From 47360a332031446dbe5667246728c036be4971db Mon Sep 17 00:00:00 2001
From: Julien Palard <julien@palard.fr>
Date: Fri, 21 Apr 2023 09:33:26 +0200
Subject: [PATCH] Dropping passwords.

---
 paste/forms.py                                |  3 -
 paste/locale/fr_FR/LC_MESSAGES/django.po      | 77 ++++++++-----------
 ...ste_password_remove_paste_salt_and_more.py | 34 ++++++++
 paste/models.py                               | 20 -----
 paste/templates/paste/history.html            |  1 -
 paste/templates/paste/index.html              | 11 ---
 paste/templates/paste/locked.html             | 23 ------
 paste/templates/paste/paste-meta.html         |  1 -
 paste/views.py                                | 17 +---
 9 files changed, 69 insertions(+), 118 deletions(-)
 create mode 100644 paste/migrations/0004_remove_paste_password_remove_paste_salt_and_more.py
 delete mode 100644 paste/templates/paste/locked.html

diff --git a/paste/forms.py b/paste/forms.py
index 1be3e24..d0c9135 100644
--- a/paste/forms.py
+++ b/paste/forms.py
@@ -16,7 +16,6 @@ class PasteForm(ModelForm):
         fields = [
             "language",
             "title",
-            "password",
             "content",
             "lifetime",
             "lifecount",
@@ -28,8 +27,6 @@ class PasteForm(ModelForm):
         paste.compute_size()
         if not self.cleaned_data["title"]:
             paste.title = "no title"
-        if self.cleaned_data["password"]:
-            paste.set_password(self.cleaned_data["password"])
         if commit:
             paste.save()
         return paste
diff --git a/paste/locale/fr_FR/LC_MESSAGES/django.po b/paste/locale/fr_FR/LC_MESSAGES/django.po
index c935beb..9edbfb1 100644
--- a/paste/locale/fr_FR/LC_MESSAGES/django.po
+++ b/paste/locale/fr_FR/LC_MESSAGES/django.po
@@ -6,7 +6,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2023-04-21 09:18+0200\n"
+"POT-Creation-Date: 2023-04-21 09:32+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -15,27 +15,27 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 
-#: paste/models.py:12
+#: paste/models.py:10
 msgid "Never expire"
 msgstr "Jamais"
 
-#: paste/models.py:13
+#: paste/models.py:11
 msgid "1 hour"
 msgstr "1 heure"
 
-#: paste/models.py:14
+#: paste/models.py:12
 msgid "1 day"
 msgstr "1 jour"
 
-#: paste/models.py:15
+#: paste/models.py:13
 msgid "1 week"
 msgstr "1 semaine"
 
-#: paste/models.py:16
+#: paste/models.py:14
 msgid "1 month"
 msgstr ""
 
-#: paste/models.py:17
+#: paste/models.py:15
 msgid "1 year"
 msgstr ""
 
@@ -105,17 +105,7 @@ msgstr "Protection"
 msgid "Views"
 msgstr "Vues"
 
-#: paste/templates/paste/history.html:27
-#: paste/templates/paste/paste-meta.html:20
-msgid "locked"
-msgstr "verrouillé"
-
-#: paste/templates/paste/history.html:27
-#: paste/templates/paste/paste-meta.html:20
-msgid "open"
-msgstr "ouvert"
-
-#: paste/templates/paste/history.html:32
+#: paste/templates/paste/history.html:31
 msgid "Nothing has been pasted yet"
 msgstr "Rien n'a encore été collé"
 
@@ -136,41 +126,42 @@ msgid "Expire allowed views"
 msgstr "Expiration nombre d'affichages"
 
 #: paste/templates/paste/index.html:63
-msgid "Password protected"
-msgstr "Protection par mot de passe"
-
-#: paste/templates/paste/index.html:74
 msgid "Paste"
 msgstr "Coller"
 
-#: paste/templates/paste/locked.html:7
-msgid "This paste is password protected"
-msgstr "Protégé par un mot de passe"
-
-#: paste/templates/paste/locked.html:8
-msgid ""
-"Please enter the password in the field below to unlock the paste and display "
-"it"
-msgstr ""
-"Veuillez entrer le mot de passe dans le champ ci-dessous pour déverrouiller "
-"le collage et l'afficher"
-
-#: paste/templates/paste/locked.html:12
-msgid "Password"
-msgstr "Mot de passe"
-
-#: paste/templates/paste/locked.html:20
-msgid "Unlock"
-msgstr "Déverrouiller"
-
 #: paste/templates/paste/paste-meta.html:10
 msgid "Visibility"
 msgstr "Visibilité"
 
