Opened 7 years ago

Closed 6 years ago

#14390 closed New feature (fixed)

set_password functionality outside of the User model

Reported by: kent@… Owned by: Łukasz Rekucki
Component: contrib.auth Version: 1.2
Severity: Normal Keywords:
Cc: druidjaidan@… Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX:


Today I wanted to use a hashed, salted password in a custom model. Instead of reinventing the wheel or looking for it in other places, I tried to use the Django implementation from contrib.auth. Checking a password was fine as django.contrib.auth.models.check_password is not tied to the User model, but creating it was harder as set_password is a method on the
User model. I had to choose between copying the implementation from set_password or calling set_password on a throwaway User object.

Perhaps the salt-and-hash action from set_password could be placed in a separate public, documented function (make_password? hash_password?) that set_password then uses?

Attachments (2)

14390.diff.txt (3.9 KB) - added by Yeago 7 years ago.
Creation of a
patch_ticket14390.diff (9.5 KB) - added by Łukasz Rekucki 7 years ago.
Patch with docs and tests. Also can also view & comment this on github:

Download all attachments as: .zip

Change History (13)

comment:1 Changed 7 years ago by Łukasz Rekucki

Resolution: worksforme
Status: newclosed

You don't have to create a User model. If your custom model also has a password field, you can just use:

x = MyModel()
User.set_password(x, "foo")

Alternatively, you can user an anonymous object:

salt_and_hash = User.set_password(object(), "foo").password

If the later is too cumbersome for you, just copy those 2 lines from User model.

comment:2 Changed 7 years ago by Alex Gaynor

Resolution: worksforme
Status: closedreopened

No, you really can't use that:

>>> class A(object):
...     def m(self):
...        return 3
>>> class B(object):
...     pass
>>> A.m(B())
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: unbound method m() must be called with A instance as first argument (got B instance instead)

comment:3 Changed 7 years ago by Łukasz Rekucki

Actually, you can... in Python 3. Sorry for the confusion.

comment:4 Changed 7 years ago by Adrian Holovaty

I would fully support separating this out into a module-level function. It doesn't feel right to have it in, so let's make a with that function in there. Can somebody make a patch?

comment:5 Changed 7 years ago by Łukasz Rekucki

Owner: changed from nobody to Łukasz Rekucki
Status: reopenednew
Triage Stage: UnreviewedAccepted

I'll try to redeem myself ;)

comment:6 Changed 7 years ago by druidjaidan@…

Cc: druidjaidan@… added

Changed 7 years ago by Yeago

Attachment: 14390.diff.txt added

Creation of a

comment:7 Changed 7 years ago by Yeago

Has patch: set
Owner: changed from Łukasz Rekucki to Yeago
Status: newassigned

comment:8 Changed 7 years ago by Yeago

Owner: changed from Yeago to Łukasz Rekucki
Status: assignednew

Changed 7 years ago by Łukasz Rekucki

Attachment: patch_ticket14390.diff added

Patch with docs and tests. Also can also view & comment this on github:

comment:9 Changed 6 years ago by patchhammer

Easy pickings: unset
Patch needs improvement: set
Severity: Normal
Type: Uncategorized

patch_ticket14390.diff fails to apply cleanly on to trunk

comment:10 Changed 6 years ago by Julien Phalip

Type: UncategorizedNew feature

comment:11 Changed 6 years ago by Jannis Leidel

Resolution: fixed
Status: newclosed

In [16456]:

Fixed #14390 and #16262 -- Moved password related functions from auth models to utils module and stopped check_password from throwing an exception. Thanks, subsume and lrekucki.

Note: See TracTickets for help on using tickets.
Back to Top