def set_pw(self, rawPw): """Sets the user's password - always use this rather than using directly as the password is hashed before storage. """ algo = 'sha1' salt = get_hexdigest(algo, str(random()), str(random()))[:5] hash = get_hexdigest(algo, salt, rawPw) self.pw = '%s$%s$%s' % (algo, salt, hash) self.save() return self
def checkPw(self, rawPw): """Checks the user's password against a provided password - always use this rather than directly comparing to :attr:`~mongoengine.django.auth.User.password` as the password is hashed before storage. """ algo, salt, hash = self.pw.split('$') return hash == get_hexdigest(algo, salt, rawPw)