Removed deprecated and undocumented function django.contrib.formtools.utils.security_hash().
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17841 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
c7229c681e
commit
dec21a1d4b
|
@ -172,39 +172,6 @@ class PreviewTests(FormToolsTestCase):
|
|||
self.assertNotEqual(response.content, success_string)
|
||||
|
||||
|
||||
class SecurityHashTests(unittest.TestCase):
|
||||
def setUp(self):
|
||||
self._warnings_state = get_warnings_state()
|
||||
warnings.filterwarnings('ignore', category=DeprecationWarning,
|
||||
module='django.contrib.formtools.utils')
|
||||
|
||||
def tearDown(self):
|
||||
restore_warnings_state(self._warnings_state)
|
||||
|
||||
def test_textfield_hash(self):
|
||||
"""
|
||||
Regression test for #10034: the hash generation function should ignore
|
||||
leading/trailing whitespace so as to be friendly to broken browsers that
|
||||
submit it (usually in textareas).
|
||||
"""
|
||||
f1 = HashTestForm({'name': 'joe', 'bio': 'Nothing notable.'})
|
||||
f2 = HashTestForm({'name': ' joe', 'bio': 'Nothing notable. '})
|
||||
hash1 = utils.security_hash(None, f1)
|
||||
hash2 = utils.security_hash(None, f2)
|
||||
self.assertEqual(hash1, hash2)
|
||||
|
||||
def test_empty_permitted(self):
|
||||
"""
|
||||
Regression test for #10643: the security hash should allow forms with
|
||||
empty_permitted = True, or forms where data has not changed.
|
||||
"""
|
||||
f1 = HashTestBlankForm({})
|
||||
f2 = HashTestForm({}, empty_permitted=True)
|
||||
hash1 = utils.security_hash(None, f1)
|
||||
hash2 = utils.security_hash(None, f2)
|
||||
self.assertEqual(hash1, hash2)
|
||||
|
||||
|
||||
class FormHmacTests(unittest.TestCase):
|
||||
"""
|
||||
Same as SecurityHashTests, but with form_hmac
|
||||
|
|
|
@ -3,43 +3,9 @@ try:
|
|||
except ImportError:
|
||||
import pickle
|
||||
|
||||
import hashlib
|
||||
from django.conf import settings
|
||||
from django.utils.crypto import salted_hmac
|
||||
|
||||
|
||||
def security_hash(request, form, *args):
|
||||
"""
|
||||
Calculates a security hash for the given Form instance.
|
||||
|
||||
This creates a list of the form field names/values in a deterministic
|
||||
order, pickles the result with the SECRET_KEY setting, then takes an md5
|
||||
hash of that.
|
||||
"""
|
||||
import warnings
|
||||
warnings.warn("security_hash is deprecated; use form_hmac instead",
|
||||
DeprecationWarning)
|
||||
data = []
|
||||
for bf in form:
|
||||
# Get the value from the form data. If the form allows empty or hasn't
|
||||
# changed then don't call clean() to avoid trigger validation errors.
|
||||
if form.empty_permitted and not form.has_changed():
|
||||
value = bf.data or ''
|
||||
else:
|
||||
value = bf.field.clean(bf.data) or ''
|
||||
if isinstance(value, basestring):
|
||||
value = value.strip()
|
||||
data.append((bf.name, value))
|
||||
|
||||
data.extend(args)
|
||||
data.append(settings.SECRET_KEY)
|
||||
|
||||
# Use HIGHEST_PROTOCOL because it's the most efficient.
|
||||
pickled = pickle.dumps(data, pickle.HIGHEST_PROTOCOL)
|
||||
|
||||
return hashlib.md5(pickled).hexdigest()
|
||||
|
||||
|
||||
def form_hmac(form):
|
||||
"""
|
||||
Calculates a security hash for the given Form instance.
|
||||
|
|
Loading…
Reference in New Issue