innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
17,245 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

15 Commits

Author SHA1 Message Date
Tim Graham fddb0131d3 Fixed #21535 -- Fixed password hash iteration upgrade. 
Thanks jared_mess for the report.
 2013-11-30 14:18:37 -05:00
Alasdair Nicol c3aa2948c6 Fixed #21298 -- Fixed E301 pep8 warnings 2013-10-23 13:45:03 +01:00
Tim Graham 1597503a01 Fixed E221 pep8 warnings. 2013-10-22 09:51:39 -04:00
Florian Apolloner 7d0d0dbf26 Force update of the password on iteration count changes. 2013-10-21 20:31:28 +02:00
Florian Apolloner 5d74853e15 Revert "Ensure that passwords are never long enough for a DoS." 
This reverts commit aae5a96d57.

This fix is no longer necessary, our pbkdf2 (see next commit) implementation
no longer rehashes the password every iteration.
 2013-09-24 21:01:21 +02:00
Paul McMillan a075e2ad0d Increase default PBKDF2 iterations 
Increases the default PBKDF2 iterations, since computers have gotten
faster since 2011. In the future, we plan to increment by 10% per
major version.
 2013-09-19 18:02:25 +01:00
Russell Keith-Magee aae5a96d57 Ensure that passwords are never long enough for a DoS. 
* Limit the password length to 4096 bytes
  * Password hashers will raise a ValueError
  * django.contrib.auth forms will fail validation
* Document in release notes that this is a backwards incompatible change

Thanks to Josh Wright for the report, and Donald Stufft for the patch.

This is a security fix; disclosure to follow shortly.
 2013-09-15 13:42:23 +08:00
Simon Charette 8759778185 Fixed #20675 -- `check_password` should work when no password is specified. 
The regression was introduced by 2c4fe761a. refs #20593.
 2013-07-03 14:09:58 -04:00
Aymeric Augustin cfcf4b3605 Stopped using django.utils.unittest in the test suite. 
Refs #20680.
 2013-07-01 14:29:33 +02:00
Erik Romijn aeb1389442 Fixed #20079 -- Improve security of password reset tokens 2013-06-18 20:02:00 +02:00
Erik Romijn 2c4fe761a0 Fixed #20593 -- Allow blank passwords in check_password() and set_password() 2013-06-18 13:32:54 -04:00
Claude Paroz beb652e069 Worked around Python 3.3 modified exception repr 
Refs #20599.
 2013-06-15 11:14:59 +02:00
Jaap Roes 990f8d92dc Fixed #20599 -- Changed wording of ValueError raised by _load_library 
The _load_library method on BasePasswordHasher turns ImportErrors
into ValueErrors, this masks ImportErrors in the algorithm library.
Changed it to a clearer worded error message that includes
the ImportError string.
 2013-06-15 10:50:55 +02:00
Donald Stufft 8f0a4665d6 Recommend using the bcrypt library instead of py-bcrypt 
* py-bcrypt has not been updated in some time
* py-bcrypt does not support Python3
* py3k-bcrypt, a port of py-bcrypt to python3 is not compatible
  with Django
* bcrypt is supported on all versions of Python that Django
  supports
 2013-05-13 23:49:00 -04:00
Preston Timmons fde2e4fd6e Modified auth to work with unittest2 discovery. 2013-04-02 21:59:45 -06:00