Code

Opened 4 years ago

Closed 3 years ago

#14390 closed New feature (fixed)

set_password functionality outside of the User model

Reported by: kent@… Owned by: lrekucki
Component: contrib.auth Version: 1.2
Severity: Normal Keywords:
Cc: druidjaidan@… Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX:

Description

Today I wanted to use a hashed, salted password in a custom model. Instead of reinventing the wheel or looking for it in other places, I tried to use the Django implementation from contrib.auth. Checking a password was fine as django.contrib.auth.models.check_password is not tied to the User model, but creating it was harder as set_password is a method on the
User model. I had to choose between copying the implementation from set_password or calling set_password on a throwaway User object.

Perhaps the salt-and-hash action from set_password could be placed in a separate public, documented function (make_password? hash_password?) that set_password then uses?

Attachments (2)

14390.diff.txt (3.9 KB) - added by subsume 4 years ago.
Creation of a utils.py
patch_ticket14390.diff (9.5 KB) - added by lrekucki 3 years ago.
Patch with docs and tests. Also can also view & comment this on github: http://github.com/lqc/django/commit/246059c9b1da777974ad9d804989a2fb912208f1

Download all attachments as: .zip

Change History (13)

comment:1 Changed 4 years ago by lrekucki

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to worksforme
  • Status changed from new to closed

You don't have to create a User model. If your custom model also has a password field, you can just use:

x = MyModel()
User.set_password(x, "foo")

Alternatively, you can user an anonymous object:

salt_and_hash = User.set_password(object(), "foo").password

If the later is too cumbersome for you, just copy those 2 lines from User model.

comment:2 Changed 4 years ago by Alex

  • Resolution worksforme deleted
  • Status changed from closed to reopened

No, you really can't use that:

>>> class A(object):
...     def m(self):
...        return 3
... 
>>> class B(object):
...     pass
... 
>>> A.m(B())
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: unbound method m() must be called with A instance as first argument (got B instance instead)
>>> 

comment:3 Changed 4 years ago by lrekucki

Actually, you can... in Python 3. Sorry for the confusion.

comment:4 Changed 4 years ago by adrian

I would fully support separating this out into a module-level function. It doesn't feel right to have it in models.py, so let's make a utils.py with that function in there. Can somebody make a patch?

comment:5 Changed 4 years ago by lrekucki

  • Owner changed from nobody to lrekucki
  • Status changed from reopened to new
  • Triage Stage changed from Unreviewed to Accepted

I'll try to redeem myself ;)

comment:6 Changed 4 years ago by druidjaidan@…

  • Cc druidjaidan@… added

Changed 4 years ago by subsume

Creation of a utils.py

comment:7 Changed 4 years ago by subsume

  • Has patch set
  • Owner changed from lrekucki to subsume
  • Status changed from new to assigned

comment:8 Changed 4 years ago by subsume

  • Owner changed from subsume to lrekucki
  • Status changed from assigned to new

Changed 3 years ago by lrekucki

Patch with docs and tests. Also can also view & comment this on github: http://github.com/lqc/django/commit/246059c9b1da777974ad9d804989a2fb912208f1

comment:9 Changed 3 years ago by patchhammer

  • Easy pickings unset
  • Patch needs improvement set
  • Severity set to Normal
  • Type set to Uncategorized

patch_ticket14390.diff fails to apply cleanly on to trunk

comment:10 Changed 3 years ago by julien

  • Type changed from Uncategorized to New feature

comment:11 Changed 3 years ago by jezdez

  • Resolution set to fixed
  • Status changed from new to closed

In [16456]:

Fixed #14390 and #16262 -- Moved password related functions from auth models to utils module and stopped check_password from throwing an exception. Thanks, subsume and lrekucki.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.