def set_password(self, raw_password): if algo != 'bcrypt': salt = os.urandom(10).encode('hex') # Random, 20-digit (hex) salt. hsh = get_hexdigest(algo, salt, raw_password) self.password = '******'.join((algo, salt, hsh)) else: self.password = bcrypt_auth.create_hash(raw_password)
def set_password(self, raw_password): """Wrapper to set strongly hashed password for Django.""" if raw_password is None: self.set_unusable_password() return if algo != 'bcrypt': salt = os.urandom(10).encode('hex') # Random, 20-digit (hex) salt. hsh = get_hexdigest(algo, salt, raw_password) self.password = '******'.join((algo, salt, hsh)) else: self.password = bcrypt_auth.create_hash(raw_password)
def handle_noargs(self, **options): if not settings.PWD_ALGORITHM == 'bcrypt': return for user in User.objects.all(): pwd = user.password if pwd.startswith('hh$') or pwd.startswith('bcrypt$'): continue # Password has already been strengthened. try: alg, salt, hash = pwd.split('$') except ValueError: continue # Probably not a password we understand. bc_value = bcrypt_auth.create_hash(pwd) # 'hh' stands for 'hardened hash'. new_password = '******'.join(['hh', alg, salt, bc_value]) user.password = new_password user.save()