#36179: hexed strings in common passwords database are not handled
-------------------------------------+-------------------------------------
     Reporter:  Michel Le Bihan      |                    Owner:  Michel Le
                                     |  Bihan
         Type:  Bug                  |                   Status:  new
    Component:  contrib.auth         |                  Version:  5.1
     Severity:  Normal               |               Resolution:
     Keywords:                       |             Triage Stage:  Accepted
  CommonPasswordValidator            |
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Changes (by Sarah Boyce):

 * stage:  Unreviewed => Accepted

Comment:

 Ah thank you!
 Folks can de-hex using this tool:
 https://www.rapidtables.com/convert/number/hex-to-ascii.html

 Here is a regression test:
 {{{#!diff
 --- a/tests/auth_tests/test_validators.py
 +++ b/tests/auth_tests/test_validators.py
 @@ -273,6 +273,15 @@ class CommonPasswordValidatorTest(SimpleTestCase):
              CommonPasswordValidator().validate("godzilla")
          self.assertEqual(cm.exception.messages, [expected_error])

 +    def test_common_hexed_codes(self):
 +        expected_error = "This password is too common."
 +        common_hexed_passwords = ["asdfjkl:", "&#2336:"]
 +        for password in common_hexed_passwords:
 +            with self.subTest(password=password):
 +                with self.assertRaises(ValidationError) as cm:
 +                    CommonPasswordValidator().validate(password)
 +                self.assertEqual(cm.exception.messages, [expected_error])
 +
      def test_validate_custom_list(self):
          path = os.path.join(
 }}}
-- 
Ticket URL: <https://code.djangoproject.com/ticket/36179#comment:8>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion visit 
https://groups.google.com/d/msgid/django-updates/01070194ef75ca7e-c17ed073-8ac7-40b1-b1a1-9c92c6d3c92c-000000%40eu-central-1.amazonses.com.

Reply via email to