将用户帐户从 Joomla 迁移到 Django
我正在对最初使用 Joomla 制作的网站进行大修,我想知道是否可以直接从 Joomla 导入用户记录(我主要关心的是用户密码,因为它们是加密的)。
I'm overhauling a site I'd originally made using Joomla to Django, and I was wondering if I can import the user records directly from Joomla (my main concern is the user passwords as they are encrypted).
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
是的,你可以,但你必须做一些工作。 Joomla 将用户保留在某些特定的数据库表结构中,因此您必须将它们取出并将它们插入到您在 Django 应用程序中创建的用户表中。至于加密,如果算法已知,它可能是保存在数据库中的哈希值,只要您在 Django 应用程序中实现相同的哈希算法,您就可以按原样传输它。
请记住:Django 是一个比 Joomla 更通用的“概念”——它是一个用于编写 Web 应用程序的框架,因此理论上您甚至可以用它完全重新实现 Joomla。
Yes, you can, but you'll have to do some work. Joomla keeps users in some specific DB table structure, so you'll have to pull them out and insert them into a users table you create in your Django application. As for encryption, if the algorithm is known, it's probably the hash value that's kept in the DB, and you can just transfer it as-is as long as you implement the same hashing algorithm in your Django application.
Remember: Django is a more general 'concept' than Joomla - it's a framework for writing web application, hence in theory you can even re-implement Joomla completely with it.
Django 中的 Joomla 用户(Django 身份验证后端,从 Joomla 填充用户)
一旦我需要在用 Django 编写的新 API 中使用现有的 Joomla 用户。
问题是我无法将 Joomla 用户复制到 Django 数据库中,因为:
所以我为 Django 制作了一个自定义身份验证后端,现在我可以自信地说
Django 可以根据 Joomla 对用户进行身份验证 实现
算法:
check_joomla_password( )
函数,以与 Joomla 相同的方式验证用户密码实现:
要了解发生了什么,您应该有一些使用 Django 的经验。
代码必须根据您的 django 项目进行相应修改。
然而,代码是从工作项目中获取的,并且进行了最小的更改,
并且应该很容易根据您的需求进行设置。
1. 连接到 Joomla DB:
/project_name/settings.py
:2. 创建 Joomla 用户模型
在我的项目中,我创建了
'users'
应用程序,其中包含我的自定义用户模型,并且将放置自定义 Joomla 后端。
python manage.pyspectdb --database="joomla_db"
users/models.py
:为了确保 JoomlaUser 模型将使用正确的数据库,请添加 数据库路由器:
settings.py
:现在转到 django shell
./manage.py shell
并尝试填充一些用户,例如,如果一切正常 - 移动继续下一步。否则检查错误、修复设置等
3. 检查 Joomla 用户密码
Joomla 不存储用户密码,而是存储密码哈希,例如
$2y$10$aoZ4/bA7pe.QvjTU0R5.IeFGYrGag/THGvgKpoTk6bTz6XNkY0F2e
从 Joomla v3.2 开始,用户密码使用 BLOWFISH 算法。
所以我下载了一个Python的Blowfish实现:
并在
users/backend.py
中创建了Joomla密码检查功能:旧版本警告! Joomla < 3.2 使用不同的哈希方法(md5+salt),
所以这个功能不会工作。
在这种情况下,请阅读joomla密码加密
并在 python 中实现一个哈希检查器,它可能看起来像这样:
不幸的是我没有运行旧的 Joomla 实例,因此我无法为你测试这个函数。
4. Joomla 身份验证后端
现在您已准备好为 Django 创建 Joomla 身份验证后端。
阅读如何修改 django auth 后端:https://docs. djangoproject.com/en/dev/topics/auth/customizing/
在 中注册 Jango(尚不存在)后端
project/settings.py
:users/中创建Joomla身份验证后端backend.py
:测试&恭喜
- 现在,旧 Joomla 站点的客户可以在新 Django 站点或 REST API 等上使用他们的凭据。
现在,添加适当的测试和文档来涵盖此新代码。
它的逻辑非常棘手,所以如果你不进行测试和文档(懒惰的家伙) - 维护该项目将是你(或其他人)的痛苦。
亲切的问候,
@ Dmytro Gierman
更新 11.04.2019 - 错误已修复。
Joomla users in Django (Django auth backend, that populates users from Joomla)
Once I was in need to use our existing Joomla users in my new API, written in Django.
Problem is that I could not just copy Joomla users into a Django database, because:
So instead I made a custom auth backend for Django, and now I can confidently say that
Django can authenticate users against the Joomla database, without need to decrypt password hashes or to copy all users from Joomla DB at once.
Algorithm:
check_joomla_password()
function, that validates user passwords the same way as JoomlaImplementation:
To understand what's going on, you should have some experience with Django.
The code have to be modified accordingly to your django project.
However the code is taken from the working project with minimum changes,
and it should be easy to set up for your needs.
1. connect to Joomla DB:
/project_name/settings.py
:2. create Joomla user model
In my project I've created
'users'
app, where my custom user models live,and the custom Joomla backend will be placed.
python manage.py inspectdb --database="joomla_db"
users/models.py
:To ensure, that JoomlaUser model will use right DB, add a database router:
settings.py
:Now go to django shell
./manage.py shell
and try to populate some users, e.g.If everything works - move on to the next step. Otherwise look into errors, fix settings, etc
3. Check Joomla user passwords
Joomla does not store user password, but the password hash, e.g.
$2y$10$aoZ4/bA7pe.QvjTU0R5.IeFGYrGag/THGvgKpoTk6bTz6XNkY0F2e
Starting from Joomla v3.2, user passwords are hashed using BLOWFISH algorithm.
So I've downloaded a python blowfish implementation:
And created Joomla password check function in the
users/backend.py
:Old versions Warning! Joomla < 3.2 uses different hashing method (md5+salt),
so this function won't work.
In this case read joomla password encryption
and implement a hash checker in python, which probably will look something like:
Unfortunately I have no old Joomla instance running, thus I couldn't test this function for you.
4. Joomla Authentication Backend
Now you are ready to create a Joomla authentication backend for Django.
read how to modify django auth backends: https://docs.djangoproject.com/en/dev/topics/auth/customizing/
Register Jango (not yet existing) backend in the
project/settings.py
:users/backend.py
:Test & documentation
Congratulations - now your customers from old Joomla site can use their credentials on the new Django site or rest api, etc
Now, add proper tests and documentation to cover this new code.
It's logic is quite tricky, so if you won't make tests&docs (lazy dude) - maintaining the project will be a pain in your (or somebody's else) ass.
Kind regards,
@ Dmytro Gierman
Update 11.04.2019 - errors fixed.
我认为有 3 种方法可以解决这个问题:
1)您可以阅读 joomla 和 django 如何制作密码散列并使用脚本进行迁移
2)您可以制作自己的身份验证后端
3)您可以使用ETL工具
I think there is 3 ways to approach this problem:
1) You can read about how joomla and django make hash of passwords and make the migration with a script
2) You can make your own authentication backend
3) You can use a ETL tool
Joomla (PHP) 是一个 CMS,而 Django (Python) 是一个 Web 框架。
我想知道这是否真的可能。我现在可以得出的结论是这是不可能的。然而,有人可能对此有任何想法。
谢谢 :)
Joomla (PHP) is a CMS while Django (Python) is a web framework.
I wonder whether this is really possible. What i can conclude at this point of time is that it is not possible. However someone may have any idea about this.
Thanks :)