Menu
I'm new to Django & I'm making a Django app that makes use of AbstractUser, but when I create a user in the Django admin, and then look at the user's info in the admin, I see the password in plain text. Checking directly in the DB, I see the password is definitely being stored as plaintext.
I'm trying to write some views to do some authentication, but it's not working even when the username and password are correct. So I'm guessing that the authenticate() function is hashing but returns None since the password is not actually hashed.
Is there any possible reason why the password isn't getting hashed?
I'd post some code, but I don't think any code will help, since my model doesn't include any code that does anything with the password field (that's generated & done by Django). If there is something I'm doing or not doing, I wouldn't even know what part of the code it would be in so I'd have to post everything from my settings, models, admin, etc.
881
By default, Django uses the PBKDF2 algorithm with a SHA256 hash, a password stretching mechanism recommended by NIST. This should be sufficient for most users: it's quite secure, requiring massive amounts of computing time to break.
To change a user's password, you have several options: manage.py changepassword *username* offers a method of changing a user's password from the command line. It prompts you to change the password of a given user which you must enter twice. If they both match, the new password will be changed immediately.
Decrypt Password: Django doesn't provide any built-in library or function to decrypt the encrypted password. As decrypting a password is never a good idea. Instead of decrypting the hash password, we compare the hash password with the plaintext password and check whether they are equivalent to the hash password or not.
Programmatically, you can create / save a new User without a password argument, and it will not raise any exceptions. In fact, you can even create a user without any arguments.
I guess the problem is that you inherited ModelAdmin instead of UserAdmin from django.contrib.auth.admin in your admin.py.
Sample code:
from django.contrib.auth.admin import UserAdmin from .models import Employee class EmployeeAdmin(UserAdmin): pass admin.site.register(Employee, EmployeeAdmin) You can add the form code to the admin.py file. You will, however, also need to add the definition of the form class, not just the save() method and also the definition of the UserAdmin descended class. I think example will clarify:
class UserCreationForm(forms.ModelForm): class Meta: model = CustomUser fields = ('email',) def save(self, commit=True): # Save the provided password in hashed format user = super(UserCreationForm, self).save(commit=False) user.set_password(self.cleaned_data["password"]) if commit: user.save() return user class CustomUserAdmin(UserAdmin): # The forms to add and change user instances add_form = UserCreationForm list_display = ("email",) ordering = ("email",) fieldsets = ( (None, {'fields': ('email', 'password', 'first_name', 'last_name')}), ) add_fieldsets = ( (None, { 'classes': ('wide',), 'fields': ('email', 'password', 'first_name', 'last_name', 'is_superuser', 'is_staff', 'is_active')} ), ) filter_horizontal = () admin.site.register(CustomUser, CustomUserAdmin) This should get you started. You will need to customize the classes's fields to match the fields of your user class.
More info is here: https://docs.djangoproject.com/en/dev/topics/auth/customizing/
31
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
