From a8d0fc10015be745c5d274b990d94dfb7d57c9d5 Mon Sep 17 00:00:00 2001 From: Aymeric Augustin Date: Thu, 22 Mar 2012 08:10:19 +0000 Subject: [PATCH] Fixed #17944 -- Prevented an error in the user change page of the admin when the content of the password field doesn't match the expected format. Thanks saxix for the report and initial patch. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17775 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- .../contrib/auth/fixtures/authtestdata.json | 130 +++++++++++++----- django/contrib/auth/forms.py | 14 +- django/contrib/auth/tests/forms.py | 20 ++- 3 files changed, 120 insertions(+), 44 deletions(-) diff --git a/django/contrib/auth/fixtures/authtestdata.json b/django/contrib/auth/fixtures/authtestdata.json index c2867430e6..931328899b 100644 --- a/django/contrib/auth/fixtures/authtestdata.json +++ b/django/contrib/auth/fixtures/authtestdata.json @@ -1,55 +1,109 @@ [ { - "pk": "1", - "model": "auth.user", + "pk": "1", + "model": "auth.user", "fields": { - "username": "testclient", - "first_name": "Test", - "last_name": "Client", - "is_active": true, - "is_superuser": false, - "is_staff": false, - "last_login": "2006-12-17 07:03:31", - "groups": [], - "user_permissions": [], - "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161", - "email": "testclient@example.com", + "username": "testclient", + "first_name": "Test", + "last_name": "Client", + "is_active": true, + "is_superuser": false, + "is_staff": false, + "last_login": "2006-12-17 07:03:31", + "groups": [], + "user_permissions": [], + "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161", + "email": "testclient@example.com", "date_joined": "2006-12-17 07:03:31" } }, { - "pk": "2", - "model": "auth.user", + "pk": "2", + "model": "auth.user", "fields": { - "username": "inactive", - "first_name": "Inactive", - "last_name": "User", - "is_active": false, - "is_superuser": false, - "is_staff": false, - "last_login": "2006-12-17 07:03:31", - "groups": [], - "user_permissions": [], - "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161", + "username": "inactive", + "first_name": "Inactive", + "last_name": "User", + "is_active": false, + "is_superuser": false, + "is_staff": false, + "last_login": "2006-12-17 07:03:31", + "groups": [], + "user_permissions": [], + "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161", "email": "testclient2@example.com", "date_joined": "2006-12-17 07:03:31" } }, { - "pk": "3", - "model": "auth.user", + "pk": "3", + "model": "auth.user", "fields": { - "username": "staff", - "first_name": "Staff", - "last_name": "Member", - "is_active": true, - "is_superuser": false, - "is_staff": true, - "last_login": "2006-12-17 07:03:31", - "groups": [], - "user_permissions": [], - "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161", - "email": "staffmember@example.com", + "username": "staff", + "first_name": "Staff", + "last_name": "Member", + "is_active": true, + "is_superuser": false, + "is_staff": true, + "last_login": "2006-12-17 07:03:31", + "groups": [], + "user_permissions": [], + "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161", + "email": "staffmember@example.com", + "date_joined": "2006-12-17 07:03:31" + } + }, + { + "pk": "4", + "model": "auth.user", + "fields": { + "username": "empty_password", + "first_name": "Empty", + "last_name": "Password", + "is_active": true, + "is_superuser": false, + "is_staff": false, + "last_login": "2006-12-17 07:03:31", + "groups": [], + "user_permissions": [], + "password": "", + "email": "empty_password@example.com", + "date_joined": "2006-12-17 07:03:31" + } + }, + { + "pk": "5", + "model": "auth.user", + "fields": { + "username": "unmanageable_password", + "first_name": "Unmanageable", + "last_name": "Password", + "is_active": true, + "is_superuser": false, + "is_staff": false, + "last_login": "2006-12-17 07:03:31", + "groups": [], + "user_permissions": [], + "password": "$", + "email": "unmanageable_password@example.com", + "date_joined": "2006-12-17 07:03:31" + } + }, + { + "pk": "6", + "model": "auth.user", + "fields": { + "username": "unknown_password", + "first_name": "Unknown", + "last_name": "Password", + "is_active": true, + "is_superuser": false, + "is_staff": false, + "last_login": "2006-12-17 07:03:31", + "groups": [], + "user_permissions": [], + "password": "foo$bar", + "email": "unknown_password@example.com", "date_joined": "2006-12-17 07:03:31" } } diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py index a88c866e4b..a7278be6eb 100644 --- a/django/contrib/auth/forms.py +++ b/django/contrib/auth/forms.py @@ -29,14 +29,18 @@ class ReadOnlyPasswordHashWidget(forms.Widget): encoded = smart_str(encoded) if len(encoded) == 32 and '$' not in encoded: - hasher = get_hasher('unsalted_md5') + algorithm = 'unsalted_md5' else: algorithm = encoded.split('$', 1)[0] - hasher = get_hasher(algorithm) - summary = "" - for key, value in hasher.safe_summary(encoded).iteritems(): - summary += "%(key)s: %(value)s " % {"key": ugettext(key), "value": value} + try: + hasher = get_hasher(algorithm) + except ValueError: + summary = "%s" % ugettext("Invalid password format or unknown hashing algorithm.") + else: + summary = "" + for key, value in hasher.safe_summary(encoded).iteritems(): + summary += "%(key)s: %(value)s " % {"key": ugettext(key), "value": value} return mark_safe("%(summary)s" % {"attrs": flatatt(final_attrs), "summary": summary}) diff --git a/django/contrib/auth/tests/forms.py b/django/contrib/auth/tests/forms.py index e4c8bf2586..2397b52aff 100644 --- a/django/contrib/auth/tests/forms.py +++ b/django/contrib/auth/tests/forms.py @@ -65,7 +65,6 @@ class UserCreationFormTest(TestCase): def test_success(self): # The success case. - data = { 'username': 'jsmith@example.com', 'password1': 'test123', @@ -236,6 +235,25 @@ class UserChangeFormTest(TestCase): # Just check we can create it form = MyUserForm({}) + def test_bug_17944_empty_password(self): + user = User.objects.get(username='empty_password') + form = UserChangeForm(instance=user) + # Just check that no error is raised. + form.as_table() + + def test_bug_17944_unmanageable_password(self): + user = User.objects.get(username='unmanageable_password') + form = UserChangeForm(instance=user) + # Just check that no error is raised. + form.as_table() + + def test_bug_17944_unknown_password_algorithm(self): + user = User.objects.get(username='unknown_password') + form = UserChangeForm(instance=user) + # Just check that no error is raised. + form.as_table() + + UserChangeFormTest = override_settings(USE_TZ=False)(UserChangeFormTest)