Menu
I have been trying to save the hashed version of a user password but it's not working.
forms.py:
class up_form(forms.ModelForm):
class Meta:
model = Users
fields =['email', 'password', 'username', 'status']
views.py:
from myapp.forms import up_form
from django.contrib.auth.hashers import make_password
def register(request):
if request.method == 'POST':
sign_up = up_form(request.POST or None)
if sign_up.is_valid():
sign_up.password = make_password(sign_up.cleaned_data['password'])
sign_up = sign_up.save(commit = False)
sign_up.status = 1
sign_up.save()
But my password still get saved in plain text. How do I come around this?
496
Using bcrypt with DjangoInstall the bcrypt library. This can be done by running python -m pip install django[bcrypt] , which is equivalent to python -m pip install bcrypt (along with any version requirement from Django's setup. cfg ). Keep and/or add any entries in this list if you need Django to upgrade passwords.
Bcrypt is a popular password storage algorithm that's specifically designed for long-term password storage. It's not the default used by Django since it requires the use of third-party libraries, but since many people may want to use it Django supports bcrypt with minimal effort.
@anotheruser Yes, you can't 'decrypt' a hashed password through django. (A hash is a one-way function not really encryption). You could possibly save the password of the user in plaintext in the DB, when they create a user account.
You can check user by importing model from your model class. if bool_answer is True then it means user exists other wise not. you cannot match password because django applies encryption on passwords. Django stores user details in User model of auth module.
You need to switch the order of your statements, because you have named the object as the same name as the form itself.
if request.method == 'POST':
sign_up = up_form(request.POST)
if sign_up.is_valid():
sign_up = sign_up.save(commit = False)
sign_up.password = make_password(sign_up.cleaned_data['password'])
I hope you are also returning a response from the method, and redirecting users appropriately after the POST request.
Consider this version:
def register(request):
form = up_form(request.POST or None)
if form.is_valid():
sign_up = form.save(commit=False)
sign_up.password = make_password(form.cleaned_data['password'])
sign_up.status = 1
sign_up.save()
return redirect('/thank-you/')
return render(request, 'sign_up_form.html', {'form': form})
The best way would be to follow what Django's original UserCreationForm does and override your form's save method:
class UpForm(forms.ModelForm):
class Meta:
model = Users
fields =['email', 'password', 'username', 'status']
def save(self, commit=True):
user = super(UpForm, self).save(commit=False)
user.set_password(self.cleaned_data["password"])
if commit:
user.save()
return user
This way you don't have to make_password() in every view you use your form.
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
