#36179: hexed strings in common passwords database are not handled
-------------------------------------+-------------------------------------
Reporter: Michel Le Bihan | Owner: Michel Le
| Bihan
Type: Bug | Status: new
Component: contrib.auth | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
CommonPasswordValidator |
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Sarah Boyce):
* stage: Unreviewed => Accepted
Comment:
Ah thank you!
Folks can de-hex using this tool:
https://www.rapidtables.com/convert/number/hex-to-ascii.html
Here is a regression test:
{{{#!diff
--- a/tests/auth_tests/test_validators.py
+++ b/tests/auth_tests/test_validators.py
@@ -273,6 +273,15 @@ class CommonPasswordValidatorTest(SimpleTestCase):
CommonPasswordValidator().validate("godzilla")
self.assertEqual(cm.exception.messages, [expected_error])
+ def test_common_hexed_codes(self):
+ expected_error = "This password is too common."
+ common_hexed_passwords = ["asdfjkl:", "ठ:"]
+ for password in common_hexed_passwords:
+ with self.subTest(password=password):
+ with self.assertRaises(ValidationError) as cm:
+ CommonPasswordValidator().validate(password)
+ self.assertEqual(cm.exception.messages, [expected_error])
+
def test_validate_custom_list(self):
path = os.path.join(
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/36179#comment:8>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/01070194ef75ca7e-c17ed073-8ac7-40b1-b1a1-9c92c6d3c92c-000000%40eu-central-1.amazonses.com.
