Re: [Django] #19687: UnsaltedMD5PasswordHasher throws exception on verify() with md5$$SALT

2013-01-29 Thread Django 
#19687: UnsaltedMD5PasswordHasher throws exception on verify() with md5$$SALT
--+--
 Reporter:  twig@…|Owner:  nobody
 Type:  Bug   |   Status:  closed
Component:  contrib.auth  |  Version:  1.4
 Severity:  Normal|   Resolution:  duplicate
 Keywords:  login | Triage Stage:  Unreviewed
Has patch:  1 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  1 |UI/UX:  0
--+--
Changes (by claudep):

 * status:  new => closed
 * resolution:   => duplicate


Comment:

 Duplicate of #18144

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [Django] #19687: UnsaltedMD5PasswordHasher throws exception on verify() with md5$$SALT

2013-01-28 Thread Django 
#19687: UnsaltedMD5PasswordHasher throws exception on verify() with md5$$SALT
--+--
 Reporter:  twig@…|Owner:  nobody
 Type:  Bug   |   Status:  new
Component:  contrib.auth  |  Version:  1.4
 Severity:  Normal|   Resolution:
 Keywords:  login | Triage Stage:  Unreviewed
Has patch:  1 |  Needs documentation:  0
  Needs tests:  0 |  Patch needs improvement:  0
Easy pickings:  1 |UI/UX:  0
--+--
Changes (by twig@…):

 * needs_better_patch:   => 0
 * needs_tests:   => 0
 * needs_docs:   => 0


Comment:

 I've made a pull request at https://github.com/django/django/pull/681

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Django] #19687: UnsaltedMD5PasswordHasher throws exception on verify() with md5$$SALT

2013-01-28 Thread Django 
#19687: UnsaltedMD5PasswordHasher throws exception on verify() with md5$$SALT
--+
 Reporter:  twig@…|  Owner:  nobody
 Type:  Bug   | Status:  new
Component:  contrib.auth  |Version:  1.4
 Severity:  Normal|   Keywords:  login
 Triage Stage:  Unreviewed|  Has patch:  1
Easy pickings:  1 |  UI/UX:  0
--+
 After upgrading from v1.2.7 to 1.4.3, users had no way of logging in.

 I noticed that the UnsaltedMD5PasswordHasher.verify() was passing the
 wrong arguments to constant_time_compare(). The arg "encoded" includes the
 algorithm and prefix "md5$$", so we need to strip it out first.


 Should change:
 {{{
 return constant_time_compare(encoded, encoded_2
 }}}


 To:
 {{{
 return constant_time_compare(encoded[5:], encoded_2)
 }}}

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.