From 065820368d3510155249b09e9142e5c85e95f23c Mon Sep 17 00:00:00 2001
From: Rust Saiargaliev <fly.amureki@gmail.com>
Date: Fri, 14 Oct 2022 14:57:41 +0200
Subject: [PATCH] Drop Django 3.1 related code

This PR drops code introduced in #18 to support Django 3.1:
https://docs.djangoproject.com/en/4.1/releases/3.1/#default-hashing-algorithm-settings

Since Django 3.1 support is gone, shall we get rid of this code?
---
 mailauth/contrib/user/models.py   | 20 +-------------------
 tests/contrib/auth/test_models.py | 25 +------------------------
 2 files changed, 2 insertions(+), 43 deletions(-)

diff --git a/mailauth/contrib/user/models.py b/mailauth/contrib/user/models.py
index 0574c2c..23b41cf 100644
--- a/mailauth/contrib/user/models.py
+++ b/mailauth/contrib/user/models.py
@@ -1,4 +1,3 @@
-from django.conf import settings
 from django.contrib.auth.base_user import BaseUserManager
 from django.contrib.auth.models import AbstractUser
 from django.db import models
@@ -75,29 +74,12 @@ class Meta(AbstractUser.Meta):
             ("anonymize", "Can anonymize user"),
         ]
 
-    def _legacy_get_session_auth_hash(self):
-        # RemovedInDjango40Warning: pre-Django 3.1 hashes will be invalid.
-        key_salt = "mailauth.contrib.user.models.EmailUserManager.get_session_auth_hash"
-        if not self.session_salt:
-            raise ValueError("'session_salt' must be set")
-        return salted_hmac(key_salt, self.session_salt, algorithm="sha1").hexdigest()
-
     def get_session_auth_hash(self):
         """Return an HMAC of the :attr:`.session_salt` field."""
         key_salt = "mailauth.contrib.user.models.EmailUserManager.get_session_auth_hash"
         if not self.session_salt:
             raise ValueError("'session_salt' must be set")
-        algorithm = getattr(settings, "DEFAULT_HASHING_ALGORITHM", None)
-        if algorithm is None:
-            return salted_hmac(key_salt, self.session_salt).hexdigest()
-        return salted_hmac(
-            key_salt,
-            self.session_salt,
-            # RemovedInDjango40Warning: when the deprecation ends, replace
-            # with:
-            # algorithm='sha256',
-            algorithm=algorithm,
-        ).hexdigest()
+        return salted_hmac(key_salt, self.session_salt, algorithm="sha256").hexdigest()
 
     def anonymize(self, commit=True):
         """
diff --git a/tests/contrib/auth/test_models.py b/tests/contrib/auth/test_models.py
index f757d1b..86299bb 100644
--- a/tests/contrib/auth/test_models.py
+++ b/tests/contrib/auth/test_models.py
@@ -28,33 +28,10 @@ def test_get_session_auth_hash__unique(self, db):
 
         assert spiderman.get_session_auth_hash() != ironman.get_session_auth_hash()
 
-    def test_legacy_get_session_auth_hash__default(self, db):
-        user = EmailUser(email="spiderman@avengers.com")
-
-        assert user.session_salt
-        assert user._legacy_get_session_auth_hash()
-
-    def test_legacy_get_session_auth_hash__value_error(self, db):
-        user = EmailUser(email="spiderman@avengers.com", session_salt=None)
-
-        with pytest.raises(ValueError) as e:
-            user._legacy_get_session_auth_hash()
-
-        assert "'session_salt' must be set" in str(e.value)
-
-    def test_legacy_get_session_auth_hash__unique(self, db):
-        spiderman = EmailUser(email="spiderman@avengers.com")
-        ironman = EmailUser(email="ironman@avengers.com")
-
-        assert (
-            spiderman._legacy_get_session_auth_hash()
-            != ironman._legacy_get_session_auth_hash()
-        )
-
     def test_password_field(self):
         user = EmailUser(email="spiderman@avengers.com")
         with pytest.raises(FieldDoesNotExist):
-            user.password
+            assert user.password
 
 
 class TestEmailUserManager: