Skip to main content

Django hasher for pgcrypto encoded passwords.

Project description

Django hasher for PostgreSQL pgcrypto encoded passwords.

https://travis-ci.org/tomatohater/django-pgcryptoauth.png?branch=master https://coveralls.io/repos/tomatohater/django-pgcryptoauth/badge.png?branch=master https://badge.fury.io/py/django-pgcryptoauth.png

django-pgcryptoauth is a custom Django password hasher which is intended to provide authentication continuity for legacy passwords that were encrypted with the Postgres pgcrypto extension.

Since we don’t have access to the cleartext passwords, we instead just make Django understand and handle the legacy algorithm. When a user successfully logs in, Django will automatically upgrade the password to the preferred algorithm.

Source code

https://github.com/tomatohater/django-pgcryptoauth

Dependencies

Of course, you will need to be using a PostgreSQL database with the pgcrypto extension installed.

Installation

  1. Install the django-pgcryptoauth package:

    pip install django-pgcryptoauth
  2. Add pgcryptoauth to your INSTALLED_APPS:

    INSTALLED_APPS = (
        ...
        'pgcryptoauth',
        ...
    )
  3. Add pgcryptoauth.hashers.PgCryptoPasswordHasher to PASSWORD_HASHERS in your Django settings:

    PASSWORD_HASHERS = (
        ...
        'pgcryptoauth.hashers.PgCryptoPasswordHasher',
    )

Note: This hasher should probably at the bottom of the list so that other hashers take priority. See https://docs.djangoproject.com/en/dev/topics/auth/passwords/

Configuration

By default, pgcryptoauth will use your default database connection. However, you may instruct it to use another connection by setting PGCRYPTOAUTH_DATABASE to something else in your Django settings.:

PGCRYPTOAUTH_DATABASE = 'another_database'

Of course, this other connection must be a valid Postgres database with the pgcrypto extension and listed in your DATABASES setting:

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'my_database',
        'USER': 'my_user',
        'PASSWORD': 'my_pass',
        'HOST': '127.0.0.1',
        'PORT': '',
    },
    'another_database': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'NAME': 'another_database',
        'USER': 'another_user',
        'PASSWORD': 'another_pass',
        'HOST': '127.0.0.1',
        'PORT': '',
    }
}

This may be necessary if the pgcrypto extension is not (or can’t be) installed on your primary database. Especially if your primary database is not PostgreSQL!

Running test cases

Execute the unit test:

python manage.py test pgcryptoauth

Loading legacy data

Note: Legacy pgcrypto hashed passwords look like $1$BFw5nhna$XeiE8c4FInYGp3oND2l9n1. When migrating these passwords, we simply need to prefix the hash with the pgcrypto$ algorithm:

user.password = 'pgcrypto$$1$BFw5nhna$XeiE8c4FInYGp3oND2l9n1'
user.save()

If you review that users password via the Django auth.user admin, you should see:

algorithm: pgcrypto
hash: $1$BFw******************************************

History

v0.3 - Adds Python 3 support, supports Django 1.8+.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-pgcryptoauth-0.3.tar.gz (5.5 kB view details)

Uploaded Source

File details

Details for the file django-pgcryptoauth-0.3.tar.gz.

File metadata

File hashes

Hashes for django-pgcryptoauth-0.3.tar.gz
Algorithm Hash digest
SHA256 5ac7b1a5f098b58c5e87e53dad55111ef9384e5e8c2f2562a311e6f3ef5036ec
MD5 97328a6af17f7f9b4221facb6d5e1467
BLAKE2b-256 3b8f65948a3648d57f6d02255d433e1a599be0291050f0e257a084969531ed57

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page