how to retrieve password in django

Question

How do we retrieve a password of an user?

u = User.objects.get(username__exact=username)
print u.password

displays sha1$f0971$441cac8f604d49869e33ca125a76253a02fef64e

Is there a function to find the password from this encoded string?

Answer 1

There is no way you can get the existing password because that password is been converted to salt hash.

Answer 2

You can check if the password is correct with:

u.check_password("your password")

This method and u.set_password("you password") solves all of your problems.

sha1$f0971$441cac8f604d49869e33ca125a76253a02fef64e is:

hash function algorithm $ salt $ hash code

Answer 3

Due to security restrictions the password hash method is one way. You will need to reset that users password.

Try using the set_password(raw_password) method to give the user a new password. Remember to call the save() method to ensure you save the change to the database.

u = User.objects.get(username__exact=username)
u.set_password(raw_password)
u.save()

Answer 4

No, the field contains the salted hash of the password. from the string we know it's SHA1 function. If you have the password, you will be able to produce the same hash value which acts as the footprint. For security reason there should be now way to recover the password in a economical means (you can still brute force, but will take long time).,

Answer 5

no. and there shouldn't be. as part of the security, passwords are passed through a one-way function before they are saved, so that they aren't reveled if the database is compromised

what you can do is replace the user's password with one you know. this is how (good) site's "forgot your password" functions work: they send you a new random password, not your old one, since they (shouldn't) have access to it

Answer 6

No. It's impossible, by design. But there should never be a need to do it anyway.