Minor modernizations.

Now that Python 3.9/Django 4.2 are the minimum supported versions, there
are a few things that can be removed or updated.

Author: ubernostrum

src/pwned_passwords_django/api.py

@@ -72,22 +72,8 @@ def _prepare_password(self, password: str) -> typing.Tuple[str, str]:
         used by the Pwned Passwords API.
 
         """
-        # Python's documentation states that the named constructors for particular
-        # hashes are to be preferred due to better peformance, which here would mean
-        # calling hashlib.sha1() instead of hashlib.new("sha1").
-        #
-        # However, security linters and some restricted runtime environments do not
-        # allow access to SHA-1 unless a flag is passed to indicate it is not being used
-        # for cryptographic purposes. This is done by passing usedforsecurity=False to
-        # the constructor, but that argument was not added in the named constructors
-        # until Python 3.9, while we currently support all the way back to 3.7. Luckily
-        # hashlib.new() in Python 3.7 and 3.8 accepts arbitrary arguments without
-        # complaint. So as a slightly hacky workaround we use new(), passing the
-        # usedforsecurity=False argument, and rely on it being ignored for Python
-        # 3.7/3.8, and interpreted as intended on Python 3.9+. Once support for Python
-        # 3.7 and 3.8 ends, this can be updated to call hashlib.sha1() directly.
         password_hash = (
-            hashlib.new("sha1", password.encode("utf-8"), usedforsecurity=False)
+            hashlib.sha1(password.encode("utf-8"), usedforsecurity=False)
             .hexdigest()
             .upper()  # Pwned Passwords wants all hashes to be uppercase.
         )

src/pwned_passwords_django/middleware.py

@@ -6,10 +6,10 @@
 
 # SPDX-License-Identifier: BSD-3-Clause
 
-import asyncio
 import logging
 import re
 import typing
+from inspect import iscoroutinefunction
 
 from django import http
 from django.conf import settings
@@ -173,7 +173,7 @@ def some_view(request):
     # should return an async middleware that uses an async HTTP client to talk to Pwned
     # Passwords. We determine that by checking whether the get_response() callable is a
     # coroutine -- if so, we're on the async path.
-    if asyncio.iscoroutinefunction(get_response):
+    if iscoroutinefunction(get_response):
 
         async def middleware(request: http.HttpRequest) -> http.HttpResponse:
             """
@@ -183,13 +183,6 @@ async def middleware(request: http.HttpRequest) -> http.HttpResponse:
             """
             request.pwned_passwords = []
             if request.method == "POST":
-                # A bug in Django's async test client causes access to request.POST to
-                # throw an exception unless preceded by an access to
-                # request.body. Future versions of Django will fix this, but for now we
-                # do a throwaway access of request.body as a workaround.
-                #
-                # See https://code.djangoproject.com/ticket/34063 for details.
-                request.body  # pylint: disable=pointless-statement
                 request.pwned_passwords = await _scan_payload_async(request)
             response = await get_response(request)
             return response