Tuesday, July 1, 2014

Re: pre_save on password

you should only store the user password once, if you are trying to catch it just to register in another application then you now have two problems

you should set django use the other system as authentication backend, new users should just register there and change their passwords there, on the central application responsible for the users, I made some applications django using this to rely on the company LDAP (active directory)
the users have the same login for all the applications in the company, the ERP, windows logon, my django web apps, email etc
and you don't need to worry about storing passwords etc

or you can do it the other way around, tell the other application to authenticate against your django users

good luck


On Tue, Jul 1, 2014 at 4:42 PM, Tom Evans <tevans.uk@googlemail.com> wrote:
On Tue, Jul 1, 2014 at 1:27 PM, guillaume <guillaume.sueur@laposte.net> wrote:
> Hi Tom,
>
> Yes indeed, I know that page, but there is no way I can make it the same
> than the other one which relies on SHA256, some system key I don't know and
> a random salt. So there is no way for me to find the correct encryption for
> the remote database, that's why I want to use it's API registration system
> and feed it with the clear password.


You first post said you wanted to intercept the plain text password so
that you could supply it to a separate third party system that would
generate the hash.

This is what the hashing classes do. There are two functions you need
to implement:

encode(self, password, salt)

This function is given the plain text password and the salt, and
should return the encoded password for storage.
You can call your 3rd party system with those values in order to get
the encoded password.

verify(self, password, encoded)

This function is given the encoded password from the database, and the
plain text password as supplied by the user at login, and should
return whether the two are a match.
Again, this can call your 3rd party system in order to effect the verification.

Cheers

Tom

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAFHbX1JBiyVYjtFxQ6HZCP4e52E8MPDvCYg4w8msq3BYMuJDhw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAFWa6tLNiC%3Djv7ZLdLZ%2Bc_6Qi6epHzRDr3Aaznxndp-t84VHsg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment