Fixed #36546 -- Deprecated django.utils.crypto.constant_time_compare() in favor of hmac.compare_digest().

Signed-off-by: SaJH <wogur981208@gmail.com>
2025-11-22 20:16:24 +00:00 · 2025-08-22 15:32:09 +02:00 · 2025-08-22 15:32:09 +02:00 · 0246f47888
commit 0246f47888
parent 3ba24c18e7
9 changed files with 48 additions and 24 deletions
--- a/tests/utils_tests/test_crypto.py
+++ b/tests/utils_tests/test_crypto.py
@ -2,15 +2,19 @@ import hashlib
 import unittest

 from django.test import SimpleTestCase
+from django.test.utils import ignore_warnings
 from django.utils.crypto import (
    InvalidAlgorithm,
    constant_time_compare,
    pbkdf2,
    salted_hmac,
 )
+from django.utils.deprecation import RemovedInDjango70Warning


 class TestUtilsCryptoMisc(SimpleTestCase):
+    # RemovedInDjango70Warning.
+    @ignore_warnings(category=RemovedInDjango70Warning)
    def test_constant_time_compare(self):
        # It's hard to test for constant time, just test the result.
        self.assertTrue(constant_time_compare(b"spam", b"spam"))
@ -18,6 +22,15 @@ class TestUtilsCryptoMisc(SimpleTestCase):
        self.assertTrue(constant_time_compare("spam", "spam"))
        self.assertFalse(constant_time_compare("spam", "eggs"))

+    def test_constant_time_compare_deprecated(self):
+        msg = (
+            "constant_time_compare() is deprecated. "
+            "Use hmac.compare_digest() instead."
+        )
+        with self.assertWarnsMessage(RemovedInDjango70Warning, msg) as ctx:
+            constant_time_compare(b"spam", b"spam")
+        self.assertEqual(ctx.filename, __file__)
+
    def test_salted_hmac(self):
        tests = [
            ((b"salt", b"value"), {}, "b51a2e619c43b1ca4f91d15c57455521d71d61eb"),