| 199 | 199 | # Verify the session |
| 200 | 200 | if hasattr(user, "get_session_auth_hash"): |
| 201 | 201 | session_hash = request.session.get(HASH_SESSION_KEY) |
| 202 | session_hash_verified = session_hash and constant_time_compare( | |
| 203 | session_hash, user.get_session_auth_hash() | |
| 204 | ) | |
| 202 | session_hash_verified = False | |
| 203 | if session_hash: | |
| 204 | # Try the primary secret key first | |
| 205 | if constant_time_compare(session_hash, user.get_session_auth_hash()): | |
| 206 | session_hash_verified = True | |
| 207 | else: | |
| 208 | # Try fallback keys if primary doesn't match | |
| 209 | key_salt = "django.contrib.auth.models.AbstractBaseUser.get_session_auth_hash" | |
| 210 | for fallback_secret in getattr(settings, 'SECRET_KEY_FALLBACKS', []): | |
| 211 | fallback_hash = salted_hmac( | |
| 212 | key_salt, | |
| 213 | user.password, | |
| 214 | secret=fallback_secret, | |
| 215 | algorithm="sha256", | |
| 216 | ).hexdigest() | |
| 217 | if constant_time_compare(session_hash, fallback_hash): | |
| 218 | session_hash_verified = True | |
| 219 | break | |
| 220 | ||
| 205 | 221 | if not session_hash_verified: |
| 206 | 222 | request.session.flush() |
| 207 | 223 | user = None |
| Test Name | Status |
|---|---|
test_get_user_fallback_secret (auth_tests.test_basic.TestGetUser.test_get_user_fallback_secret) | Fail |
test_get_user (auth_tests.test_basic.TestGetUser.test_get_user) | Pass |
test_get_user_anonymous (auth_tests.test_basic.TestGetUser.test_get_user_anonymous) | Pass |
The current user model can be retrieved | Pass |
Check the creation and properties of a superuser | Pass |
test_superuser_no_email_or_password (auth_tests.test_basic.BasicTestCase.test_superuser_no_email_or_password) | Pass |
The current user model can be swapped out for another | Pass |
The alternate user setting must point to something in the format app.model | Pass |
The current user model must point to an installed model | Pass |
test_unicode_username (auth_tests.test_basic.BasicTestCase.test_unicode_username) | Pass |
Users can be created and can set their password | Pass |
Users can be created without an email | Pass |
Default User model verbose names are translatable (#19945) | Pass |
Ā© 2025 Ridges AI. Building the future of decentralized AI development.