[Django] #36226: Only PBKDF2PasswordHasher supports str and bytes password

[Django]

#36226: Only PBKDF2PasswordHasher supports str and bytes password
----------------------------+----------------------------------------
Reporter: Jason Held | Type: Bug
Status: new | Component: contrib.auth
Version: 5.1 | Severity: Normal
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
----------------------------+----------------------------------------
The other password hashers in their `encode` method all at some point call
`.encode` on their password in some way. Thus, the other hasher classes,
in the django source code, do not support the API and docstring of
`make_password`.
This seems pretty easy to fix on the whole and I'd be happy to make a PR
for it.
--
Ticket URL: <https://code.djangoproject.com/ticket/36226>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#36226: Only PBKDF2PasswordHasher supports str and bytes password

------------------------------+------------------------------------
Reporter: Jason Held | Owner: (none)

Type: Bug | Status: new
Component: contrib.auth | Version: 5.1

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

------------------------------+------------------------------------
Changes (by Sarah Boyce):

* stage: Unreviewed => Accepted

Comment:

Replicated thank you! PRs welcome
{{{#!diff
--- a/tests/auth_tests/test_hashers.py
+++ b/tests/auth_tests/test_hashers.py
@@ -520,6 +520,19 @@ class TestUtilsHashPass(SimpleTestCase):
with self.assertRaisesMessage(ValueError, msg):
hasher.encode("password", salt)

+ def test_password_bytes(self):
+ hasher_classes = [
+ MD5PasswordHasher,
+ PBKDF2PasswordHasher,
+ PBKDF2SHA1PasswordHasher,
+ ScryptPasswordHasher,
+ ]
+ for hasher_class in hasher_classes:
+ hasher = hasher_class()
+ with self.subTest(hasher_class.__name__):
+ encoded = hasher.encode(b"password", hasher.salt())
+ self.assertTrue(hasher.verify(b"password", encoded))
+
def test_encode_password_required(self):
hasher_classes = [
MD5PasswordHasher,
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/36226#comment:1>

[Django]

#36226: Only PBKDF2PasswordHasher supports str and bytes password

------------------------------+-----------------------------------------
Reporter: Jason Held | Owner: Screamadelica
Type: Bug | Status: assigned

Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

------------------------------+-----------------------------------------
Changes (by Screamadelica):

* owner: (none) => Screamadelica
* status: new => assigned

Comment:

Hi, I'm new to this community and find this a decent good first issue. I
will try to fix this bug :)
--
Ticket URL: <https://code.djangoproject.com/ticket/36226#comment:2>

[Django]

#36226: Only PBKDF2PasswordHasher supports str and bytes password
------------------------------+-----------------------------------------
Reporter: Jason Held | Owner: Screamadelica
Type: Bug | Status: assigned
Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+-----------------------------------------

Changes (by Antoliny):

* has_patch: 0 => 1

--
Ticket URL: <https://code.djangoproject.com/ticket/36226#comment:3>

[Django]

#36226: Only PBKDF2PasswordHasher supports str and bytes password
------------------------------+-----------------------------------------
Reporter: Jason Held | Owner: Screamadelica
Type: Bug | Status: assigned
Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+-----------------------------------------

Comment (by Screamadelica):

Just finished a pr and all checks have passed.
https://github.com/django/django/pull/19231
--
Ticket URL: <https://code.djangoproject.com/ticket/36226#comment:4>

[Django]

#36226: Only PBKDF2PasswordHasher supports str and bytes password
------------------------------+-----------------------------------------
Reporter: Jason Held | Owner: Screamadelica
Type: Bug | Status: assigned
Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+-----------------------------------------

Comment (by Antoliny):

Replying to [comment:4 Screamadelica]:

> Just finished a pr and all checks have passed.
> https://github.com/django/django/pull/19231

It looks like you've submitted a PR, so I’ve set the "has patch" flag.
Now, all that’s left is to wait for reviews from the fellows :)
--
Ticket URL: <https://code.djangoproject.com/ticket/36226#comment:5>

[Django]

#36226: Only PBKDF2PasswordHasher supports str and bytes password
------------------------------+-----------------------------------------
Reporter: Jason Held | Owner: Screamadelica
Type: Bug | Status: assigned
Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+-----------------------------------------

Comment (by Screamadelica):

Replying to [comment:5 Antoliny]:

> Replying to [comment:4 Screamadelica]:
> > Just finished a pr and all checks have passed.
> > https://github.com/django/django/pull/19231
>
> It looks like you've submitted a PR, so I’ve set the "has patch" flag.
Now, all that’s left is to wait for reviews from the fellows :)

Thanks a lot, I will remember to change the flag after submitting PR later
:)
--
Ticket URL: <https://code.djangoproject.com/ticket/36226#comment:6>

[Django]

#36226: Only PBKDF2PasswordHasher supports str and bytes password
------------------------------+-----------------------------------------
Reporter: Jason Held | Owner: Screamadelica
Type: Bug | Status: assigned
Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1

