[bug 821043] Change password disabling to use User.set_unusable_password() r=willkg

2013-02-10 17:58:51 +02:00 · 2013-02-10 17:58:51 +02:00 · e907c54754
--- a/apps/users/hashers.py
+++ b/apps/users/hashers.py
@ -31,24 +31,3 @@ class SHA256PasswordHasher(BasePasswordHasher):
            (_('salt'), mask_hash(salt, show=2)),
            (_('hash'), mask_hash(hash)),
        ])
-
-class PasswordDisabledHasher(BasePasswordHasher):
-    """The SHA256 password hashing algorithm.
-
-    We "expire" user passwords by setting them to "PASSWORD_DISABLED".
-    This fake hasher handles them without blowing up.
-    """
-    algorithm = "PASSWORD_DISABLED"
-
-    def encode(self, password, salt):
-        return self.algorithm
-
-    def verify(self, password, encoded):
-        return False
-
-    def safe_summary(self, encoded):
-        return SortedDict([
-            (_('algorithm'), self.algorithm),
-            (_('salt'), ''),
-            (_('hash'), ''),
-        ])
--- a/apps/users/management/commands/purge_hashes.py
+++ b/apps/users/management/commands/purge_hashes.py
@ -1,6 +1,7 @@
 from datetime import datetime, timedelta

 from django.contrib.auth.models import User
+from django.contrib.auth.hashers import UNUSABLE_PASSWORD
 from django.core.management.base import BaseCommand


@ -10,6 +11,6 @@ class Command(BaseCommand):
    def handle(self, *args, **kw):
        old = datetime.now() - timedelta(365)
        users = User.objects.filter(last_login__lt=old)
-        users = users.exclude(password='PASSWORD_DISABLED')
-        num = users.update(password='PASSWORD_DISABLED')
+        users = users.exclude(password=UNUSABLE_PASSWORD)
+        num = users.update(password=UNUSABLE_PASSWORD)
        print 'Cleared %d passwords.' % num
--- a/apps/users/tests/test_templates.py
+++ b/apps/users/tests/test_templates.py
@ -58,7 +58,7 @@ class LoginTests(TestCaseBase):

    def test_login_password_disabled(self):
        """Test logging in as a user with PASSWORD_DISABLED doesn't 500."""
-        self.u.password = 'PASSWORD_DISABLED'
+        self.u.set_unusable_password()
        self.u.save()
        response = self.client.post(reverse('users.login'),
                                    {'username': self.u.username,
--- a/migrations/198-set-unusable-password.py
+++ b/migrations/198-set-unusable-password.py
@ -0,0 +1,11 @@
+from django.contrib.auth.models import User
+from django.contrib.auth.hashers import UNUSABLE_PASSWORD
+
+
+def run():
+    users = User.objects.filter(password='PASSWORD_DISABLED')
+    num = users.update(password=UNUSABLE_PASSWORD)
+    if not num:
+        print 'There is nothing to update.'
+        return
+    print 'Done! Updated %d passwords.' % num
--- a/settings.py
+++ b/settings.py
@ -333,7 +333,6 @@ ACCOUNT_ACTIVATION_DAYS = 30

 PASSWORD_HASHERS = (
    'users.hashers.SHA256PasswordHasher',
-    'users.hashers.PasswordDisabledHasher',
 )

 PASSWORD_BLACKLIST = path('configs/password-blacklist.txt')