How to migrate django 1.8 users to firebase

0
votes

I try to migrate django 1.8 users to firebase, and django password algorithm is django_pbkdf2_sha256, and the firebase support PBKDF2_SHA256

Error: Unsupported hash algorithm DJANGO_PBKDF2_SHA256

How do I bypass this?

Ref: https://firebase.google.com/docs/cli/auth?hl=es-419

from passlib.hash import pbkdf2_sha256, django_pbkdf2_sha256
from passlib.utils import to_bytes, to_native_str
import base64

PASSWORD = 'aA123456*'
ROUND = 20000
SALT = to_bytes('google')

hash0 = pbkdf2_sha256.using(salt=SALT,rounds=ROUND).hash(PASSWORD)
print(pbkdf2_sha256.identify(hash0)) 
# True 
print(pbkdf2_sha256.verify(PASSWORD,hash0)) 
# True
print(hash0) 
# $pbkdf2-sha256$20000$Z29vZ2xl$PtFLyZHJJucUa2KBg1iJeVJsivis8JimRhFifRRKlFc

# Current keys generate by django 1.8
dj = [{"model": "auth.user", "fields": {"password": "pbkdf2_sha256$20000$mkMhRA3bpiV7$GDkKvfuzu6b9YrKGk1jy3pKkA/DUIKYc9rYEuzRLoIw=", "last_login": "2019-01-07T15:30:38.959Z", "is_superuser": True, "username": "romel", "first_name": "", "last_name": "", "email": "", "is_staff": True, "is_active": True, "date_joined": "2018-11-02T18:07:14Z", "groups": [1], "user_permissions": [1]}, "pk": 2}]

print('is hash 0 is valid pbkdf2_sha256 algorithm >>>', pbkdf2_sha256.identify(hash0)) 
// Result: True
print('is hash 1 is valid pbkdf2_sha256 algorithm >>>', pbkdf2_sha256.identify(dj[0]['fields']['password']))
// Result: False
print('is hash 1 is valid django_pbkdf2_sha256 algorithm >>>', django_pbkdf2_sha256.identify(dj[0]['fields']['password']))
// Result: True
1
djangofirebasefirebase-authentication

1 Answers

2
votes

The django password property has the hash in base64, and the salt not, so, the salt must have to be pass to base64 format to make it work.

from passlib.hash import pbkdf2_sha256, django_pbkdf2_sha256
from passlib.utils import to_bytes, to_native_str
import base64

PASSWORD = 'aA123456*'
ROUND = 20000
SALT = to_bytes('google')

# TEST with HASH_DEMO generate by pbkdf2_sha256 and fixed paramentes 
HASH_DEMO = pbkdf2_sha256.using(salt=SALT,rounds=ROUND).hash(PASSWORD)
print(HASH_DEMO) 
# $pbkdf2-sha256$20000$Z29vZ2xl$PtFLyZHJJucUa2KBg1iJeVJsivis8JimRhFifRRKlFc

print('is the HASH_DEMO a valid pbkdf2_sha256 algorithm? >>>', pbkdf2_sha256.identify(HASH_DEMO)) 
# True 
print('is the HASH_DEMO (pbkdf2_sha256 - algorithm) with the PASSWORD: aA123456*, valid? >>>', pbkdf2_sha256.verify(PASSWORD,HASH_DEMO)) 
# True

# Current key generate by django 1.8 [HASH_DJANGO]
HASH_DJANGO = [{"model": "auth.user", "fields": {"password": "pbkdf2_sha256$20000$VVEU1GnGCr0M$7ZtXwcAIAZXICBYXb82FVeCJAjdfWrBZ11gVzb2UGVc=", "last_login": "2019-01-07T15:30:38.959Z", "is_superuser": True, "username": "romel", "first_name": "", "last_name": "", "email": "", "is_staff": True, "is_active": True, "date_joined": "2018-11-02T18:07:14Z", "groups": [1], "user_permissions": [1]}, "pk": 2}]

print('is HASH_DJANGO is valid pbkdf2_sha256 algorithm? >>>', pbkdf2_sha256.identify(HASH_DJANGO[0]['fields']['password']))
# result: False
print('is HASH_DJANGO is valid django_pbkdf2_sha256 algorithm? >>>', django_pbkdf2_sha256.identify(HASH_DJANGO[0]['fields']['password']))
# result: True
print('is HASH_DJANGO (django_pbkdf2_sha256 - algorithm) with the PASSWORD: aA123456*, valid?', django_pbkdf2_sha256.verify(PASSWORD, HASH_DJANGO[0]['fields']['password']))
# result: True

# The django password property has the hash in base64, and the salt not, so, the salt must have to be pass to base64 format to make it work.

SAL_B64 = base64.b64encode(b'VVEU1GnGCr0M')
print('SAL_B64 >>>', SAL_B64) # >>> VlZFVTFHbkdDcjBN


# firebase auth:import sandbox/account_file.csv --hash-algo=PBKDF2_SHA256 --rounds=20000 --project <project_name>
#
# account_file.csv
# 555000444,[email protected],false,7ZtXwcAIAZXICBYXb82FVeCJAjdfWrBZ11gVzb2UGVc=,VlZFVTFHbkdDcjBN,,,,,,,,,,,,,,,,,,,,,,

ref: https://mail.google.com/mail/u/0/#inbox/FMfcgxwBVDBlXBNKJRtwtfjbXcHmPJWL