Commit dec21a1d authored by Aymeric Augustin's avatar Aymeric Augustin
Browse files

Removed deprecated and undocumented function django.contrib.formtools.utils.security_hash(). 


git-svn-id: http://code.djangoproject.com/svn/django/trunk@17841 bcc190cf-cafb-0310-a4f2-bffc1f526a37
parent c7229c68

django/contrib/formtools/tests/__init__.py

+0 −33
Original line number Diff line number Diff line
@@ -172,39 +172,6 @@ class PreviewTests(FormToolsTestCase): 
        self.assertNotEqual(response.content, success_string)





class SecurityHashTests(unittest.TestCase):

    def setUp(self):

        self._warnings_state = get_warnings_state()

        warnings.filterwarnings('ignore', category=DeprecationWarning,

                                module='django.contrib.formtools.utils')



    def tearDown(self):

        restore_warnings_state(self._warnings_state)



    def test_textfield_hash(self):

        """

        Regression test for #10034: the hash generation function should ignore

        leading/trailing whitespace so as to be friendly to broken browsers that

        submit it (usually in textareas).

        """

        f1 = HashTestForm({'name': 'joe', 'bio': 'Nothing notable.'})

        f2 = HashTestForm({'name': '  joe', 'bio': 'Nothing notable.  '})

        hash1 = utils.security_hash(None, f1)

        hash2 = utils.security_hash(None, f2)

        self.assertEqual(hash1, hash2)



    def test_empty_permitted(self):

        """

        Regression test for #10643: the security hash should allow forms with

        empty_permitted = True, or forms where data has not changed.

        """

        f1 = HashTestBlankForm({})

        f2 = HashTestForm({}, empty_permitted=True)

        hash1 = utils.security_hash(None, f1)

        hash2 = utils.security_hash(None, f2)

        self.assertEqual(hash1, hash2)





class FormHmacTests(unittest.TestCase):

    """

    Same as SecurityHashTests, but with form_hmac

django/contrib/formtools/utils.py

+0 −34
Original line number Diff line number Diff line
@@ -3,43 +3,9 @@ try: 
except ImportError:

    import pickle



import hashlib

from django.conf import settings

from django.utils.crypto import salted_hmac





def security_hash(request, form, *args):

    """

    Calculates a security hash for the given Form instance.



    This creates a list of the form field names/values in a deterministic

    order, pickles the result with the SECRET_KEY setting, then takes an md5

    hash of that.

    """

    import warnings

    warnings.warn("security_hash is deprecated; use form_hmac instead",

                  DeprecationWarning)

    data = []

    for bf in form:

        # Get the value from the form data. If the form allows empty or hasn't

        # changed then don't call clean() to avoid trigger validation errors.

        if form.empty_permitted and not form.has_changed():

            value = bf.data or ''

        else:

            value = bf.field.clean(bf.data) or ''

        if isinstance(value, basestring):

            value = value.strip()

        data.append((bf.name, value))

        

    data.extend(args)

    data.append(settings.SECRET_KEY)



    # Use HIGHEST_PROTOCOL because it's the most efficient.

    pickled = pickle.dumps(data, pickle.HIGHEST_PROTOCOL)



    return hashlib.md5(pickled).hexdigest()





def form_hmac(form):

    """

    Calculates a security hash for the given Form instance.