tests: Downgrade deprecated SHA1PasswordHasher to MD5PasswordHasher.

SHA1PasswordHasher will be removed in Django 5.1. MD5PasswordHasher will remain for exactly this purpose of speeding up tests. Use MD5PasswordHasher by default, but leave SHA1PasswordHasher in the list for compatibility with test databases that have already been generated. Once some other change forces test databases to be rebuilt, we can remove SHA1PasswordHasher. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-04-04 11:56:11 -07:00 · 2024-04-04 11:56:11 -07:00 · ac5161f439
parent e5fd761562
commit ac5161f439
1 changed files with 5 additions and 4 deletions
--- a/zproject/computed_settings.py
+++ b/zproject/computed_settings.py
@ -415,20 +415,21 @@ LANGUAGE_COOKIE_SAMESITE: Final = "Lax"
 if DEVELOPMENT:
    # Use fast password hashing for creating testing users when not
    # PRODUCTION.  Saves a bunch of time.
-    PASSWORD_HASHERS = (
+    PASSWORD_HASHERS = [
+        "django.contrib.auth.hashers.MD5PasswordHasher",
        "django.contrib.auth.hashers.SHA1PasswordHasher",
        "django.contrib.auth.hashers.PBKDF2PasswordHasher",
-    )
+    ]
    # Also we auto-generate passwords for the default users which you
    # can query using ./manage.py print_initial_password
    INITIAL_PASSWORD_SALT = get_secret("initial_password_salt")
 else:
    # For production, use the best password hashing algorithm: Argon2
    # Zulip was originally on PBKDF2 so we need it for compatibility
-    PASSWORD_HASHERS = (
+    PASSWORD_HASHERS = [
        "django.contrib.auth.hashers.Argon2PasswordHasher",
        "django.contrib.auth.hashers.PBKDF2PasswordHasher",
-    )
+    ]

 ########################################################################
 # API/BOT SETTINGS