Changes between Initial Version and Version 1 of CookBookPasswordHasherJS


Ignore:
Timestamp:
Nov 10, 2006, 1:57:57 PM (18 years ago)
Author:
Antti Kaihola
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • CookBookPasswordHasherJS

    v1 v1  
     1= CookBook - [wiki:CookBookAdminTools Admin Tools] - !JavaScript password hash generator for Admin User edit =
     2
     3Django admin in the development version (as of 2006-08-04) accepts new users' passwords with normal double password fields, but when editing a user it still expects them to be entered as SHA-1 hashes in the format {{{[algo]$[salt]$[hexdigest]}}}. Here is some code which enhances the user edit form in admin to automatically calculate the hashes on the client side. The author of this code is known as "akaihola" on the {{{#django}}} IRC channel and in the newsgroups.
     4
     5What the code does in version 1.0:
     6 * searches the user edit form for an {{{<input>}}} with {{{id="id_password"}}}, {{{class="vTextField required"}}}, {{{name="password}}}, {{{size="30"}}} and {{{maxlength="128"}}}, which is how the password field is defined in Django admin
     7 * when the password field loses focus, replaces its contents with a SHA-1 salted hash as Django expects
     8 * does not modify field contents if it's already a hash
     9
     10Here's what you need to do:
     11
     121. Copy or symlink the admin media directories and place [http://svn.ambitone.com/ambidjangolib/js/djangopasswordhasher.js djangopasswordhasher.js] in the {{{js/}}} subdirectory
     13
     142. "Hot-fix" the User model by inserting the following in your root urlconf ({{{urls.py}}}):
     15{{{
     16from django.contrib.auth.models import User
     17User._meta.admin.js.append('js/djangopasswordhasher.js')
     18}}}
     19
     203. Have the Dojo Toolkit !JavaScript libraries served at {{{/js/dojo/}}} on your webserver.
     21
     224. Override admin's {{{admin/base_site.html}}} template and add Dojo Toolkit initialization, for example:
     23{{{
     24{% extends "admin/base.html" %}
     25{% load i18n %}
     26
     27{% block extrahead %}
     28<script src="/js/dojo/dojo.js" type="text/javascript"></script>
     29{% endblock %}
     30
     31{% block title %}{{ title|escape }} | {% trans 'Django site admin' %}{% endblock %}
     32
     33{% block branding %}
     34<h1 id="site-name">{% trans 'Django administration' %}</h1>
     35{% endblock %}
     36
     37{% block nav-global %}{% endblock %}
     38}}}
     39
     40Pros:
     41 * nothing to install on the client side
     42 * no need to patch Django source code
     43
     44Cons:
     45 * must have !JavaScript enabled in the browser
     46 * doesn't use a real password field ­­-- password entry is visible
     47 * ugly hack
     48 * version 1.0 requires Dojo Toolkit
     49
     50Some possible improvements:
     51 * Is there a more proper place to do the User model js "hot-fix" than urls.py?
     52 * Now uses Dojo Toolkit because that's how the author prefers to code cross-browser !JavaScript. A stand-alone script would be better, contributions are welcome.
     53 * Would it be possible to use a real password field and still have the hash calculated on the client side?
Back to Top