test.mock Python 2 compatibility shim.Tim Graham
2017-01-20Refs #23919 -- Simplified assertRaisesRegex()'s that accounted for Python 2.Tim Graham
2017-01-19Refs #23919 -- Removed str() conversion of type and method __name__.Simon Charette
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
generated by cgit v1.3 (git 2.53.0) at 2026-05-02 08:24:52 +0000