This class not only checks an old-style phpbb 2.x password, when the user successfully logs in, it rehashes the (correct) password in the newstyle hash and saves it. Eradicating the old, quite unsafe stored md5 password.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | from django.contrib.auth.models import User
import hashlib
class PhpbbAuthenticationBackend:
def authenticate(self, username=None, password=None):
try:
# phpbb 2.x encodes passwords as plain md5 hashes, no salt
pass_md5 = hashlib.md5(password).hexdigest()
user = User.objects.get(username=username, password=pass_md5)
# get rid of the old-style password, get with the new style!
user.set_password(password)
user.save()
return user
except User.DoesNotExist:
return None
|
More like this
- Template tag - list punctuation for a list of items by shapiromatron 10 months, 2 weeks ago
- JSONRequestMiddleware adds a .json() method to your HttpRequests by cdcarter 10 months, 2 weeks ago
- Serializer factory with Django Rest Framework by julio 1 year, 5 months ago
- Image compression before saving the new model / work with JPG, PNG by Schleidens 1 year, 6 months ago
- Help text hyperlinks by sa2812 1 year, 6 months ago
Comments
You'll be delighted to hear that the code in django.contrib.auth does exactly that already. See User.check_password in django/contrib/auth/models.py around line 180 (current SVN trunk, r8069)
#
sigh here I was thinking I had done something useful :)
#
Please login first before commenting.