Can I use an identity hasher for testing?

Question

I have some tests for which I need to create fully-functional test users. I do this by subclassing TestCase in my tests, and initializing my test database in the setUp method. However, in order to create fully functional users, I need to give them useful passwords by calling make_password

This is sufficiently computationally intensive to cause my development server (a Raspberry Pi) to take multiple seconds for each test.

My question is: can I force Django to just not hash the password during tests? This would significantly improve the performance of my test suite, and give me all the benefits that come along with that.

Just out of curiosity, why are you testing on a Raspberry Pi? Why don't you just test locally or use a VM? — Blender, May 18 '13 at 16:35
@JakubM.: The whole point of hashing functions like Bcrypt and PBKDF2 is to be as slow as possible. — Blender, May 18 '13 at 17:33

score 1 · Accepted Answer · answered May 18 '13 at 16:33

1

Perhaps this is what you're looking for: https://docs.djangoproject.com/en/dev/topics/auth/passwords/

Basically, create a subclass of django.contrib.auth.hashers.PBKDF2PasswordHasher and add your new hasher as the first entry in PASSWORD_HASHERS in your settings.

answered May 18 '13 at 16:33

janos

120,954
29
226
236

This is a security problem. Can I enable this only during tests? – alexgolec May 18 '13 at 16:33
Does `override_settings` on a test function also apply to the `setUp` method? – alexgolec May 18 '13 at 17:04
I don't see why it wouldn't work. Note that you can specify an alternative settings file just when running the tests, with `python manage.py test --settings=test_settings` See my related answer on using custom settings http://stackoverflow.com/a/14545196/641955 – janos May 18 '13 at 18:03

Can I use an identity hasher for testing?

1 Answers1