#33691: Deprecate CryptPasswordHasher.
-------------------------------------+-------------------------------------
Reporter: Mariusz Felisiak | Owner: Mariusz
Type: | Felisiak
Cleanup/optimization | Status: closed
Component: contrib.auth | Version: 4.0
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Claude Paroz):
What about something like this (TestPasswordHasher being imported from
`django.test.utils` is also a rather strong indication not to use it in
production):
{{{
diff --git a/django/contrib/auth/hashers.py
b/django/contrib/auth/hashers.py
index 432c624483..f409882d70 100644
--- a/django/contrib/auth/hashers.py
+++ b/django/contrib/auth/hashers.py
@@ -675,7 +675,7 @@ class SHA1PasswordHasher(BasePasswordHasher):
pass
-class MD5PasswordHasher(BasePasswordHasher):
+class _MD5UnsecurePasswordHasher(BasePasswordHasher):
"""
The Salted MD5 password hashing algorithm (not recommended)
"""
@@ -717,6 +717,17 @@ class MD5PasswordHasher(BasePasswordHasher):
pass
+# RemovedInDjango51Warning.
+class MD5PasswordHasher(_MD5UnsecurePasswordHasher):
+ def __init__(self, *args, **kwargs):
+ warnings.warn(
+ "django.contrib.auth.hashers.MD5PasswordHasher is
deprecated.",
+ RemovedInDjango51Warning,
+ stacklevel=2,
+ )
+ super().__init__(*args, **kwargs)
+
+
# RemovedInDjango51Warning.
class UnsaltedSHA1PasswordHasher(BasePasswordHasher):
"""
diff --git a/django/test/utils.py b/django/test/utils.py
index 270e34b69d..1e87bcaa9f 100644
--- a/django/test/utils.py
+++ b/django/test/utils.py
@@ -17,6 +17,7 @@ from xml.dom.minidom import Node, parseString
from django.apps import apps
from django.apps.registry import Apps
from django.conf import UserSettingsHolder, settings
+from django.contrib.auth.hashers import _MD5UnsecurePasswordHasher
from django.core import mail
from django.core.exceptions import ImproperlyConfigured
from django.core.signals import request_started, setting_changed
@@ -999,3 +1000,9 @@ def register_lookup(field, *lookups,
lookup_name=None):
finally:
for lookup in lookups:
field._unregister_lookup(lookup, lookup_name)
+
+
+class TestPasswordHasher(_MD5UnsecurePasswordHasher):
+ """
+ An unsecure but fast Salted MD5 password hashing algorithm for
speedier tests.
+ """
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/33691#comment:9>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/010701822b0c699f-db18f837-bdba-4151-93d7-c7bbc874265e-000000%40eu-central-1.amazonses.com.