-#: paste/templates/paste/paste-meta.html:22
+#: paste/templates/paste/paste-meta.html:21
 msgid "None"
 msgstr "Aucune"
 
+#~ msgid "locked"
+#~ msgstr "verrouillé"
+
+#~ msgid "open"
+#~ msgstr "ouvert"
+
+#~ msgid "Password protected"
+#~ msgstr "Protection par mot de passe"
+
+#~ msgid "This paste is password protected"
+#~ msgstr "Protégé par un mot de passe"
+
+#~ msgid ""
+#~ "Please enter the password in the field below to unlock the paste and "
+#~ "display it"
+#~ msgstr ""
+#~ "Veuillez entrer le mot de passe dans le champ ci-dessous pour "
+#~ "déverrouiller le collage et l'afficher"
+
+#~ msgid "Password"
+#~ msgstr "Mot de passe"
+
+#~ msgid "Unlock"
+#~ msgstr "Déverrouiller"
+
 #~ msgid "Private"
 #~ msgstr "Privé"
 
diff --git a/paste/migrations/0004_remove_paste_password_remove_paste_salt_and_more.py b/paste/migrations/0004_remove_paste_password_remove_paste_salt_and_more.py
new file mode 100644
index 0000000..8d0fed5
--- /dev/null
+++ b/paste/migrations/0004_remove_paste_password_remove_paste_salt_and_more.py
@@ -0,0 +1,34 @@
+# Generated by Django 4.2 on 2023-04-21 07:32
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("paste", "0003_remove_paste_private"),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name="paste",
+            name="password",
+        ),
+        migrations.RemoveField(
+            model_name="paste",
+            name="salt",
+        ),
+        migrations.AlterField(
+            model_name="language",
+            name="id",
+            field=models.BigAutoField(
+                auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+            ),
+        ),
+        migrations.AlterField(
+            model_name="paste",
+            name="id",
+            field=models.BigAutoField(
+                auto_created=True, primary_key=True, serialize=False, verbose_name="ID"
+            ),
+        ),
+    ]
diff --git a/paste/models.py b/paste/models.py
index 9cdd3ee..27dbf1b 100644
--- a/paste/models.py
+++ b/paste/models.py
@@ -4,8 +4,6 @@ from django.utils import timezone
 from datetime import datetime, timedelta
 from webtools import settings
 from django.utils.translation import gettext_lazy as _
-import hashlib
-import uuid
 
 
 EXPIRE_CHOICES = (
@@ -60,8 +58,6 @@ class Paste(models.Model):
     lifecount = models.IntegerField(default=0, blank=True)
     viewcount = models.IntegerField(default=0, editable=False)
     expired = models.BooleanField(default=False, editable=False)
-    password = models.CharField(max_length=128, blank=True)
-    salt = models.CharField(max_length=36, blank=True)
 
     def compute_size(self):
         """Computes size."""
@@ -111,22 +107,6 @@ class Paste(models.Model):
             return True
         return False
 
-    def _hash(self, raw):
-        """Return hashed string."""
-        if not self.salt:
-            self.salt = str(uuid.uuid1())
-        return hashlib.sha512((raw + self.salt).encode()).hexdigest()
-
-    def set_password(self, raw):
-        """Define a hashed password."""
-        self.password = self._hash(raw)
-
-    def pwd_match(self, password):
-        """Compare provided password to paste's one."""
-        if not password or not self._hash(password) == self.password:
-            return False
-        return True
-
     def __unicode__(self):
         """String representation."""
         return self.slug
diff --git a/paste/templates/paste/history.html b/paste/templates/paste/history.html
index 0b2a17e..05786c9 100644
--- a/paste/templates/paste/history.html
+++ b/paste/templates/paste/history.html
@@ -24,7 +24,6 @@
         <td>{% trans paste.language.name %}</td>
         <td>{{ paste.size }}</td>
         <td>{{ paste.paste_time }}</td>
-        <td>{% if paste.password %}<i class="icon-lock"> {% trans 'locked' %}</i>{% else %}<i class="icon-unlock"> {% trans 'open' %}</i>{% endif %}</td>
         <td>{{ paste.viewcount }}</td>
     </tr>
     {% empty %}
diff --git a/paste/templates/paste/index.html b/paste/templates/paste/index.html
index ca6f9dd..4e9603c 100644
--- a/paste/templates/paste/index.html
+++ b/paste/templates/paste/index.html
@@ -59,17 +59,6 @@
       </div>
       {% endif %}
 
