将代码添加到 contrib.auth 的最简洁方法是什么
我已将旧的 joomla 安装迁移到 django。不过,密码哈希是一个问题。我必须修改 contrib.auth.models 中的 get_hexdigest 以获得额外的 if 语句来反转哈希的生成方式。
# Custom for Joomla
if algorithm == 'joomla':
return md5_constructor(raw_password + salt).hexdigest()
# Djangos original md5
if algorithm == 'md5':
return md5_constructor(salt + raw_password).hexdigest()
我还在用户模型中添加了以下内容,以便在登录后更新密码(如果它们具有旧的 joomla 样式):
# Joomla Backwards compat
algo, salt, hsh = self.password.split('$')
if algo == 'joomla':
is_correct = (hsh == get_hexdigest(algo, salt, raw_password))
if is_correct:
# Convert the password to the new more secure format.
self.set_password(raw_password)
self.save()
return is_correct
一切都运行良好,但我不想直接在 django 树中编辑此代码。在我自己的项目中是否有更干净的方法来做到这一点?
谢谢
I've migrated an old joomla installation over to django. The password hashes is an issue though. I had to modify the get_hexdigest in contrib.auth.models to have an extra if statement to reverse the way the hash is generated.
# Custom for Joomla
if algorithm == 'joomla':
return md5_constructor(raw_password + salt).hexdigest()
# Djangos original md5
if algorithm == 'md5':
return md5_constructor(salt + raw_password).hexdigest()
I also added the following to the User model to update the passwords after login if they have the old joomla style:
# Joomla Backwards compat
algo, salt, hsh = self.password.split('
Everything is working perfectly but I'd rather not edit this code directly in the django tree. Is there a cleaner way to do this in my own project?
Thanks
)
if algo == 'joomla':
is_correct = (hsh == get_hexdigest(algo, salt, raw_password))
if is_correct:
# Convert the password to the new more secure format.
self.set_password(raw_password)
self.save()
return is_correct
Everything is working perfectly but I'd rather not edit this code directly in the django tree. Is there a cleaner way to do this in my own project?
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您最好的选择是推出自定义身份验证后端并在那里重写 get_hexdigest 。我自己从未这样做过,但有关如何执行此操作的文档可在 获取http://docs.djangoproject.com/en/dev/topics/auth/#authentication-backends。
Your best bet would be to roll a custom auth backend and rewrite get_hexdigest in there. Never done it myself, but documentation on how to do so is available at http://docs.djangoproject.com/en/dev/topics/auth/#authentication-backends.
感谢您的指导。对于需要使用 DJ 密码使用其他方式(
DJango到Joomla)的人,DJ 格式为Sha1$salt$crypt。Joomla标准身份验证插件和 joomla 核心JUserHelper没有实现相同的 SHA1 算法,但在该插件中修补到 joomla.php 相当容易,该插件通常会执行以下操作:在':'上爆炸。使用'$'进行三部分爆炸并使用salt = [1],将其与$encrypted = sha1($salt.$plaintext)< /code>,将其与crypt [2]进行匹配。Thanks for the guidance. For anyone who needs to go the other way (
DJangotoJoomla) with DJ passwords, the DJ format isSha1$salt$crypt.Joomlastandard auth plugin and joomla coreJUserHelperdo not implement the same SHA1 algorithum but it is fairly easy to patch into joomla.php in that plugin, where the plugin normally does an explode on':'. Do a three-part explode with'$'and usesalt = [1], compare that against$encrypted = sha1($salt.$plaintext), match that against thecrypt [2].