Code


Version 3 (modified by akaihola, 8 years ago) (diff)

Added explanation, remote install link and a note.

Django admin expects users' passwords to be entered as SHA-1 hashes in the format [algo]$[salt]$[hexdigest]. Here is a tool which automates calculating the hashes on the client side.

What it does as of version 1.0 is:

  • searches each opened page for an <input> with id="id_password", class="vTextField required", name="password, size="30" and maxlength="128", which is how the password field is defined in Django admin
  • when the password field loses focus, replaces its contents with a SHA-1 salted hash as Django expects
  • does not modify field contents if it's already a hash

You need to

Pros:

  • works on all standard Django admin sites
  • nothing to install on the server side

Cons:

  • needs the extension on the browser
  • doesn't use a real password field -- password entry is visible

---

Note: Don't try to install the script using the attachments below. Use the remote link above instead. Admins should remove the attachments.

Attachments (2)

Download all attachments as: .zip