Opened 13 years ago

Closed 13 years ago

#14390 closed New feature (fixed)

set_password functionality outside of the User model

Reported by: kent@… Owned by: Łukasz Rekucki
Component: contrib.auth Version: 1.2
Severity: Normal Keywords:
Cc: druidjaidan@… Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description

Today I wanted to use a hashed, salted password in a custom model. Instead of reinventing the wheel or looking for it in other places, I tried to use the Django implementation from contrib.auth. Checking a password was fine as django.contrib.auth.models.check_password is not tied to the User model, but creating it was harder as set_password is a method on the
User model. I had to choose between copying the implementation from set_password or calling set_password on a throwaway User object.

Perhaps the salt-and-hash action from set_password could be placed in a separate public, documented function (make_password? hash_password?) that set_password then uses?

Attachments (2)

14390.diff.txt (3.9 KB ) - added by Yeago 13 years ago.
Creation of a utils.py
patch_ticket14390.diff (9.5 KB ) - added by Łukasz Rekucki 13 years ago.
Patch with docs and tests. Also can also view & comment this on github: http://github.com/lqc/django/commit/246059c9b1da777974ad9d804989a2fb912208f1

Download all attachments as: .zip

Change History (13)

comment:1 by Łukasz Rekucki, 13 years ago

Resolution: worksforme
Status: newclosed

You don't have to create a User model. If your custom model also has a password field, you can just use:

x = MyModel()
User.set_password(x, "foo")

Alternatively, you can user an anonymous object:

salt_and_hash = User.set_password(object(), "foo").password

If the later is too cumbersome for you, just copy those 2 lines from User model.

comment:2 by Alex Gaynor, 13 years ago

Resolution: worksforme
Status: closedreopened

No, you really can't use that:

>>> class A(object):
...     def m(self):
...        return 3
... 
>>> class B(object):
...     pass
... 
>>> A.m(B())
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: unbound method m() must be called with A instance as first argument (got B instance instead)
>>> 

comment:3 by Łukasz Rekucki, 13 years ago

Actually, you can... in Python 3. Sorry for the confusion.

comment:4 by Adrian Holovaty, 13 years ago

I would fully support separating this out into a module-level function. It doesn't feel right to have it in models.py, so let's make a utils.py with that function in there. Can somebody make a patch?

comment:5 by Łukasz Rekucki, 13 years ago

Owner: changed from nobody to Łukasz Rekucki
Status: reopenednew
Triage Stage: UnreviewedAccepted

I'll try to redeem myself ;)

comment:6 by druidjaidan@…, 13 years ago

Cc: druidjaidan@… added

by Yeago, 13 years ago

Attachment: 14390.diff.txt added

Creation of a utils.py

comment:7 by Yeago, 13 years ago

Has patch: set
Owner: changed from Łukasz Rekucki to Yeago
Status: newassigned

comment:8 by Yeago, 13 years ago

Owner: changed from Yeago to Łukasz Rekucki
Status: assignednew

by Łukasz Rekucki, 13 years ago

Attachment: patch_ticket14390.diff added

Patch with docs and tests. Also can also view & comment this on github: http://github.com/lqc/django/commit/246059c9b1da777974ad9d804989a2fb912208f1

comment:9 by patchhammer, 13 years ago

Easy pickings: unset
Patch needs improvement: set
Severity: Normal
Type: Uncategorized

patch_ticket14390.diff fails to apply cleanly on to trunk

comment:10 by Julien Phalip, 13 years ago

Type: UncategorizedNew feature

comment:11 by Jannis Leidel, 13 years ago

Resolution: fixed
Status: newclosed

In [16456]:

Fixed #14390 and #16262 -- Moved password related functions from auth models to utils module and stopped check_password from throwing an exception. Thanks, subsume and lrekucki.

Note: See TracTickets for help on using tickets.
Back to Top