Skip to content

Fixed #36439: Optimize acheck_password CPU heavy internal hashing process by using a sync_to_async on verify_password. #19611

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fixed #36439: Optimize acheck_password CPU heavy internal hashing process by using a sync_to_async on verify_password. #19611

wants to merge 1 commit into from
+9 −1

Conversation

roelzkie15
Copy link

@roelzkie15 roelzkie15 commented Jun 30, 2025
edited
Loading

Trac ticket number

ticket-36439

Branch description

Conducted several experiments/benchmarks on the performance of the acheck_password that blocks asyncio's event-loop, which is causing a performance bottleneck. Adding a ThreadPoolExecutor significantly improved the performance gap compared to the test without using it.

Also, introduced the CHECK_PASSWORD_EXECUTOR_MAX_WORKERS for allowing developers to provide a configurable setting for the ThreadPoolExecutor instance. See the updated document on this PR.

EDIT:

Please check the new experiments/benchmarks on the performance of the acheck_password that blocks asyncio's event-loop, which is causing a performance bottleneck by using the sync_to_async on the verify_password.

Note: The idea was not mine but by Robert Aistleitner who proposed it which was later on picked up by me since it has no owner for 4 weeks.

This PR targets a patch for v5.2 as mentioned in the ticket.

Checklist

  • This PR targets the main branch.
  • The commit message is written in past tense, mentions the ticket number, and ends with a period.
  • I have checked the "Has patch" ticket flag in the Trac system.
  • I have added or updated relevant tests.
  • I have added or updated relevant docs, including release notes if applicable.
  • I have attached screenshots in both light and dark modes for any UI changes.

@roelzkie15 roelzkie15 force-pushed the fix-36439-auth-hashing-performance branch from 3750296 to 1bb5279 Compare July 1, 2025 10:35
@roelzkie15 roelzkie15 changed the title Fixed #36439: Optimize acheck_password CPU heavy internal hashing process by using a ThreadPoolExecutor Perf #36439: Optimize acheck_password CPU heavy internal hashing process by using a ThreadPoolExecutor Jul 1, 2025
@roelzkie15 roelzkie15 force-pushed the fix-36439-auth-hashing-performance branch from b984047 to c9eec27 Compare July 1, 2025 17:01
@roelzkie15 roelzkie15 marked this pull request as draft July 1, 2025 18:14
@roelzkie15 roelzkie15 force-pushed the fix-36439-auth-hashing-performance branch from c9eec27 to d1a1ef1 Compare July 1, 2025 18:16
@roelzkie15 roelzkie15 marked this pull request as ready for review July 1, 2025 18:17
@roelzkie15 roelzkie15 force-pushed the fix-36439-auth-hashing-performance branch from d1a1ef1 to 50a6d87 Compare July 1, 2025 18:19
@roelzkie15
Copy link
Author

Based on the ticket, a test may not be needed for this patch.

@roelzkie15 roelzkie15 force-pushed the fix-36439-auth-hashing-performance branch from 50a6d87 to b5354b5 Compare July 5, 2025 15:57
@roelzkie15 roelzkie15 changed the title Perf #36439: Optimize acheck_password CPU heavy internal hashing process by using a ThreadPoolExecutor Fixed #36439: Optimize acheck_password CPU heavy internal hashing process by using a ThreadPoolExecutor Jul 5, 2025
sarahboyce
sarahboyce reviewed Jul 15, 2025
View reviewed changes
django/conf/global_settings.py Outdated
@@ -546,6 +546,8 @@ def gettext_noop(s):

AUTH_PASSWORD_VALIDATORS = []

CHECK_PASSWORD_EXECUTOR_MAX_WORKERS = None
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We shouldn't add a global setting for something niche within a contrib app
In general adding settings is quite controversial and needs to be discussed and agreed with the wider community

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for checking. If we don't want to control any of the ThreadPoolExecutor options, we can also rely on its basic instance or maybe create a ThreadPoolExecutor every acheck_password call, depending on the performance.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👋🏼 @sarahboyce, I made a new performance benchmarking/testing here, and it looks like using sync_to_async without ThreadPoolExecutor is enough to optimize the performance.

I also updated the PR's description.

@roelzkie15 roelzkie15 marked this pull request as draft July 16, 2025 07:07
@roelzkie15 roelzkie15 force-pushed the fix-36439-auth-hashing-performance branch from b5354b5 to c591c40 Compare July 19, 2025 13:15
@roelzkie15 roelzkie15 changed the title Fixed #36439: Optimize acheck_password CPU heavy internal hashing process by using a ThreadPoolExecutor Fixed #36439: Optimize acheck_password CPU heavy internal hashing process by using a sync Jul 19, 2025
@roelzkie15 roelzkie15 changed the title Fixed #36439: Optimize acheck_password CPU heavy internal hashing process by using a sync Fixed #36439: Optimize acheck_password CPU heavy internal hashing process by using a sync_to_async on verify_password. Jul 19, 2025
@roelzkie15 roelzkie15 marked this pull request as ready for review July 19, 2025 13:22
@roelzkie15 roelzkie15 requested a review from sarahboyce July 19, 2025 13:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sarahboyce sarahboyce Awaiting requested review from sarahboyce

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@roelzkie15 @sarahboyce