Fixed #17944 -- Prevented an error in the user change page of the admin when the content of the password field doesn't match the expected format. Thanks saxix for the report and initial patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17775 bcc190cf-cafb-0310-a4f2-bffc1f526a37

django/contrib/auth/fixtures/authtestdata.json

@@ -1,55 +1,109 @@
 [
     {
-        "pk": "1", 
+        "pk": "1",
-        "model": "auth.user", 
+        "model": "auth.user",
         "fields": {
-            "username": "testclient", 
+            "username": "testclient",
-            "first_name": "Test", 
+            "first_name": "Test",
-            "last_name": "Client", 
+            "last_name": "Client",
-            "is_active": true, 
+            "is_active": true,
-            "is_superuser": false, 
+            "is_superuser": false,
-            "is_staff": false, 
+            "is_staff": false,
-            "last_login": "2006-12-17 07:03:31", 
+            "last_login": "2006-12-17 07:03:31",
-            "groups": [], 
+            "groups": [],
-            "user_permissions": [], 
+            "user_permissions": [],
-            "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161", 
+            "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161",
-            "email": "testclient@example.com", 
+            "email": "testclient@example.com",
             "date_joined": "2006-12-17 07:03:31"
         }
     },
     {
-        "pk": "2", 
+        "pk": "2",
-        "model": "auth.user", 
+        "model": "auth.user",
         "fields": {
-            "username": "inactive", 
+            "username": "inactive",
-            "first_name": "Inactive", 
+            "first_name": "Inactive",
-            "last_name": "User", 
+            "last_name": "User",
-            "is_active": false, 
+            "is_active": false,
-            "is_superuser": false, 
+            "is_superuser": false,
-            "is_staff": false, 
+            "is_staff": false,
-            "last_login": "2006-12-17 07:03:31", 
+            "last_login": "2006-12-17 07:03:31",
-            "groups": [], 
+            "groups": [],
-            "user_permissions": [], 
+            "user_permissions": [],
-            "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161", 
+            "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161",
             "email": "testclient2@example.com",
             "date_joined": "2006-12-17 07:03:31"
         }
     },
     {
-        "pk": "3", 
+        "pk": "3",
-        "model": "auth.user", 
+        "model": "auth.user",
         "fields": {
-            "username": "staff", 
+            "username": "staff",
-            "first_name": "Staff", 
+            "first_name": "Staff",
-            "last_name": "Member", 
+            "last_name": "Member",
-            "is_active": true, 
+            "is_active": true,
-            "is_superuser": false, 
+            "is_superuser": false,
-            "is_staff": true, 
+            "is_staff": true,
-            "last_login": "2006-12-17 07:03:31", 
+            "last_login": "2006-12-17 07:03:31",
-            "groups": [], 
+            "groups": [],
-            "user_permissions": [], 
+            "user_permissions": [],
-            "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161", 
+            "password": "sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161",
-            "email": "staffmember@example.com", 
+            "email": "staffmember@example.com",
+            "date_joined": "2006-12-17 07:03:31"
+        }
+    },
+    {
+        "pk": "4",
+        "model": "auth.user",
+        "fields": {
+            "username": "empty_password",
+            "first_name": "Empty",
+            "last_name": "Password",
+            "is_active": true,
+            "is_superuser": false,
+            "is_staff": false,
+            "last_login": "2006-12-17 07:03:31",
+            "groups": [],
+            "user_permissions": [],
+            "password": "",
+            "email": "empty_password@example.com",
+            "date_joined": "2006-12-17 07:03:31"
+        }
+    },
+    {
+        "pk": "5",
+        "model": "auth.user",
+        "fields": {
+            "username": "unmanageable_password",
+            "first_name": "Unmanageable",
+            "last_name": "Password",
+            "is_active": true,
+            "is_superuser": false,
+            "is_staff": false,
+            "last_login": "2006-12-17 07:03:31",
+            "groups": [],
+            "user_permissions": [],
+            "password": "$",
+            "email": "unmanageable_password@example.com",
+            "date_joined": "2006-12-17 07:03:31"
+        }
+    },
+    {
+        "pk": "6",
+        "model": "auth.user",
+        "fields": {
+            "username": "unknown_password",
+            "first_name": "Unknown",
+            "last_name": "Password",
+            "is_active": true,
+            "is_superuser": false,
+            "is_staff": false,
+            "last_login": "2006-12-17 07:03:31",
+            "groups": [],
+            "user_permissions": [],
+            "password": "foo$bar",
+            "email": "unknown_password@example.com",
             "date_joined": "2006-12-17 07:03:31"
         }
     }

django/contrib/auth/forms.py

@@ -29,14 +29,18 @@ class ReadOnlyPasswordHashWidget(forms.Widget):
         encoded = smart_str(encoded)
 
         if len(encoded) == 32 and '$' not in encoded:
-            hasher = get_hasher('unsalted_md5')
+            algorithm = 'unsalted_md5'
         else:
             algorithm = encoded.split('$', 1)[0]
-            hasher = get_hasher(algorithm)
 
-        summary = ""
+        try:
-        for key, value in hasher.safe_summary(encoded).iteritems():
+            hasher = get_hasher(algorithm)
-            summary += "<strong>%(key)s</strong>: %(value)s " % {"key": ugettext(key), "value": value}
+        except ValueError:
+            summary = "<strong>%s</strong>" % ugettext("Invalid password format or unknown hashing algorithm.")
+        else:
+            summary = ""
+            for key, value in hasher.safe_summary(encoded).iteritems():
+                summary += "<strong>%(key)s</strong>: %(value)s " % {"key": ugettext(key), "value": value}
 
         return mark_safe("<div%(attrs)s>%(summary)s</div>" % {"attrs": flatatt(final_attrs), "summary": summary})
 

django/contrib/auth/tests/forms.py

@@ -65,7 +65,6 @@ class UserCreationFormTest(TestCase):
 
     def test_success(self):
         # The success case.
-
         data = {
             'username': 'jsmith@example.com',
             'password1': 'test123',
@@ -236,6 +235,25 @@ class UserChangeFormTest(TestCase):
         # Just check we can create it
         form = MyUserForm({})
 
+    def test_bug_17944_empty_password(self):
+        user = User.objects.get(username='empty_password')
+        form = UserChangeForm(instance=user)
+        # Just check that no error is raised.
+        form.as_table()
+
+    def test_bug_17944_unmanageable_password(self):
+        user = User.objects.get(username='unmanageable_password')
+        form = UserChangeForm(instance=user)
+        # Just check that no error is raised.
+        form.as_table()
+
+    def test_bug_17944_unknown_password_algorithm(self):
+        user = User.objects.get(username='unknown_password')
+        form = UserChangeForm(instance=user)
+        # Just check that no error is raised.
+        form.as_table()
+
+
 UserChangeFormTest = override_settings(USE_TZ=False)(UserChangeFormTest)