If the username/whatever is available within the hasher you could create a subclass of the hasher you're using in Django and intercept the plain-text password there, call your API and then call the superclass?
PhilOn 01/07/2014 13:27, guillaume wrote:
Hi Tom,--
Yes indeed, I know that page, but there is no way I can make it the same than the other one which relies on SHA256, some system key I don't know and a random salt. So there is no way for me to find the correct encryption for the remote database, that's why I want to use it's API registration system and feed it with the clear password.
Best regards
Guillaume
Le mardi 1 juillet 2014 14:17:28 UTC+2, Tom Evans a écrit :On Tue, Jul 1, 2014 at 1:12 PM, guillaume <guillau...@laposte.net> wrote:
>
> Hi,
> thanks for your reply. Actually I don't want to store the uncrypted
> password, just submit it to another app registration system, which will hash
> it then. The two hashing systems are too different and complicated for me to
> use the django encrypted password in the other application database.
>
How Django hashes passwords is fully configurable, see:
https://docs.djangoproject.com/en/1.6/topics/auth/ passwords/
The setting PASSWORD_HASHERS contains a list of classes that hash
passwords. Simply replace this with your custom hash algorithm, or
calls to your external API that implements your hash algorithm.
Cheers
Tom
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/a7b49845-b8df-4897-b653-17020f339794%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment