Re: [Django] #32508: Raise proper exceptions instead of using "assert".

[Django]

#32508: Raise proper exceptions instead of using "assert".
-------------------------------------+-------------------------------------
     Reporter:  Adam Johnson         |                    Owner:  Daniyal
         Type:                       |  Abbasi
  Cleanup/optimization               |                   Status:  closed
    Component:  Core (Other)         |                  Version:  dev
     Severity:  Normal               |               Resolution:  fixed
     Keywords:                       |             Triage Stage:  Accepted
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Chris Jerdonek):

 I'd like to suggest that the asserts in `hashers.py` (listed above) also
 be considered. While reviewing
 [https://github.com/django/django/pull/13799 PR #13799], I noticed there
 are cases where user code can encounter them.

 For example, here are a couple of the asserts, in the case of
 `PBKDF2PasswordHasher.encode()`:
 
https://github.com/django/django/blob/012f38f9594b35743e9ab231757b7b62db638323/django/contrib/auth/hashers.py#L271-L273
 And here is an example in the Django docs instructing users to call this
 method with their own code:
 https://docs.djangoproject.com/en/3.2/topics/auth/passwords/#password-
 upgrading-without-requiring-a-login
 That section also tells the user they "can modify the pattern to work with
 any algorithm or with a custom user model." Since Django has examples
 telling users to call this method with their own code, and also since this
 is a security-related code path, I think it would be worth switching from
 `assert` statements to more explicit argument checking.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/32508#comment:35>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/068.f35431cc39e0389a9143520ef724ad6f%40djangoproject.com.