All geek questions in one place

Why is the user password not used in django admin?

I created a user using the syncdb and it fits perfectly. But when I create a user from the django admin, it is created successfully, but causes an error when logging into it. I get an error message:

 Unknown password hashing algorithm 'password'. Did you specify it in the PASSWORD_HASHERS setting?

What is the problem? How can I allow it so that the password is automatically encrypted when the user is saved in admin?

+6
source share
4 answers

I ran into the same problem in a situation where I subclassed a Django user and then created a model administrator for him and used the automatically created Django administrative form to create the user.

So, I had something like this in my models.py

 class Employee(User): job = models.CharField(max_length=100)

and this is in my admin.py

 class EmployeeAdmin(admin.ModelAdmin): pass admin.site.register(Employee, EmployeeAdmin)

Django now automatically creates a form to add new employees to the Django administrator. But when this form is used to create a user, the password will not be hashed at all. Therefore, for some reason, Django creates a normal text input field for the password when the model is obtained from the Django built-in user. I do not know if you had the same case.

Unfortunately, I could not find an easy solution to fix this. I also do not know why Django does not create the correct form field for the password automatically. However, one possibility would be to override the automatic form with a custom form that will include a password widget. See https://docs.djangoproject.com/en/dev/ref/contrib/admin/#django.contrib.admin.ModelAdmin.formfield_overrides .

+4
source

I ran into the same problem as in Rubinous, and may be your problem.

The problem occurred while inheriting my user model from django.contrib.admin.ModelAdmin instead of django.contrib.auth.admin.UserAdmin

By doing this, I circumvented the necessary user functionality

+2
source

The solution for a password stored as text rather than a hashed password is to use UserAdmin from django.contrib.auth.admin instead of ModelAdmin.

 from django.contrib.auth.admin import UserAdmin class EmployeeAdmin(UserAdmin): pass admin.site.register(Employee, EmployeeAdmin)
+2
source

Django does not store passwords as plain text. He hashes them first, and they store the hash. Therefore, when a user logs in, Django applies the same hash function to user input, and then compares two hashes - from the user's login and what is stored in db.

However, to make things more flexible, Django does not store password hashes, but in addition it also stores the algorithm by which the hash is generated. Imagine this scenario - you use the hash function X to generate password hashes, but then you realize that this function is no longer protected for any reason, and you switch to the hash function Y This, however, is a problem because at the moment the hash password is stored using the X function, they will no longer be able to log in. That is why Django also saves the method with which it was created, in addition to the hash value itself. The parameter PASSWORD_HASHERS indicated here. The fact that Django stores the method by which the hash is generated in db, when reading the value, it does not tell Django how to execute the hash function. So PASSWORD_HASHERS is a kind of mapping between a Python hash function (actually a class, but anyway ...) and a value stored in db.

So, back to your question. The error message means that Django is not aware of the password hash function that was used to store the password hash in your database, or at least not in PASSWORD_HASHERS .

I can come up with a couple of reasons why this could happen.

  • Make sure you run syncdb , it uses the same settings.py file as when starting the server to access the administrator. It may be that different settings are used.

  • However, developers usually do not change PASSWORD_HASHERS in settings.py and simply use the default value. In this case, make sure that you use the same Python with the same version of Django installed when you run syncdb and when the server starts. If you make syncdb in the same virtual directory, for example, and start the server in different env, then the versions of Django may be different, so they may have different settings for PASSWORD_HASHERS , and therefore, when running syncdb it can use a hash function that is not defined when server startup.

0
source

Source: https://habr.com/ru/post/925404/

More articles:


All Articles