CGM_Public/pretix_cgo
1
0
Fork 0
forked from CGM_Public/pretix_original
Code Pull Requests Actions Activity

Fix #4641 -- Make usage of argon2id optional (#4643)

Browse Source
This commit is contained in:
Raphael Michel
2024-11-26 17:31:27 +01:00
committed by GitHub
parent 391eda25da
commit 7dd455ce15
3 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
doc/admin/config.rst
View File

@@ -288,6 +288,7 @@ Example::
[django] [django]
secret=j1kjps5a5&4ilpn912s7a1!e2h!duz^i3&idu@_907s$wrz@x- secret=j1kjps5a5&4ilpn912s7a1!e2h!duz^i3&idu@_907s$wrz@x-
debug=off debug=off
passwords_argon2=on
``secret`` ``secret``
The secret to be used by Django for signing and verification purposes. If this The secret to be used by Django for signing and verification purposes. If this
@@ -303,6 +304,10 @@ Example::
.. WARNING:: Never set this to ``True`` in production! .. WARNING:: Never set this to ``True`` in production!
``passwords_argon``
Use the ``argon2`` algorithm for password hashing. Disable on systems with a small number of CPU cores (currently
less than 8).
``profile`` ``profile``
Enable code profiling for a random subset of requests. Disabled by default, see Enable code profiling for a random subset of requests. Disabled by default, see
:ref:`perf-monitoring` for details. :ref:`perf-monitoring` for details.

10
src/pretix/base/migrations/0001_squashed_0028_auto_20160816_1242.py
View File

@@ -9,6 +9,7 @@ from decimal import Decimal
import django.core.validators import django.core.validators
import django.db.models.deletion import django.db.models.deletion
import i18nfield.fields import i18nfield.fields
from argon2.exceptions import HashingError
from django.conf import settings from django.conf import settings
from django.contrib.auth.hashers import make_password from django.contrib.auth.hashers import make_password
from django.db import migrations, models from django.db import migrations, models
@@ -25,7 +26,14 @@ def initial_user(apps, schema_editor):
user = User(email='admin@localhost') user = User(email='admin@localhost')
user.is_staff = True user.is_staff = True
user.is_superuser = True user.is_superuser = True
user.password = make_password('admin') try:
user.password = make_password('admin')
except HashingError:
raise Exception(
"Could not hash password of initial user with argon2id. If this is a system with less than 8 CPU cores, "
"you might need to disable argon2id by setting `passwords_argon2=off` in the `[django]` section of the "
"pretix.cfg configuration file."
)
user.save() user.save()

6
src/pretix/settings.py
View File

@@ -726,7 +726,11 @@ PASSWORD_HASHERS = [
# the HistoricPassword model will not be changed automatically. In case a serious issue with a hasher # the HistoricPassword model will not be changed automatically. In case a serious issue with a hasher
# comes to light, dropping the contents of the HistoricPassword table might be the more risk-adequate # comes to light, dropping the contents of the HistoricPassword table might be the more risk-adequate
# decision. # decision.
"django.contrib.auth.hashers.Argon2PasswordHasher", *(
["django.contrib.auth.hashers.Argon2PasswordHasher"]
if config.getboolean('django', 'passwords_argon2', fallback=True)
else []
),
"django.contrib.auth.hashers.PBKDF2PasswordHasher", "django.contrib.auth.hashers.PBKDF2PasswordHasher",
"django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher", "django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher",
"django.contrib.auth.hashers.BCryptSHA256PasswordHasher", "django.contrib.auth.hashers.BCryptSHA256PasswordHasher",