I have a running wiki with users. Now I want to write an app in Django to do a specific task.
I have to use my "old" users/groups database (which has a different hashing algorithm for passwords then django_auth) and sync it every now and then since my users already have a login which has to be the same everywhere.
I want to use django_auth as well.
Is it possible to change the Hashing algorithm in django_auth?
so that django auth uses a function I write to check whether the password inserted is right or wrong.
Thanks in advance, Senad. =)
Quoting How Django stores passwords docs:
Django chooses the algorithm to use by consulting the PASSWORD_HASHERS setting. This is a list of hashing algorithm classes that this Django installation supports. The first entry in this list (that is, settings.PASSWORD_HASHERS[0]) will be used to store passwords, and all the other entries are valid hashers that can be used to check existing passwords. This means that if you want to use a different algorithm, you’ll need to modify PASSWORD_HASHERS to list your preferred algorithm first in the list.
You can write your custom one, just copy paste a hasher from https://github.com/django/django/blob/master/django/contrib/auth/hashers.py, make your customizations and add to settings:
PASSWORD_HASHERS = [
'myApp.myUtils.CesarPasswordHasher',
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
'django.contrib.auth.hashers.Argon2PasswordHasher',
'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
]