Opened 3 days ago
Closed 2 days ago
#36400 closed Bug (needsinfo)
CommonPasswordValidator fails on plaintext list of common passwords
| Reported by: | tpazderka | Owned by: | |
|---|---|---|---|
| Component: | contrib.auth | Version: | 5.1 |
| Severity: | Normal | Keywords: | |
| Cc: | tpazderka | Triage Stage: | Unreviewed |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
As per documentation, the file that is passed to the CommonPassowrodValidator can be either plaintext or gzipped.
We have been using plaintext version which worked previously, but stopped working after upgrade to 5.1.9 with the following stacktrace:
File "/app/venv/lib/python3.13/site-packages/django/contrib/auth/password_validation.py", line 237, in __init__
self.passwords = {x.strip() for x in f}
^
File "/usr/local/lib/python3.13/gzip.py", line 353, in read1
return self._buffer.read1(size)
~~~~~~~~~~~~~~~~~~^^^^^^
File "/usr/local/lib/python3.13/_compression.py", line 68, in readinto
data = self.read(len(byte_view))
File "/usr/local/lib/python3.13/gzip.py", line 546, in read
if not self._read_gzip_header():
~~~~~~~~~~~~~~~~~~~~~~^^
File "/usr/local/lib/python3.13/gzip.py", line 515, in _read_gzip_header
last_mtime = _read_gzip_header(self._fp)
File "/usr/local/lib/python3.13/gzip.py", line 475, in _read_gzip_header
raise BadGzipFile('Not a gzipped file (%r)' % magic)
gzip.BadGzipFile: Not a gzipped file (b'pa')
Taking the same file and running it through gzip common-passwords.txt fixes the issue.
Python version: 3.13.3
Django version: 5.1.9
Note:
See TracTickets
for help on using tickets.
I'm not sure why this is giving you trouble. There's a test for this in Django's test suite.
The code that raises the exception is wrapped in
try/except OSErrorandI'm skeptical that Django is at fault. What version of Django worked previously for you? Are you sure that's the only difference?