Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Django: set_password isn't hashing passwords?

I've made a custom User registration form/view in Django so that I can include an additional user attributes through a different model. I've used set_password to set the password of the newly created user to the password entered in the form, but I've found that the passwords that are saved aren't hashed.

form:

class UserForm(forms.ModelForm):
password = forms.CharField(widget=forms.PasswordInput())
class Meta:
    model = User
    fields = ('username', 'email', 'password')


class StudentForm(forms.ModelForm):
    class Meta:
        model = Student
        fields = ('theclass',)
        widgets = {
            'theclass': forms.CheckboxSelectMultiple(),
        }

class TeacherForm(forms.ModelForm):
    class Meta:
        model = Teacher
        fields = ('theclass',)
        widgets = {
        'theclass': forms.CheckboxSelectMultiple(),
        }

view:

def register_student(request):
context = RequestContext(request)
registered = False
if request.method == 'POST':
    user_form = UserForm(data=request.POST)
    student_form = StudentForm(data = request.POST)

    if user_form.is_valid() and student_form.is_valid():
        user = user_form.save()
        user.set_password(user.password)

        user.save

        student = student_form.save(commit = False)
        student.user = user
        student.save()
        registered = True
else:
    user_form = UserForm()
    student_form = StudentForm()
return render_to_response('classapp/register_student.html', {'user_form': user_form, 'student_form': student_form, 'registered': registered}, context)

def register_teacher(request):
    context = RequestContext(request)
    registered = False
    if request.method == 'POST':
        user_form = UserForm(data=request.POST)
        teacher_form = TeacherForm(data = request.POST)
    if user_form.is_valid() and teacher_form.is_valid():

        user = user_form.save()

        user.set_password(user.password)

        user.save

        teacher = teacher_form.save(commit = False)
        teacher.user = user
        teacher.save()
        registered = True
else:
    user_form = UserForm()
    teacher_form = TeacherForm()
return render_to_response('classapp/register_teacher.html', {'user_form': user_form, 'teacher_form': teacher_form, 'registered': registered}, context)

When I register a user through this form, the login is invalid. I checked the user information on Admin, and found that the password field said: Invalid password format or unknown hashing algorithm. I also synced the db and opened the shell and manually retrieved the user objects that were created using my registration form and found that the user password is not being hashed, like so:

>>> from django.contrib.auth.models import User
>>> user = User.objects.get(username = "username")
>>> user.password
u'password'
>>> user = User.objects.get(username = "superuser")
>>> user.password
u****hashed password****

Users created using Admin have their passwords hashed, but my custom form does not.The documentation says that set_password(raw_password) takes care of hashing automatically.

like image 446
23049581029 Avatar asked May 26 '15 18:05

23049581029


2 Answers

set_password only creates a hashed password; it doesn't save the value in the database. Call save() to actually save it.


In your views, it should be

user.save()

below the line

user.set_password(user.password)

You didn't write the brackets (parentheses). That's why save method is not being called after you hash the password.

like image 109
xyres Avatar answered Oct 06 '22 04:10

xyres


user.set_password(user.password)
user.save()
like image 40
Girish Gupta Avatar answered Oct 06 '22 05:10

Girish Gupta