Removed Django 1.2 compatibility fallback for contrib.comments forms hash.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15953 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-03-30 17:35:12 +00:00 · 2011-03-30 17:35:12 +00:00 · 5fa11b0035
parent c922a04675
commit 5fa11b0035
2 changed files with 1 additions and 31 deletions
--- a/django/contrib/comments/forms.py
+++ b/django/contrib/comments/forms.py
@ -1,5 +1,4 @@
 import datetime
-import hashlib
 import time
 from django import forms
 from django.forms.util import ErrorDict
@ -47,12 +46,7 @@ class CommentSecurityForm(forms.Form):
        expected_hash = self.generate_security_hash(**security_hash_dict)
        actual_hash = self.cleaned_data["security_hash"]
        if not constant_time_compare(expected_hash, actual_hash):
-            # Fallback to Django 1.2 method for compatibility
-            # PendingDeprecationWarning <- here to remind us to remove this
-            # fallback in Django 1.5
-            expected_hash_old = self._generate_security_hash_old(**security_hash_dict)
-            if not constant_time_compare(expected_hash_old, actual_hash):
-                raise forms.ValidationError("Security hash check failed.")
+            raise forms.ValidationError("Security hash check failed.")
        return actual_hash

    def clean_timestamp(self):
@ -95,12 +89,6 @@ class CommentSecurityForm(forms.Form):
        value = "-".join(info)
        return salted_hmac(key_salt, value).hexdigest()

-    def _generate_security_hash_old(self, content_type, object_pk, timestamp):
-        """Generate a (SHA1) security hash from the provided info."""
-        # Django 1.2 compatibility
-        info = (content_type, object_pk, timestamp, settings.SECRET_KEY)
-        return hashlib.sha1("".join(info)).hexdigest()
-
 class CommentDetailsForm(CommentSecurityForm):
    """
    Handles the specific details of the comment (name, comment, etc.).
--- a/tests/regressiontests/comment_tests/tests/comment_form_tests.py
+++ b/tests/regressiontests/comment_tests/tests/comment_form_tests.py
@ -1,4 +1,3 @@
-import hashlib
 import time

 from django.conf import settings
@ -46,23 +45,6 @@ class CommentFormTests(CommentTestCase):
    def testObjectPKTampering(self):
        self.tamperWithForm(object_pk="3")

-    def testDjango12Hash(self):
-        # Ensure we can use the hashes generated by Django 1.2
-        a = Article.objects.get(pk=1)
-        d = self.getValidData(a)
-
-        content_type = d['content_type']
-        object_pk = d['object_pk']
-        timestamp = d['timestamp']
-
-        # The Django 1.2 method hard-coded here:
-        info = (content_type, object_pk, timestamp, settings.SECRET_KEY)
-        security_hash = hashlib.sha1("".join(info)).hexdigest()
-
-        d['security_hash'] = security_hash
-        f = CommentForm(a, data=d)
-        self.assertTrue(f.is_valid(), f.errors)
-
    def testSecurityErrors(self):
        f = self.tamperWithForm(honeypot="I am a robot")
        self.assertTrue("honeypot" in f.security_errors())