This class not only checks an old-style phpbb 2.x password, when the user successfully logs in, it rehashes the (correct) password in the newstyle hash and saves it. Eradicating the old, quite unsafe stored md5 password.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | from django.contrib.auth.models import User
import hashlib
class PhpbbAuthenticationBackend:
def authenticate(self, username=None, password=None):
try:
# phpbb 2.x encodes passwords as plain md5 hashes, no salt
pass_md5 = hashlib.md5(password).hexdigest()
user = User.objects.get(username=username, password=pass_md5)
# get rid of the old-style password, get with the new style!
user.set_password(password)
user.save()
return user
except User.DoesNotExist:
return None
|
More like this
- Add Toggle Switch Widget to Django Forms by OgliariNatan 1 month, 4 weeks ago
- get_object_or_none by azwdevops 5 months, 2 weeks ago
- Mask sensitive data from logger by agusmakmun 7 months, 2 weeks ago
- Template tag - list punctuation for a list of items by shapiromatron 1 year, 9 months ago
- JSONRequestMiddleware adds a .json() method to your HttpRequests by cdcarter 1 year, 9 months ago
Comments
You'll be delighted to hear that the code in django.contrib.auth does exactly that already. See User.check_password in django/contrib/auth/models.py around line 180 (current SVN trunk, r8069)
#
sigh here I was thinking I had done something useful :)
#
Please login first before commenting.