如何存储没有用户对象的Django哈希密码? [英] How to store Django hashed password without the User object?
问题描述
显然,我可以使用Django的内置身份验证系统来完成所有操作。我以前做过没有任何问题。但是,在这个应用程序中,我不想用非活动用户来污染我的Users表。我只希望激活的用户出现在Users表中。所以尽管我将使用Django的帐户系统认证激活的用户,直到它们被激活,我正在滚动我自己的系统。我将所有关于尚未激活的用户的数据保存在单独的Django Model对象(称为 UserActivation )中。我将管理自己发送的激活电子邮件。
我遇到的问题是我不想将用户提交的密码存储在Plain文本。我想将它存储在我的UserActivation对象的一个名为密码的字段中,它将出现在用户表中。要将其放入用户对象中,我将完成 myUser.set_password(plainTextPassword)。如何获取相同的值并将其填充到 UserActivation.password ?
从查看 这个 文档,似乎有一个 make_password()函数返回我需要的值。但是我仍然需要一个User对象来调用该方法。
你在正确的轨道上。但是,您可以使用
从django.contrib.auth.hashers导入make_password
打印Hashed password是:,make_password(plain_text)
Hasher配置将由PASSWORD_HASHERS驱动,这应该是常见的对于auth系统和UserActivation模型。但是您可以在 make_password 方法中传递。
PASSWORD_HASHERS =(
'myproject.hashers.MyPBKDF2PasswordHasher',
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
'django .contrib.auth.hashers.BCryptSHA256PasswordHasher',
'django.contrib.auth.hashers.BCryptPasswordHasher',
'django.contrib.auth.hashers.SHA1PasswordHasher',
'django.contrib .auth.hashers.MD5PasswordHasher',
'django.contrib.auth.hashers.CryptPasswordHasher',
)
希望这有帮助。
阅读此链接了解更多详情:
https://docs.djangoproject.com/en/dev/topics/auth/passwords/
I have a Django application that allows web visitors to create there own accounts. Once they create an account with a passwords, they should receive and email containing activation code. When a web-visitor creates a new account, they need to receive an activation email containing a unique key.
Obviously, I can do all this using Django's built-in authentication system. I've done it before without any problems. However, in this application, I don't want to pollute my Users table with inactive users. I only want activated users to appear in the Users table. So although I will use Django's account system for authenticating activated users, until they become activated, I'm rolling my own system. I'm keeping all the data about not-yet-activated users in a separate Django Model object (called UserActivation). And I will be managing the sending of the activation email myself.
The problem I'm having is that I don't want to store the user-submitted password in Plain text. I want to store it in my UserActivation object in a field called "password" in the same hashed-format it would appear in the User table. To put it into the user object, I would have done myUser.set_password("plainTextPassword"). How can I get this same value and stuff it into UserActivation.password?
From looking at this doc, it seems that there is a make_password() function that returns the value that I need. But I still need a User object to call that method. How can I conver "plainTextPassword" to hashed password without going through the User object?
You are on the right track. However you can manage the password manually using
from django.contrib.auth.hashers import make_password
print "Hashed password is:", make_password("plain_text")
Hasher configuration will be driven by PASSWORD_HASHERS which should be common for both the auth system and your UserActivation model. However you can pass it in make_password method also.
PASSWORD_HASHERS = (
'myproject.hashers.MyPBKDF2PasswordHasher',
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
'django.contrib.auth.hashers.BCryptPasswordHasher',
'django.contrib.auth.hashers.SHA1PasswordHasher',
'django.contrib.auth.hashers.MD5PasswordHasher',
'django.contrib.auth.hashers.CryptPasswordHasher',
)
Hope this helps.
Read this link for more details: https://docs.djangoproject.com/en/dev/topics/auth/passwords/
这篇关于如何存储没有用户对象的Django哈希密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
