Remove legacy workaround to support old community auth

This workaround enabled a weaker password hasher to work with old
versions of the community authentication plugin. This was already
overridden in prod, but remove the old workaround completely from the
code so we don't accidentally re-enable it.

diff --git a/pgweb/settings.py b/pgweb/settings.py
index 4264e6f34109b5d18f6c16d71b7b2e36c7f71897..7deba10ba1042ac4c561da2fc12688ffa7d8685e 100644 (file)
--- a/pgweb/settings.py
+++ b/pgweb/settings.py
@@ -118,22 +118,6 @@ INSTALLED_APPS = [
     'pgweb.pugs',
 ]
 
-#
-# Disable the new authentication handling for now. The reason for this is
-# that we need the sha1 authentication so we can do old-style community
-# auth, which is still used by the commitfest app. Once that app is
-# migrated away, this can be reverted to the new django default which
-# is more secure.
-#
-PASSWORD_HASHERS = (
-    'django.contrib.auth.hashers.SHA1PasswordHasher',
-    'django.contrib.auth.hashers.PBKDF2PasswordHasher',
-    'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
-    'django.contrib.auth.hashers.BCryptPasswordHasher',
-    'django.contrib.auth.hashers.MD5PasswordHasher',
-    'django.contrib.auth.hashers.CryptPasswordHasher',
-)
-
 # Default format for date/time (as it changes between machines)
 DATETIME_FORMAT="Y-m-d H:i:s"