-      <div class="col-auto">
-        <label class="sr-only" for="id_password">{% trans 'Password protected' %}</label>
-        <div class="input-group">
-          <div class="input-group-prepend">
-            <div class="input-group-text"><span class="add-on"><i class="icon-lock"></i></span></div>
-          </div>
-          {{ form.password|add_class:"form-control"|placeholder:'Password protected'}}
-        </div>
-        {{ form.password.errors }}
-      </div>
-
       <div class="col-auto">
         <button class="btn btn-primary btn-lg" type="submit">{% trans 'Paste' %}</button>
       </div>
diff --git a/paste/templates/paste/locked.html b/paste/templates/paste/locked.html
deleted file mode 100644
index 3f0b16a..0000000
--- a/paste/templates/paste/locked.html
+++ /dev/null
@@ -1,23 +0,0 @@
-{% extends "base.html" %}
-{% load i18n %}
-{% block title %}{{ title }}{% endblock %}
-{% block content %}
-<h1>{{ title }}</h1>
-<div id="unlock">
-<p><b>{% blocktrans %}This paste is password protected{% endblocktrans %}</b>.</p>
-<p>{% blocktrans %}Please enter the password in the field below to unlock the paste and display it{% endblocktrans %}.</p>
-<form method="post" action="">
-    <div class="row">
-       <div class="span3">
-           <label for="id_password">{% trans 'Password' %}</label>
-           <div class="input-prepend">
-                <span class="add-on"><i class="icon-lock"></i></span>
-                <input id="id_password" maxlength="128" name="password" type="text">
-            </div>
-       </div>
-    </div>
-    {% csrf_token %}
-    <button type="submit" class="btn">{% trans 'Unlock' %}</button>
-</form>
-</div>
-{% endblock %}
diff --git a/paste/templates/paste/paste-meta.html b/paste/templates/paste/paste-meta.html
index 865de91..9b4170d 100644
--- a/paste/templates/paste/paste-meta.html
+++ b/paste/templates/paste/paste-meta.html
@@ -17,7 +17,6 @@
     <td>{% trans paste.language.name %}</td>
     <td>{{ paste.size }}</td>
     <td>{{ paste.paste_time }}</td>
-    <td>{% if paste.password %}<i class="icon-lock"> {% trans 'locked' %}</i>{% else %}<i class="icon-unlock"> {% trans 'open' %}</i>{% endif %}</td>
     <td>{{ paste.viewcount }}{% if paste.lifecount > 0 %}/{{ paste.lifecount }}{% endif %}</td>
     <td>{% if paste.expiration_time %}{{ paste.expiration_time }}{% else %}{% trans 'None' %}{% endif %}</td>
 </tr>
diff --git a/paste/views.py b/paste/views.py
index f235c42..f5183a4 100644
--- a/paste/views.py
+++ b/paste/views.py
@@ -58,16 +58,6 @@ def show(request, slug, renderer="pygments"):
     # Handling expiration
     if paste.is_expired():
         return render(request, "paste/expired.html")
-    # Handling passwords
-    if paste.password:
-        if "password" in request.POST:
-            password = request.POST["password"]
-        elif "password" in request.COOKIES:
-            password = request.COOKIES["password"]
-        else:
-            password = None
-        if not paste.pwd_match(password):
-            return render(request, "paste/locked.html", data)
     # Before rendering actions
     paste.incr_viewcount()
     # Handling rendering modes
@@ -76,9 +66,4 @@ def show(request, slug, renderer="pygments"):
     data["current_renderer"] = renderer
     data["renderers"] = settings.PASTE["enabled_renderers"]
     render_method = getattr(renderers, "render_%s" % renderer)
-    response = render_method(request, paste, data)
-
-    # Responding
-    if "password" in request.POST:
-        response.set_cookie("password", request.POST["password"])
-    return response
+    return render_method(request, paste, data)