From cf955fc53bdc5601333da586bc044ff10c8cfb4f Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Thu, 12 May 2022 07:08:19 +0200
Subject: [PATCH] Remove symfony hasher

---
 photo21/hashers.py  | 55 ---------------------------------------------
 photo21/settings.py |  5 -----
 2 files changed, 60 deletions(-)
 delete mode 100644 photo21/hashers.py

diff --git a/photo21/hashers.py b/photo21/hashers.py
deleted file mode 100644
index 4108f9c..0000000
--- a/photo21/hashers.py
+++ /dev/null
@@ -1,55 +0,0 @@
-# This file is part of photo21
-# Copyright (C) 2022  Amicale des élèves de l'ENS Paris-Saclay
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-import base64
-import hashlib
-from collections import OrderedDict
-
-from django.contrib.auth.hashers import BasePasswordHasher, mask_hash
-from django.utils.crypto import constant_time_compare
-from django.utils.encoding import force_bytes
-from django.utils.translation import gettext_noop as _
-
-
-class SHA512PasswordHasher(BasePasswordHasher):
-    """
-    The SHA512 password hashing algorithm
-
-    It is used to migrate passwords from old Symfony2 photos server.
-    https://github.com/symfony/symfony/blob/2.8/src/Symfony/Component/Security/Core/Encoder/MessageDigestPasswordEncoder.php
-    """
-
-    algorithm = "sha512"
-
-    def encode(self, password, iteration, salt):
-        assert password is not None
-        assert salt and "$" not in salt
-        salted = force_bytes(password + "{" + salt + "}")
-        digest = hashlib.sha512(salted).digest()
-        # "stretch" hash
-        for _i in range(1, int(iteration)):
-            digest = hashlib.sha512(digest + salted).digest()
-        digest = base64.b64encode(digest).decode()
-        encoded = "%s$%s$%s$%s" % (self.algorithm, iteration, salt, digest)
-        return encoded[:128]
-
-    def verify(self, password, encoded):
-        algorithm, iteration, salt, hash = encoded.split("$", 3)
-        assert algorithm == self.algorithm
-        encoded_2 = self.encode(password, iteration, salt)
-        return constant_time_compare(encoded, encoded_2)
-
-    def safe_summary(self, encoded):
-        algorithm, iteration, salt, hash = encoded.split("$", 3)
-        assert algorithm == self.algorithm
-        return OrderedDict(
-            [
-                (_("algorithm"), algorithm),
-                (_("salt"), mask_hash(salt, show=2)),
-                (_("hash"), mask_hash(hash)),
-            ]
-        )
-
-    def harden_runtime(self, password, encoded):
-        pass
diff --git a/photo21/settings.py b/photo21/settings.py
index 0375594..9c97c88 100644
--- a/photo21/settings.py
+++ b/photo21/settings.py
@@ -139,11 +139,6 @@ AUTH_PASSWORD_VALIDATORS = [
     },
 ]
 
-PASSWORD_HASHERS = [
-    "django.contrib.auth.hashers.PBKDF2PasswordHasher",
-    "photo21.hashers.SHA512PasswordHasher",
-]
-
 
 # Internationalization
 # https://docs.djangoproject.com/en/2.2/topics/i18n/