Commit Graph

24 Commits

Author SHA1 Message Date
Simon Charette 8759778185 Fixed #20675 -- `check_password` should work when no password is specified.
The regression was introduced by 2c4fe761a. refs #20593.
2013-07-03 14:09:58 -04:00
Erik Romijn aeb1389442 Fixed #20079 -- Improve security of password reset tokens 2013-06-18 20:02:00 +02:00
Erik Romijn 2c4fe761a0 Fixed #20593 -- Allow blank passwords in check_password() and set_password() 2013-06-18 13:32:54 -04:00
Jaap Roes 990f8d92dc Fixed #20599 -- Changed wording of ValueError raised by _load_library
The _load_library method on BasePasswordHasher turns ImportErrors
into ValueErrors, this masks ImportErrors in the algorithm library.
Changed it to a clearer worded error message that includes
the ImportError string.
2013-06-15 10:50:55 +02:00
Donald Stufft 8f0a4665d6 Recommend using the bcrypt library instead of py-bcrypt
* py-bcrypt has not been updated in some time
* py-bcrypt does not support Python3
* py3k-bcrypt, a port of py-bcrypt to python3 is not compatible
  with Django
* bcrypt is supported on all versions of Python that Django
  supports
2013-05-13 23:49:00 -04:00
Donald Stufft 3070e8f711 Properly force bytes or str for bcrypt on Python3 2013-05-11 11:16:06 -04:00
Donald Stufft 25f2acfed0 Fixed #20138 -- Added BCryptSHA256PasswordHasher
BCryptSHA256PasswordHasher pre-hashes the users password using
SHA256 to prevent the 72 byte truncation inherient in the BCrypt
algorithm.
2013-03-26 13:26:57 -04:00
Aymeric Augustin f1255a3c09 Fixed #18144 -- Restored compatibility with SHA1 hashes with empty salt.
Thanks dahool for the report and initial version of the patch.
2013-02-25 20:21:58 +01:00
Claude Paroz 7c5b244826 Fixed #17061 -- Factored out importing object from a dotted path
Thanks Carl Meyer for the report.
2013-02-04 16:38:25 +01:00
Claude Paroz 1f8e7bb075 Added missing parentheses in if clause 2013-02-02 12:13:47 +01:00
Claude Paroz 63d6a50dd8 Fixed #18144 -- Added backwards compatibility with old unsalted MD5 passwords
Thanks apreobrazhensky at gmail.com for the report.
2013-02-02 12:02:36 +01:00
Claude Paroz 0dc3fc954f Fixed #19509 -- Fixed crypt/bcrypt non-ascii password encoding
Also systematically added non-ascii passwords in hashers test suite.
Thanks Vaal for the report.
2012-12-22 16:04:10 +01:00
Claude Paroz 703c266682 Fixed #18182 -- Made is_usable_password check if hashing algorithm is correct
The display of the ReadOnlyPasswordHashWidget has also been improved to
distinguish empty/unusable password from erroneous password.
Fixed #18453 also.
Thanks danielr and Leo for the reports and Moritz Sichert for the
initial patch.
2012-09-12 11:32:50 +02:00
Claude Paroz ebc773ada3 Replaced many smart_bytes by force_bytes
In all those occurrences, we didn't care about preserving the
lazy status of the strings, but we really wanted to obtain a
real bytestring.
2012-08-29 11:20:32 +02:00
Andrews Medina 87e0a75c03 [py3] Decoded base64-encoded hash in contrib.auth.hashers 2012-08-11 00:20:59 +02:00
Alex Gaynor 5f8da527ab [py3k] use the base64 module, instead of bytes.encode('base64') 2012-08-09 07:26:11 -07:00
Aymeric Augustin c5ef65bcf3 [py3] Ported django.utils.encoding.
* Renamed smart_unicode to smart_text (but kept the old name under
  Python 2 for backwards compatibility).
* Renamed smart_str to smart_bytes.
* Re-introduced smart_str as an alias for smart_text under Python 3
  and smart_bytes under Python 2 (which is backwards compatible).
  Thus smart_str always returns a str objects.
* Used the new smart_str in a few places where both Python 2 and 3
  want a str.
2012-08-07 12:00:22 +02:00
Claude Paroz 4a103086d5 Fixed #18269 -- Applied unicode_literals for Python 3 compatibility.
Thanks Vinay Sajip for the support of his django3 branch and
Jannis Leidel for the review.
2012-06-07 18:08:47 +02:00
Claude Paroz 70a0351fef Fixed #18184 -- Moved algorithm identification code to hashers module
Thanks Eli Collins for the report and the patch.
2012-06-06 11:06:33 +02:00
Claude Paroz eb286aa22f Delayed encoding of password and salt in password checking.
Applied the rule that string encoding should happen as late as
possible. This is also a preparation for Python 3 compatibility.
2012-06-06 10:53:16 +02:00
Anssi Kääriäinen 2a09404792 Reset password hashers cache on settings_changed. 2012-04-30 22:10:27 +03:00
Paul McMillan 413e37481d Fixes #17777 and makes tests run again.
Adds a salted MD5 hasher for backwards compatibility.
Thanks gunnar@g10f.de for the report.

Also fixes a bug preventing the hasher tests from being run during
contrib tests.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@17604 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2012-02-29 20:12:16 +00:00
Aymeric Augustin d72c0bdc46 Fixed #17457 -- Marked strings used in hash descriptions for translation.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17270 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-24 19:38:37 +00:00
Paul McMillan 90e05aaeac Renovated password hashing, including the forgotten files in r17253.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17254 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-12-23 03:53:56 +00:00