Buen dia con todos,
Yo estoy utilizando este metodo para grabar contraseñas, y lo hago porque
al hacer un createsuperuser con python la clave que genera es con el mismo
formato que cuando lo hago con este metodo, practicamente los valores que
genero tienen el mismo formato que los del ejemplo de Dawid C. Ahora lo
que no se como hacer es : como compruebo si una clave almacenada en mi base
de datos es la misma que estoy ingresando en la interface(pantalla), he
tratado de utilizar la instruccion:
pbkdf2_sha256.verify("claveingresada", "pbkdf2_sha256$180000$...........")
Pero me sale este mensaje:
...
ValueError: name : Not a valid pbkdf2_sha256 hash
? que metodo debo utilizar para validar la clave ingresada vs la
almacenada en mi base de datos....he probado varios metodos...pero no
funciona ninguno.....
El jueves, 12 de marzo de 2020, 12:16:31 (UTC-5), Dawid Czeluśniak escribió:
>
> I think that the root question here is: should we allow users to create
> passwords from anything that is not str? Now seems like make_password
> function allows to do that (Django 3.0.4):
>
> In [1]: make_password(True)
> Out[1]:
> 'pbkdf2_sha256$180000$WXVqmAhNTScA$bAiYHSr2fs3LbccZ+mDOAqE0vhYCPUOTVtot+TDTgSU='
>
> In [2]: make_password(False)
> Out[2]:
> 'pbkdf2_sha256$180000$19XGmulpDIUE$XbaYmfcbwPvlekI5RltSbRRJnfqLS7mfigb88VveOBY='
>
> In [3]: make_password(list)
> Out[3]:
> 'pbkdf2_sha256$180000$RkRlYdoMjKhR$QpSMO7wPNo3TVCGZk0BR1zolUI69OE2PFB7N3DYfBE0='
>
> In [4]: make_password(frozenset)
> Out[4]:
> 'pbkdf2_sha256$180000$qY0D7n7Q36Tb$1BDA0JcC0uz9RTIepDvcviU5O23WL/Cs/O9NX25fy18='
>
> In [5]: make_password([1, 2, 3, {"hello": "world"}])
> Out[5]:
> 'pbkdf2_sha256$180000$B4rNXyIZDrzM$pbdM797yYZzWu04WUrcZXBNNUwojSXZREkrbprxeP0A='
>
> Many projects are actually checking the if the password is a str throwing
> the TypeError if it's not. I don't quite understand why Django should be
> an exception in this case...
>
> https://fossies.org/linux/openslides/openslides/users/views.py#l_189
>
> https://github.com/golismero/openvas_lib/blob/master/openvas_lib/common.py#L232
>
> https://github.com/firebase/firebase-admin-python/blob/master/firebase_admin/_auth_utils.py#L73
>
>
> On Thursday, 12 March 2020 00:06:44 UTC+1, Dawid Czeluśniak wrote:
>>
>> Hi all,
>>
>> I've noticed that both set_password and check_password methods accept
>> values other than str as parameters. For example I'm able to set
>> password to boolean values:
>>
>> In [1]: u.set_password(True)
>>
>> In [2]: u.save()
>>
>> In [3]: u.refresh_from_db()
>>
>> In [4]: u.check_password(True)
>> Out[4]: True
>>
>> In [5]: u.check_password('True')
>> Out[5]: True
>>
>> What is even weirder, I'm able to set password as Exception class:
>>
>> In [1]: u.set_password(Exception)
>>
>> In [2]: u.save()
>>
>> In [3]: u.refresh_from_db()
>>
>> In [4]: u.check_password(repr(Exception))
>> Out[4]: True
>>
>> and the User instance itself:
>>
>> In [1]: u.set_password(u)
>>
>> In [2]: u.save()
>>
>> In [3]: u.refresh_from_db()
>>
>> In [4]: u.check_password(u)
>> Out[4]: True
>>
>> In [5]: u.check_password(str(u))
>> Out[5]: True
>>
>> IMHO this is not correct behaviour especially because Django
>> documentation implies that these methods accept strings.
>>
>> set_password(raw_password)
>>> Sets the user’s password to the given *raw string*, taking care of the
>>> password hashing. Doesn’t save the User object.
>>>
>>> check_password(raw_password)
>>> Returns True if the given *raw string* is the correct password for the
>>> user. (This takes care of the password hashing in making the comparison.)
>>
>>
>> Please let me know if this is reproducible on your side.
>>
>> Dawid
>>
>
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/07567a26-b99e-411c-a46d-2f13aa1fb976%40googlegroups.com.
