Django enable password hasher for custom authentication

1
votes

I am using a custom authentication backend in django project. I created a user using django shell. Now when i enter the password and try to authenticate it using authenticate method, it returns None.

I figured out that it has to do with the password hashing.

The password stored in database is like pbkdf2_sha256$24000$c0t......

I want to know how to use hashing in django?

Settings.py:

AUTHENTICATION_BACKENDS = ('login_app.backends.LoginBackend',
                        'django.contrib.auth.backends.ModelBackend')

# Password validation
# https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators

AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
]

Custom Backend:

def authenticate(self, email=None, password=None):
    try:
        user = User.objects.get(email=email)
        if password == user.password:
            return user
        else:
            return None
    except User.DoesNotExist:
        return None

EDIT: If i manually edit password in postgres to plain text, it works. How to use authentication with hashed password.

1
pythondjangoauthentication
why close? Atleast give a reason.. - Manish Gupta

1 Answers

1
votes

You can use function called check_password provided by django check_password(raw_password) Returns True if the given raw string is the correct password for the user. (This takes care of the password hashing in making the comparison)