将密码从Drupal 7迁移到Django [英] Migrate passwords from Drupal 7 to Django
问题描述
根据这个,Drupal 7使用SHA-512哈希密码(它们以$ S $开头的字符串形式存储) 。
Django 1.4现在包含一些选项存储密码,默认为SHA-256,但是我找不到SHA-512的选项。虽然此应用似乎允许使用SHA2算法,但我不确定它与Django是否兼容1.4(1.4版本有一个灵活的密码哈希)。
最简单的方法是什么?
ETA:我建立了一个模仿Drupal算法的密码哈希算法,使迁移变得容易。由于我已经接受了一个答案,所以我不会失望,但是对于任何想要在Drupal中进行Django迁移的人来说,代码存储在 Django片段以及 GitHub gist 。
我不知道Drupal很好,但我想这个密码是存储哈希的。如果是这样,你必须复制密码(我的意思是复制它们不变),你将不得不改变Django的密码方式,使用完全相同的Drupal方式,使用相同的安全密码。 / p>
我真的不知道该怎么做,但密码的逻辑包含在User对象中。例如。 User.set_password()函数(描述这里)使用 make_password 函数。
我想通过一点研究,你会发现改变它的方法,但重要的是,记住函数必须是平等的!即:
drupal_hash(x)== django_hash(x)对于允许的密码集中的每个x。
编辑
深入了解django使用get_hasher 功能。现在在1.4版本中有一种方法可以指定Django如何选择该功能。看看这个: https://docs.djangoproject.com/en / dev / topics / auth /#how-django-stores-passwords
最后,为了创建自己的功能,你可以看一下在 MD5PasswordHasher 中如何完成。看起来真的很简单您可以使用 hashlib python库生成sha-512算法。
更改编码方法将需要一些类似于:
def encode(self,password,salt):
断言密码
断言盐和$ $不在盐
哈希= hashlib.sha512(盐+密码).hexdigest()
返回%s $%s $%s %(self.algorithm,salt,hash)
I am migrating a site from Drupal 7 to Django 1.4, including the current users. How can I work with the passwords that were hashed by Drupal?
According to this, Drupal 7 hashes passwords using SHA-512 (they are stored in the form of a string starting with "$S$").
Django 1.4 now contains a number of options for storing passwords, with a default of SHA-256, but I can't find an option for SHA-512. While this app appears to allow the use of SHA2 algorithms, I'm not sure it's compatible with Django 1.4 (as 1.4 has a flexible password hasher).
What is the simplest way to do this?
ETA: I've built a password hasher that mimics Drupal's algorithm and makes migration easy. Since I've already accepted an answer, I won't unaccept, but for anyone who wants to do Drupal to Django migration in the future, the code is stored on Django snippets and as a GitHub gist.
I don't know Drupal very well, but I suppose that the passwords are stored hashed. If that's the case, you'll have to copy the passwords (I mean, copy them unchanged) and you'll have to change the way Django hashes its passwords, using the exactly same way of Drupal, with the same Security Salt.
I really don't know how to do that, but the logic for passwords is contained in the User object. For example. the User.set_password() function (described here) uses the make_password function.
I think with a little research you'll find the way to change it, but the important thing is, remember that the functions must be equals! ie:
drupal_hash(x) == django_hash(x) for every x in the allowed passwords set.
EDIT:
Taking a deeper look django get the has function with the get_hasher function. Now in the 1.4 version there's a way to specify how Django will select that function. Take a look at this: https://docs.djangoproject.com/en/dev/topics/auth/#how-django-stores-passwords
Finally, in order to create your own function, you can take a look at how it's done on the MD5PasswordHasher. It seems really simple. You can use the hashlib python library to generate sha-512 algorithms.
Changing the encode method would require somthing similar to:
def encode(self, password, salt):
assert password
assert salt and '$' not in salt
hash = hashlib.sha512(salt + password).hexdigest()
return "%s$%s$%s" % (self.algorithm, salt, hash)
这篇关于将密码从Drupal 7迁移到Django的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