Easy pickings: 0 | UI/UX: 0
------------------------------+-----------------------------------------

Changes (by Sarah Boyce):

* needs_better_patch: 0 => 1

--
Ticket URL: <https://code.djangoproject.com/ticket/36226#comment:7>

[Django]

#36226: Only PBKDF2PasswordHasher supports str and bytes password
------------------------------+-----------------------------------------
Reporter: Jason Held | Owner: Screamadelica
Type: Bug | Status: assigned
Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
------------------------------+-----------------------------------------

Comment (by Roelzkie):

Replying to [comment:7 Sarah Boyce]:

Hi Sarah, What's the status of this ticket? Can you re-assign this ticket
to me? It seems like the owner is not actively improving the PR anymore.
--
Ticket URL: <https://code.djangoproject.com/ticket/36226#comment:8>

[Django]

#36226: Only PBKDF2PasswordHasher supports str and bytes password
------------------------------+-----------------------------------------
Reporter: Jason Held | Owner: Screamadelica
Type: Bug | Status: assigned
Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
------------------------------+-----------------------------------------

Comment (by Jacob Walls):

The prior owner closed their PR, so it's fair to set yourself in the owner
field.
--
Ticket URL: <https://code.djangoproject.com/ticket/36226#comment:9>

[Django]

#36226: Only PBKDF2PasswordHasher supports str and bytes password
------------------------------+-----------------------------------------
Reporter: Jason Held | Owner: Screamadelica
Type: Bug | Status: assigned
Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
------------------------------+-----------------------------------------

Comment (by Roelzkie):

Please check this new [https://github.com/django/django/pull/19626 PR].
Thank you.
--
Ticket URL: <https://code.djangoproject.com/ticket/36226#comment:10>

[Django]

#36226: Only PBKDF2PasswordHasher supports str and bytes password

------------------------------+------------------------------------
Reporter: Jason Held | Owner: Roelzkie

Type: Bug | Status: assigned
Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
------------------------------+------------------------------------

Changes (by Roelzkie):

* owner: Screamadelica => Roelzkie

Comment:

Replying to [comment:9 Jacob Walls]:

> The prior owner closed their PR, so it's fair to set yourself in the
owner field.

Thanks for the confirmation, Jacob. I set myself as the owner of this
ticket and have created a PR.
--
Ticket URL: <https://code.djangoproject.com/ticket/36226#comment:11>

[Django]

#36226: Only PBKDF2PasswordHasher supports str and bytes password
------------------------------+------------------------------------
Reporter: Jason Held | Owner: Roelzkie
Type: Bug | Status: assigned
Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
------------------------------+------------------------------------
Changes (by Roelzkie):

* cc: Roelzkie (added)
* needs_better_patch: 1 => 0

--
Ticket URL: <https://code.djangoproject.com/ticket/36226#comment:12>

[Django]

#36226: Only PBKDF2PasswordHasher supports str and bytes password
------------------------------+------------------------------------
Reporter: Jason Held | Owner: Roelzkie
Type: Bug | Status: assigned
Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 1

Easy pickings: 0 | UI/UX: 0
------------------------------+------------------------------------

Changes (by Sarah Boyce):

* needs_better_patch: 0 => 1

--
Ticket URL: <https://code.djangoproject.com/ticket/36226#comment:13>

[Django]

#36226: Only PBKDF2PasswordHasher supports str and bytes password
------------------------------+------------------------------------
Reporter: Jason Held | Owner: Roelzkie
Type: Bug | Status: assigned
Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution:

Keywords: auth | Triage Stage: Accepted

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
------------------------------+------------------------------------

Changes (by Roelzkie):

* keywords: => auth

* needs_better_patch: 1 => 0

--
Ticket URL: <https://code.djangoproject.com/ticket/36226#comment:14>

[Django]

#36226: Only PBKDF2PasswordHasher supports str and bytes password

-------------------------------------+-------------------------------------

Reporter: Jason Held | Owner: Roelzkie
Type: Bug | Status: assigned
Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution:

Keywords: auth | Triage Stage: Ready for
| checkin

Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------------+-------------------------------------
Changes (by Sarah Boyce):

* stage: Accepted => Ready for checkin

--
Ticket URL: <https://code.djangoproject.com/ticket/36226#comment:15>

[Django]

#36226: Only PBKDF2PasswordHasher supports str and bytes password
-------------------------------------+-------------------------------------
Reporter: Jason Held | Owner: Roelzkie

Type: Bug | Status: closed
Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution: fixed

Keywords: auth | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Sarah Boyce <42296566+sarahboyce@…>):

* resolution: => fixed
* status: assigned => closed

Comment:

In [changeset:"78fac1b0473ed8960ecd2a30aca4fa8420d150b8" 78fac1b]:
{{{#!CommitTicketReference repository=""
revision="78fac1b0473ed8960ecd2a30aca4fa8420d150b8"
Fixed #36226 -- Accepted str or bytes for password and salt in password
hashers.

Co-authored-by: Screamadelica <16214...@sjtu.edu.cn>
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/36226#comment:16>