I didn't get around to testing the mentioned location of changing the password_hasher. After further investigation, I realized that the password hashes use a static hash and I was using a dynamic (per-user) hash.
*Just in case anyone runs into this problem (non-static Hash)*: My solution was to by-pass the existing authentication system all-together. I already had a custom User Model which sub-classed AbstractBaseUser. I simply overrode (sp?) the set_password and check_password methods to do the password checking on the spot; without delegating to django.contrib.auth.hashers The reasoning behind this solution is that I ran out of time attempting to track down a method of passing my per-user value to be included in the Hash. *WARNING*: This may not be a great idea. I haven't ran unit tests to see what sort of problems this will bring. Possibly none; I don't know until I do. Either way, I still believe the standard process-validation approach should be taken in case one needs to upgrade passwords or has multiple hash algorithms they want to use. I'm sure this work-around could be cleaned up to fall-back on the Django approach when needed. Either way, it feels clumsy and I'm sure there's a better way. Your mileage may very. On Thu, May 16, 2013 at 7:06 PM, Kurtis Mullins <[email protected]>wrote: > It took some digging but I believe I found the answer, just in case anyone > else comes across this problem. I'll post again after I've tested this. > > > https://github.com/django/django/blob/1.5.1/django/contrib/auth/hashers.py#L20 > > > On Tue, May 14, 2013 at 6:05 PM, Kurtis <[email protected]> wrote: > >> As per this document: >> >> https://docs.djangoproject.com/en/1.5/topics/auth/passwords/ >> >> Django will upgrade all existing passwords to use the 'preferred' >> algorithm. Two questions: >> >> 1. What is the 'preferred' algorithm? Is this set by Django? Or is this >> simply the hasher at the top (or bottom) of the PASSWORD_HASHERS tuple? >> >> 2. *How can I disable or otherwise bypass this feature?* The database I >> am working with is shared with an older code-base and until we migrate the >> other components, I"d rather not "upgrade" the existing password hashes. >> >> Thanks! >> - Kurtis >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at http://groups.google.com/group/django-users?hl=en. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
