Removed Django 1.2 compatibility fallback for contrib.comments forms hash.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15953 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Luke Plant 2011-03-30 17:35:12 +00:00
parent c922a04675
commit 5fa11b0035
2 changed files with 1 additions and 31 deletions

View File

@ -1,5 +1,4 @@
import datetime
import hashlib
import time
from django import forms
from django.forms.util import ErrorDict
@ -47,11 +46,6 @@ class CommentSecurityForm(forms.Form):
expected_hash = self.generate_security_hash(**security_hash_dict)
actual_hash = self.cleaned_data["security_hash"]
if not constant_time_compare(expected_hash, actual_hash):
# Fallback to Django 1.2 method for compatibility
# PendingDeprecationWarning <- here to remind us to remove this
# fallback in Django 1.5
expected_hash_old = self._generate_security_hash_old(**security_hash_dict)
if not constant_time_compare(expected_hash_old, actual_hash):
raise forms.ValidationError("Security hash check failed.")
return actual_hash
@ -95,12 +89,6 @@ class CommentSecurityForm(forms.Form):
value = "-".join(info)
return salted_hmac(key_salt, value).hexdigest()
def _generate_security_hash_old(self, content_type, object_pk, timestamp):
"""Generate a (SHA1) security hash from the provided info."""
# Django 1.2 compatibility
info = (content_type, object_pk, timestamp, settings.SECRET_KEY)
return hashlib.sha1("".join(info)).hexdigest()
class CommentDetailsForm(CommentSecurityForm):
"""
Handles the specific details of the comment (name, comment, etc.).

View File

@ -1,4 +1,3 @@
import hashlib
import time
from django.conf import settings
@ -46,23 +45,6 @@ class CommentFormTests(CommentTestCase):
def testObjectPKTampering(self):
self.tamperWithForm(object_pk="3")
def testDjango12Hash(self):
# Ensure we can use the hashes generated by Django 1.2
a = Article.objects.get(pk=1)
d = self.getValidData(a)
content_type = d['content_type']
object_pk = d['object_pk']
timestamp = d['timestamp']
# The Django 1.2 method hard-coded here:
info = (content_type, object_pk, timestamp, settings.SECRET_KEY)
security_hash = hashlib.sha1("".join(info)).hexdigest()
d['security_hash'] = security_hash
f = CommentForm(a, data=d)
self.assertTrue(f.is_valid(), f.errors)
def testSecurityErrors(self):
f = self.tamperWithForm(honeypot="I am a robot")
self.assertTrue("honeypot" in f.security_errors())