Commit Graph

39 Commits

Author SHA1 Message Date
Jon Moroney 136ec9b62b Refs #31358 -- Added decode() to password hashers.
By convention a hasher which does not use a salt should populate the
decode dict with `None` rather than omit the dict key.

Co-Authored-By: Florian Apolloner <apollo13@users.noreply.github.com>
2020-06-23 08:36:59 +02:00
Florian Apolloner 1621f06051 Fixed #30472 -- Made Argon2PasswordHasher use Argon2id. 2020-06-17 08:10:41 +02:00
Florian Apolloner ee49cf4f35 Added test for old Argon2i hashes with version attribute. 2020-06-17 08:10:41 +02:00
Mariusz Felisiak f2187a227f Increased the default PBKDF2 iterations for Django 3.2. 2020-05-13 09:07:51 +02:00
Hasan Ramezani 8aa71f4e87 Fixed #31375 -- Made contrib.auth.hashers.make_password() accept only bytes or strings. 2020-03-31 10:52:56 +02:00
Hasan Ramezani b3ab92cc5a Refs #31375 -- Added test for contrib.auth.hashers.make_password() bytes support. 2020-03-31 10:49:39 +02:00
Hasan Ramezani 579f33eb79 Replaced assertWarns() with SimpleTestCase.assertWarnsMessage() in tests. 2020-01-30 11:19:50 +01:00
Mariusz Felisiak 1960d55f8b
Refs #31040 -- Fixed crypt.crypt() call in test_hashers.py.
An empty string is invalid salt in Python 3 and raises exception since
Python 3.9, see https://bugs.python.org/issue38402.
2020-01-03 07:47:04 +01:00
Carlton Gibson b5db65c4fb Increased the default PBKDF2 iterations for Django 3.1. 2019-09-12 17:24:01 +02:00
Tim Graham 06670015f7 Increased the default PBKDF2 iterations for Django 3.0. 2019-01-17 11:15:27 -05:00
Tim Graham 9792af3648 Increased the default PBKDF2 iterations for Django 2.2. 2018-05-17 11:05:45 -04:00
Tim Graham cae0107287 Increased the default PBKDF2 iterations for Django 2.1. 2018-05-13 20:06:20 -04:00
Tim Graham a4f0e9aec7 Fixed #28718 -- Allowed user to request a password reset if their password doesn't use an enabled hasher.
Regression in aeb1389442.
Reverted changes to is_password_usable() from
703c266682 and documentation changes from
92f48680db.
2018-03-22 10:03:43 -04:00
Tim Graham 5b589a47b9
Fixed #29161 -- Removed BCryptPasswordHasher from PASSWORD_HASHERS. 2018-02-26 09:05:18 -05:00
Tim Graham fa75b2cb51
Refs #27795 -- Removed force_bytes/text() usage in tests. 2018-02-07 14:20:04 -05:00
Mads Jensen 3e72f4b7b6 Completed test coverage for BasePasswordHasher. 2017-09-29 09:28:25 -04:00
Mads Jensen 776f6902d9 Moved BasePasswordHasher tests to its own test case. 2017-09-29 09:28:24 -04:00
Bruno Alla 6092ea8fa6 Refs #27804 -- Used subTest() in several tests. 2017-05-24 08:36:34 -04:00
Tim Graham 1c466994d9 Refs #23919 -- Removed misc Python 2/3 references. 2017-01-25 13:59:25 -05:00
Tim Graham 7aba69145d Refs #23919 -- Removed django.test.mock Python 2 compatibility shim. 2017-01-20 08:17:20 -05:00
Tim Graham 109b33f64c Refs #23919 -- Simplified assertRaisesRegex()'s that accounted for Python 2. 2017-01-20 08:49:47 +01:00
Simon Charette 9695b14982 Refs #23919 -- Removed str() conversion of type and method __name__. 2017-01-19 11:31:07 -05:00
Claude Paroz d7b9aaa366 Refs #23919 -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Tim Graham 0bf3228eec Increased the default PBKDF2 iterations for the 1.11 release cycle. 2017-01-17 20:52:05 -05:00
Tim Graham b5f0b3478d Fixed #27579 -- Added aliases for Python 3's assertion names in SimpleTestCase. 2016-12-07 17:42:31 -05:00
za 321e94fa41 Refs #27392 -- Removed "Tests that", "Ensures that", etc. from test docstrings. 2016-11-10 21:30:21 -05:00
Tim Graham 1915a7e5c5 Increased the default PBKDF2 iterations. 2016-05-20 09:19:19 -04:00
Bas Westerbaan a5033dbc58 Refs #26033 -- Added password hasher support for Argon2 v1.3.
The previous version of Argon2 uses encoded hashes of the form:
   $argon2d$m=8,t=1,p=1$<salt>$<data>

The new version of Argon2 adds its version into the hash:
   $argon2d$v=19$m=8,t=1,p=1$<salt>$<data>

This lets Django handle both version properly.
2016-04-25 21:17:53 -04:00
Tim Graham 92053acbb9 Fixed E128 flake8 warnings in tests/. 2016-04-08 10:12:33 -04:00
Tim Graham 1243fdf5cb Fixed #26395 -- Skipped the CryptPasswordHasher tests on platforms with a dummy crypt module. 2016-03-22 11:22:21 -04:00
Bas Westerbaan b4250ea04a Fixed #26033 -- Added Argon2 password hasher. 2016-03-08 11:22:18 -05:00
Florian Apolloner 67b46ba701 Fixed CVE-2016-2513 -- Fixed user enumeration timing attack during login.
This is a security fix.
2016-03-01 11:25:28 -05:00
Tim Graham 47b5a6a43c Fixed #26187 -- Removed weak password hashers from PASSWORD_HASHERS. 2016-02-22 18:59:23 -05:00
Hasan 3d0dcd7f5a Refs #26022 -- Used context manager version of assertRaises in tests. 2016-01-29 12:32:18 -05:00
Tim Graham 593c9eb660 Increased the default PBKDF2 iterations for the 1.10 release cycle. 2015-09-23 19:31:11 -04:00
Tim Graham c21410aeeb Fixed typo in "pbkdf2" test names. 2015-09-19 20:44:37 -04:00
Tim Graham 7f1168e387 Removed support for Python 3.3. 2015-06-18 08:36:50 -04:00
Tim Graham b86abbceb9 Fixed #24115 -- Allowed bcrypt hashers to upgrade passwords on rounds change.
Thanks Florian Apolloner for the review.
2015-03-30 18:52:59 -04:00
Tim Graham 2d7aca3da0 Moved contrib.auth tests out of contrib. 2015-02-11 10:19:22 -05:00