It is so wrong to want to read the users 's password. I think this should not be done.
On Mon, Oct 21, 2019, 7:20 PM Alex Heyden <[email protected]> wrote: > Password tables should never be human-readable. Never ever. No exceptions. > > If the intent is to power automation, store that password where the test > agent can read it. If you don't know the password, reset it, then save it. > Don't expect your web server to leak a password, though. Not even if you > ask it nicely. > > On Mon, Oct 21, 2019 at 1:16 PM Dilipkumar Noone <[email protected]> > wrote: > >> Dear Django group, >> >> In one of my View i need UserName & Password details in raw format but >> Django uses *PBKDF2* <https://en.wikipedia.org/wiki/PBKDF2> algorithm to >> store the password. >> >> I would like to know how to retrieve the saved password from >> Authentication Form. >> >> Using these Username and password details from my Django app , i need to >> use the same credentials to access another website to perform web >> automation on it using selenium chrome webdriver. >> >> Please let us know how to get the password in raw format once user >> authenticated using below LoginForm and login_view. >> >> *My forms.py:* >> *===========* >> >> forms.py: >> ======= >> >> class LoginForm(AuthenticationForm): >> >> remember_me = forms.BooleanField(required=True, initial=False) >> >> def __init__(self, *args, **kwargs): >> >> super(LoginForm, self).__init__(*args, **kwargs) >> self.helper = FormHelper() >> self.helper.form_action = '.' >> self.helper.layout = Layout( >> Field('username', placeholder="Enter Username", autofocus=""), >> Field('password', placeholder="Enter Password"), >> Field('remember_me'), >> Submit('sign_in', 'Log in', >> css_class="btn btn-lg btn-primary btn-block"), >> ) >> >> def apply_gsp_request_form(request, id=None): >> >> if id: >> action = 'edit' >> model = get_object_or_404(ApplyGSP, pk=id) >> else: >> action = 'submit' >> model = ApplyGSP() >> >> message = "" >> >> if request.method == 'POST': >> form = ApplyGSPForm(request.POST, instance=model) >> >> if form.is_valid(): >> form.save() >> username = request.user.username >> print("password:", request.user.password) >> * # How to get password details ? If i get pwd here using >> request.user.password it is displaying >> in <SHAalgorithm>$<iterations>$<salt>$<hash> format.* >> * # but i need in raw(clear text format)* >> *applyselenium*(username,password*)* >> >> *def applyselenium():* >> ----------- >> ---------- >> >> >> My Views.py: >> ======= >> views.py: >> ======== >> def login_view(request): >> logout(request) >> >> username = password = '' >> redirect_to = request.GET.get('next', '/gspapp/') >> >> form = LoginForm() >> >> if request.POST: >> >> form = LoginForm(request.POST) >> >> username = request.POST['username'] >> password = request.POST['password'] >> >> user = authenticate(request, username=username, >> password=password) >> >> if user is not None: >> login(request, user) >> >> remember_me = request.POST.get('remember_me', False) >> >> if remember_me == "on": >> ONE_MONTH = 30 * 24 * 60 * 60 >> expiry = getattr(settings, "KEEP_LOGGED_DURATION", >> ONE_MONTH) >> request.session.set_expiry(expiry) >> else: >> request.session.set_expiry(0) >> >> return HttpResponseRedirect(redirect_to) >> >> context = {'form': form, 'page_title': page_title, >> 'loginpage_heading': loginpage_heading} >> return render(request, 'login.html', context) >> >> >> >> >> Regards >> N.Dilip Kumar. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-users/11a515fc-8b06-4130-8a0d-5ab6c9a21497%40googlegroups.com >> <https://groups.google.com/d/msgid/django-users/11a515fc-8b06-4130-8a0d-5ab6c9a21497%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/CA%2Bv0ZYVQUxqqRbKM-2Wbiuia7d5uWFNWTAyuGH200LmnmnK2kg%40mail.gmail.com > <https://groups.google.com/d/msgid/django-users/CA%2Bv0ZYVQUxqqRbKM-2Wbiuia7d5uWFNWTAyuGH200LmnmnK2kg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAC26BE39NjN9K%3Dyvtzop6676t1BqVYR4KYtQ%2BE2QCPrhsD20Pg%40mail.gmail.com.
