Turn a plain-text password into a hash for database storage Same as encode() but generate a new random salt. If password is None then return a concatenation of UNUSABLE_PASSWORD_PREFIX and a random string, which disallows logins. Additional random string reduces chances of gaining
(password, salt=None, hasher="default")
| 98 | |
| 99 | |
| 100 | def make_password(password, salt=None, hasher="default"): |
| 101 | """ |
| 102 | Turn a plain-text password into a hash for database storage |
| 103 | |
| 104 | Same as encode() but generate a new random salt. If password is None then |
| 105 | return a concatenation of UNUSABLE_PASSWORD_PREFIX and a random string, |
| 106 | which disallows logins. Additional random string reduces chances of gaining |
| 107 | access to staff or superuser accounts. See ticket #20079 for more info. |
| 108 | """ |
| 109 | if password is None: |
| 110 | return UNUSABLE_PASSWORD_PREFIX + get_random_string( |
| 111 | UNUSABLE_PASSWORD_SUFFIX_LENGTH |
| 112 | ) |
| 113 | if not isinstance(password, (bytes, str)): |
| 114 | raise TypeError( |
| 115 | "Password must be a string or bytes, got %s." % type(password).__qualname__ |
| 116 | ) |
| 117 | hasher = get_hasher(hasher) |
| 118 | salt = salt or hasher.salt() |
| 119 | return hasher.encode(password, salt) |
| 120 | |
| 121 | |
| 122 | @functools.lru_cache |