Skip to content

Instantly share code, notes, and snippets.

@pmoust

pmoust/noop_password_hasher.py

Last active November 22, 2025 18:13
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save pmoust/ad9ef7e26a5d0a7a886ef24e21274dfc to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save pmoust/ad9ef7e26a5d0a7a886ef24e21274dfc to your computer and use it in GitHub Desktop.
Download ZIP
A Django hasher to be used only in CI - in a realworld marketplace application running ~2k tests, it reduced test time by 40%
Raw
noop_password_hasher.py
"""
No-op password hasher for tests that performs absolutely no encryption.
This hasher stores passwords in plain text (with a simple prefix to identify them)
to maximize test performance. It should ONLY be used during tests.
"""
from django.contrib.auth.hashers import BasePasswordHasher
class NoOpPasswordHasher(BasePasswordHasher):
"""
Password hasher that does absolutely no encryption.
This hasher stores passwords as-is with a simple prefix for identification.
It's designed for maximum test performance and should NEVER be used in production.
"""
algorithm = "noop"
def encode(self, password, salt=None):
"""
Encode password with no encryption - just add a prefix.
Args:
password: The plain text password
salt: Ignored (not used)
Returns:
String in format: noop$password
"""
return f"noop${password}"
def verify(self, password, encoded):
"""
Verify password by simple string comparison.
Args:
password: The plain text password to verify
encoded: The encoded password (format: noop$password)
Returns:
True if passwords match, False otherwise
"""
if not encoded.startswith("noop$"):
return False
stored_password = encoded[5:] # Remove "noop$" prefix
return password == stored_password
def safe_summary(self, encoded):
"""
Return a summary of the encoded password.
Args:
encoded: The encoded password
Returns:
Dictionary with algorithm and raw password (for debugging)
"""
if not encoded.startswith("noop$"):
raise ValueError("Invalid encoded password format")
return {
"algorithm": self.algorithm,
"password": encoded[5:], # Show the plain password for debugging
}
def must_update(self, encoded):
"""
Return False - no updates needed for this hasher.
Args:
encoded: The encoded password
Returns:
False (passwords never need updating with this hasher)
"""
return False
@pmoust
Copy link
Author

pmoust commented Nov 22, 2025

In settings.py

if "test" in sys.argv:
    # Use no-op password hasher for tests to maximize performance
    # This hasher performs absolutely no encryption (stores passwords in plain text)
    # It should ONLY be used during tests, never in production
    PASSWORD_HASHERS = [
        "common.test_password_hasher.NoOpPasswordHasher",
    ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment