Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Migrate passwords from Drupal 7 to Django

I am migrating a site from Drupal 7 to Django 1.4, including the current users. How can I work with the passwords that were hashed by Drupal?

According to this, Drupal 7 hashes passwords using SHA-512 (they are stored in the form of a string starting with "$S$").

Django 1.4 now contains a number of options for storing passwords, with a default of SHA-256, but I can't find an option for SHA-512. While this app appears to allow the use of SHA2 algorithms, I'm not sure it's compatible with Django 1.4 (as 1.4 has a flexible password hasher).

What is the simplest way to do this?

ETA: I've built a password hasher that mimics Drupal's algorithm and makes migration easy. Since I've already accepted an answer, I won't unaccept, but for anyone who wants to do Drupal to Django migration in the future, the code is stored on Django snippets and as a GitHub gist.

like image 970
David Robinson Avatar asked Mar 26 '12 17:03

David Robinson


Video Answer


1 Answers

I don't know Drupal very well, but I suppose that the passwords are stored hashed. If that's the case, you'll have to copy the passwords (I mean, copy them unchanged) and you'll have to change the way Django hashes its passwords, using the exactly same way of Drupal, with the same Security Salt.

I really don't know how to do that, but the logic for passwords is contained in the User object. For example. the User.set_password() function (described here) uses the make_password function.

I think with a little research you'll find the way to change it, but the important thing is, remember that the functions must be equals! ie:

drupal_hash(x) == django_hash(x) for every x in the allowed passwords set.

EDIT:

Taking a deeper look django get the has function with the get_hasher function. Now in the 1.4 version there's a way to specify how Django will select that function. Take a look at this: https://docs.djangoproject.com/en/dev/topics/auth/#how-django-stores-passwords

Finally, in order to create your own function, you can take a look at how it's done on the MD5PasswordHasher. It seems really simple. You can use the hashlib python library to generate sha-512 algorithms.

Changing the encode method would require somthing similar to:

def encode(self, password, salt):
    assert password
    assert salt and '$' not in salt
    hash = hashlib.sha512(salt + password).hexdigest()
    return "%s$%s$%s" % (self.algorithm, salt, hash)
like image 82
santiagobasulto Avatar answered Sep 23 '22 12:09

santiagobasulto