Opened 5 years ago

Closed 4 years ago

#14390 closed New feature (fixed)

set_password functionality outside of the User model

Reported by: kent@… Owned by: lrekucki
Component: contrib.auth Version: 1.2
Severity: Normal Keywords:
Cc: druidjaidan@… Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX:

Description

Today I wanted to use a hashed, salted password in a custom model. Instead of reinventing the wheel or looking for it in other places, I tried to use the Django implementation from contrib.auth. Checking a password was fine as django.contrib.auth.models.check_password is not tied to the User model, but creating it was harder as set_password is a method on the
User model. I had to choose between copying the implementation from set_password or calling set_password on a throwaway User object.

Perhaps the salt-and-hash action from set_password could be placed in a separate public, documented function (make_password? hash_password?) that set_password then uses?

Attachments (2)

14390.diff.txt (3.9 KB) - added by subsume 5 years ago.
Creation of a utils.py
patch_ticket14390.diff (9.5 KB) - added by lrekucki 5 years ago.
Patch with docs and tests. Also can also view & comment this on github: http://github.com/lqc/django/commit/246059c9b1da777974ad9d804989a2fb912208f1

Download all attachments as: .zip

Change History (13)

comment:1 Changed 5 years ago by lrekucki

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to worksforme
  • Status changed from new to closed

You don't have to create a User model. If your custom model also has a password field, you can just use:

x = MyModel()
User.set_password(x, "foo")

Alternatively, you can user an anonymous object:

salt_and_hash = User.set_password(object(), "foo").password

If the later is too cumbersome for you, just copy those 2 lines from User model.

comment:2 Changed 5 years ago by Alex

  • Resolution worksforme deleted
  • Status changed from closed to reopened

No, you really can't use that:

>>> class A(object):
...     def m(self):
...        return 3
... 
>>> class B(object):
...     pass
... 
>>> A.m(B())
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: unbound method m() must be called with A instance as first argument (got B instance instead)
>>> 

comment:3 Changed 5 years ago by lrekucki

Actually, you can... in Python 3. Sorry for the confusion.

comment:4 Changed 5 years ago by adrian

I would fully support separating this out into a module-level function. It doesn't feel right to have it in models.py, so let's make a utils.py with that function in there. Can somebody make a patch?

comment:5 Changed 5 years ago by lrekucki

  • Owner changed from nobody to lrekucki
  • Status changed from reopened to new
  • Triage Stage changed from Unreviewed to Accepted

I'll try to redeem myself ;)

comment:6 Changed 5 years ago by druidjaidan@…

  • Cc druidjaidan@… added

Changed 5 years ago by subsume

Creation of a utils.py

comment:7 Changed 5 years ago by subsume

  • Has patch set
  • Owner changed from lrekucki to subsume
  • Status changed from new to assigned

comment:8 Changed 5 years ago by subsume

  • Owner changed from subsume to lrekucki
  • Status changed from assigned to new

Changed 5 years ago by lrekucki

Patch with docs and tests. Also can also view & comment this on github: http://github.com/lqc/django/commit/246059c9b1da777974ad9d804989a2fb912208f1

comment:9 Changed 4 years ago by patchhammer

  • Easy pickings unset
  • Patch needs improvement set
  • Severity set to Normal
  • Type set to Uncategorized

patch_ticket14390.diff fails to apply cleanly on to trunk

comment:10 Changed 4 years ago by julien

  • Type changed from Uncategorized to New feature

comment:11 Changed 4 years ago by jezdez

  • Resolution set to fixed
  • Status changed from new to closed

In [16456]:

Fixed #14390 and #16262 -- Moved password related functions from auth models to utils module and stopped check_password from throwing an exception. Thanks, subsume and lrekucki.

Note: See TracTickets for help on using tickets.
Back to Top