mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-24 13:44:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Refs #27468 -- Made user sessions use SHA-256 algorithm.

Browse source
This commit is contained in:
Mariusz Felisiak 2020-04-29 16:45:00 +02:00 committed by GitHub
parent 5869afe32b
commit 54646a423b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 57 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

11
tests/auth_tests/test_middleware.py
View file

@ -1,3 +1,4 @@
from django.contrib.auth import HASH_SESSION_KEY
from django.contrib.auth.middleware import AuthenticationMiddleware
from django.contrib.auth.models import User
from django.http import HttpRequest, HttpResponse
@ -18,6 +19,16 @@ class TestAuthenticationMiddleware(TestCase):
self.assertIsNotNone(self.request.user)
self.assertFalse(self.request.user.is_anonymous)
def test_no_password_change_does_not_invalidate_legacy_session(self):
# RemovedInDjango40Warning: pre-Django 3.1 hashes will be invalid.
session = self.client.session
session[HASH_SESSION_KEY] = self.user._legacy_get_session_auth_hash()
session.save()
self.request.session = session
self.middleware(self.request)
self.assertIsNotNone(self.request.user)
self.assertFalse(self.request.user.is_anonymous)
def test_changed_password_invalidates_session(self):
# After password change, user should be anonymous
self.user.set_password('new_password')