On Jan 22, 2015, at 4:42 PM, Supermario <human...@gmail.com> wrote: > Many thanks for your help Thomas. Indeed I am in the middle of big escape > effort to get the heck away from Drupal. > > I tested your snippet in the shell and DrupalPasswordHasher hashes perfectly > well there. > > However, when I integrate the hash into my project as per your explanation, > django-registration module still refuse to authenticate old drupal users. > > Any ideas on how to troubleshoot this?
I’m not using django-registration so don’t know if it uses some other mechanism to hash and compare passwords. I might try putting a simple print statement into the hash routine to make sure that it is executing (run using the development server and just look for the print output on your console). All password processors are executed in order until one of the verify() methods returns True. Oh! You will also need to prepend “drupal” to each hashed password you bring over from the drupal database. Or do an explicit update of your new database to prepend that string to the hashed password field. hth - Tom > > Cheers > > On Thursday, January 22, 2015 at 4:12:07 AM UTC+1, Thomas wrote: > On Jan 21, 2015, at 3:07 PM, Supermario <huma...@gmail.com> wrote: > >> I am trying to move Druap 7 site to django 1.7 without invalidating user >> passwords, and this proved to be daunting. >> >> Fortunately, I have found this SO question and this hashing snippet but >> there is no documentation and as a newbie to django, I have no clue how to >> integrate the snippet into my project. >> > > I’ve enclosed a password processor I used in the past for a Drupal > conversion; the gist came from a web search and is attributed in the code but > has some minor fixes. I’ve actually included two processors, with one > disabled with “XXX” in the function name. I think I had trouble getting that > one to work. > > You can create a “drupal” app, which just has an __init__.py and this file as > hashers.py > > You will want to add “drupal” as one of your apps, then also define the > following in your settings.py: > > PASSWORD_HASHERS = ( > 'django.contrib.auth.hashers.PBKDF2PasswordHasher', > 'drupal.hashers.DrupalPasswordHasher', > 'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher', > 'django.contrib.auth.hashers.BCryptPasswordHasher', > ) > > Since you are starting fresh, you can include only the recommended best > password hasher from Django plus the drupal hasher. And if you prefer you > could fold the hashers.py file into another existing app in your project. > > Also, the structure of your project may be a bit different from mine since > the recommended Django layout has changed a bit over the last few versions. > > hth, and enjoy getting the heck away from Drupal hell… > > - Tom > > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To post to this group, send email to django-users@googlegroups.com. > Visit this group at http://groups.google.com/group/django-users. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/aa905c13-b9b1-42ba-b0c2-4127d079a8c3%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. Please consider the environment before printing this message. This message may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this message or the information it contains by other than an intended recipient is unauthorized. If you received this message in error, please immediately advise me by return e-mail or phone. All information, references, images, programs, source code, or other materials whatsoever contained in, or supplied with, this document are TRADE SECRETS and governed by the Uniform Trade Secrets Act. User assumes all direct and consequential liabilities and costs that result from any unauthorized disclosure or use of this information. -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/9ED49D4D-2ED9-4EB3-8A31-911599E7A368%40gmail.com. For more options, visit https://groups.google.com/d/optout.
