From e78991410b78391bc07a4b5010b273dfec814ff6 Mon Sep 17 00:00:00 2001 From: Mike Edmunds Date: Wed, 24 Jun 2026 17:47:38 -0700 Subject: [PATCH] Clarified "plaintext" vs. "plain-text" in password hashers docs. Replaced "plain-text" with "plaintext" where it is used to describe the unencrypted input to a password hashing function. (In a cryptography context this is the preferred spelling, and it is already used that way in Django's release notes.) This reduces ambiguity about whether make_password() expects UTF-8 encoded Unicode text ("plain-text bytes") or the unencrypted material for the user's password ("plaintext bytes"). (See #37184.) All other current uses of "plain text" and "plain-text" in docs and docstrings (including the one elsewhere in passwords.txt) are describing text that is plain (unformatted; not rich text). --- django/contrib/auth/hashers.py | 3 +-- docs/topics/auth/passwords.txt | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/django/contrib/auth/hashers.py b/django/contrib/auth/hashers.py index f561897d9bb4..8cfda79da536 100644 --- a/django/contrib/auth/hashers.py +++ b/django/contrib/auth/hashers.py @@ -98,8 +98,7 @@ async def acheck_password(password, encoded, setter=None, preferred="default"): def make_password(password, salt=None, hasher="default"): - """ - Turn a plain-text password into a hash for database storage + """Turn a plaintext password into a hash for database storage. Same as encode() but generate a new random salt. If password is None then return a concatenation of UNUSABLE_PASSWORD_PREFIX and a random string, diff --git a/docs/topics/auth/passwords.txt b/docs/topics/auth/passwords.txt index 37627ee3b676..fa5b0094a92e 100644 --- a/docs/topics/auth/passwords.txt +++ b/docs/topics/auth/passwords.txt @@ -488,10 +488,10 @@ from the ``User`` model. *Asynchronous version*: ``acheck_password()`` - If you'd like to manually authenticate a user by comparing a plain-text + If you'd like to manually authenticate a user by comparing a plaintext password to the hashed password in the database, use the convenience function :func:`check_password`. It takes two mandatory arguments: the - plain-text password to check, and the full value of a user's ``password`` + plaintext password to check, and the full value of a user's ``password`` field in the database to check against. It returns ``True`` if they match, ``False`` otherwise. Optionally, you can pass a callable ``setter`` that takes the password and will be called when you need to regenerate it. You @@ -502,7 +502,7 @@ from the ``User`` model. .. function:: make_password(password, salt=None, hasher='default') Creates a hashed password in the format used by this application. It takes - one mandatory argument: the password in plain-text (string or bytes). + one mandatory argument: the plaintext password (string or bytes). Optionally, you can provide a salt and a hashing algorithm to use, if you don't want to use the defaults (first entry of ``PASSWORD_HASHERS`` setting). See :ref:`auth-included-hashers` for the algorithm name of each