Fixed #18182 -- Made is_usable_password check if hashing algorithm is correct

from django.contrib.auth import authenticate

from django.contrib.auth.models import User

from django.contrib.auth.hashers import UNUSABLE_PASSWORD, is_password_usable, identify_hasher

from django.contrib.auth.hashers import UNUSABLE_PASSWORD, identify_hasher

from django.contrib.auth.tokens import default_token_generator

from django.contrib.sites.models import get_current_site

class ReadOnlyPasswordHashWidget(forms.Widget):

    def render(self, name, value, attrs):

        encoded = value

        if not is_password_usable(encoded):

            return "None"

        final_attrs = self.build_attrs(attrs)

        if encoded == '' or encoded == UNUSABLE_PASSWORD:

            summary = mark_safe("<strong>%s</strong>" % ugettext("No password set."))

        else:

            try:

                hasher = identify_hasher(encoded)

            except ValueError:

            summary = mark_safe("<strong>Invalid password format or unknown hashing algorithm.</strong>")

                summary = mark_safe("<strong>%s</strong>" % ugettext(

                    "Invalid password format or unknown hashing algorithm."))

            else:

                summary = format_html_join('',

                                           "<strong>{0}</strong>: {1} ",

def is_password_usable(encoded):

    return (encoded is not None and encoded != UNUSABLE_PASSWORD)

    if encoded is None or encoded == UNUSABLE_PASSWORD:

        return False

    try:

        hasher = identify_hasher(encoded)

    except ValueError:

        return False

    return True

def check_password(password, encoded, setter=None, preferred='default'):

        # Just check we can create it

        form = MyUserForm({})

    def test_unsuable_password(self):

        user = User.objects.get(username='empty_password')

        user.set_unusable_password()

        user.save()

        form = UserChangeForm(instance=user)

        self.assertIn(_("No password set."), form.as_table())

    def test_bug_17944_empty_password(self):

        user = User.objects.get(username='empty_password')

        form = UserChangeForm(instance=user)

        # Just check that no error is raised.

        form.as_table()

        self.assertIn(_("Invalid password format or unknown hashing algorithm."),

            form.as_table())

    def test_bug_17944_unmanageable_password(self):

        user = User.objects.get(username='unmanageable_password')

        form = UserChangeForm(instance=user)

        # Just check that no error is raised.

        form.as_table()

        self.assertIn(_("Invalid password format or unknown hashing algorithm."),

            form.as_table())

    def test_bug_17944_unknown_password_algorithm(self):

        user = User.objects.get(username='unknown_password')

        form = UserChangeForm(instance=user)

        # Just check that no error is raised.

        form.as_table()

        self.assertIn(_("Invalid password format or unknown hashing algorithm."),

            form.as_table())

@override_settings(USE_TZ=False, PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',))

        self.assertRaises(ValueError, doit)

        self.assertRaises(ValueError, identify_hasher, "lolcat$salt$hash")

    def test_bad_encoded(self):

        self.assertFalse(is_password_usable('letmein_badencoded'))

        self.assertFalse(is_password_usable(''))

    def test_low_level_pkbdf2(self):

        hasher = PBKDF2PasswordHasher()

        encoded = hasher.encode('letmein', 'seasalt')