Reputation: 474
Django:How password store in django auth_user table
I am customizing the django user module and adding some extra fields
my model is looking like
class Drinker(models.Model):
user = models.OneToOneField(User)
birthday = models.DateField()
name = models.CharField(max_length = 100)
def __unicode__(self):
return self.name
And here is my register view
def DrinkerRegistration(request):
if request.user.is_authenticated():
return HttpResponseRedirect('/profile/')
if request.method == "POST":
form = RegistrationForm(request.POST)
if form.is_valid():
user = User.objects.create(username = form.cleaned_data['username'],email = form.cleaned_data['email'],password = form.cleaned_data['password'])
user.save()
drinker = Drinker(name = form.cleaned_data['name'],birthday = form.cleaned_data['birthday'],user=user)
drinker.save()
return HttpResponseRedirect('/profile/')
else:
form = RegistrationForm()
context = {'form':form}
return render_to_response('register.html',context,context_instance = RequestContext(request))
Now my question is when the user is registering in my auth_user table the password is storing in plan text i.e causing
Unknown password hashing algorithm '123'. Did you specify it in the PASSWORD_HASHERS setting?
error at the time of login
but for superusers passwords are in SHA1 format (i am not sure ) in auth_user table and they are able to login
please suggest me how to hash the password field here?
Upvotes: 4
Views: 3907
Answers (3)
Reputation: 174690
You need to use the create_user() helper function, which will set the password correctly.
Upvotes: 0
Reputation: 55283
You should let User.set_password hash the password and store it in the appropriate format, or use the appropriate manager function as mentioned in the other answer.
Basically you never asked Django to hash the password and tried to put the plain text in your database. In doing so, the format (hasher salt hashed_pass) that Django expected was not met hence the error.
Better yet, those parts of your app are best done using reusable apps such as Django Registration.
You can then use signals to create the Drinker profile after an user registers (is created).
Upvotes: 0
Reputation:
Do not use User.objects.create(), use User.objects.create_user() - it will hash provided password using correct algorithm.
Upvotes: 5
Related Questions
- How to store Django hashed password without the User object?
- How to set password to user in database directly?
- how does django handle password in form
- Django doesn't store password field in User model
- What is the format in which Django passwords are stored in the database?
- Auth_User v/s User table in Django
- Securely store password hash django
- How does django knows what the password is in create_user() function
- storage of password in django and rainbow tables
- How to find the password stored in django.contrib.auth.models.User