BrianCas BrianCas - 6 months ago 36
Python Question

Django - how to save my hashed password

I'm trying to save my hashed password in my database, but It keeps saving my plaintext password

Models:

class StudentRegistration(models.Model):
email = models.EmailField(max_length=50)
first_name = models.CharField(max_length=20)
last_name = models.CharField(max_length=20)
password = models.CharField(max_length=100, default="", null=False)
prom_code = models.CharField(max_length=8, default="", null=False)
gender = (
("M","Male"),
("F","Female"),
)
gender = models.CharField(max_length=1, choices=gender, default="M", null=False)
prom_name = models.CharField(max_length=20, default="N/A")
prom_year = models.IntegerField(max_length=4, default=1900)
school = models.CharField(max_length=50, default="N/A")



def save(self):
try:
Myobj = Space.objects.get(prom_code = self.prom_code)
self.prom_name = Myobj.prom_name
self.prom_year = Myobj.prom_year
self.school = Myobj.school_name

super(StudentRegistration, self).save()

except Space.DoesNotExist:
print("Error")


Views:

def register_user(request):
args = {}
if request.method == 'POST':
form = MyRegistrationForm(request.POST) # create form object
if form.is_valid():
clearPassNoHash = form.cleaned_data['password']
form.password = make_password(clearPassNoHash, None, 'md5')
form.save()
form = MyRegistrationForm()
print ('se salvo')
else:
print ('Error en el form')
else:
form = MyRegistrationForm()


args['form'] = form #MyRegistrationForm()

return render(request, 'register/register.html', args)


I've printed the hashed result so I know it is hashing but not saving that.

Am I using the make_password wrong? or is there any better way to protect my passwords?

--------------------------UPDATE:(The Solution)----------------------------

Remember In settings.py:

#The Hasher you are using
PASSWORD_HASHERS = (
'django.contrib.auth.hashers.MD5PasswordHasher',
)


Models.py:

#Import and add the AbstractBaseUser in your model

class StudentRegistration(AbstractBaseUser, models.Model):


Views.py:

if form.is_valid():
user = form.save(commit=False)
clearPassNoHash = form.cleaned_data['password']
varhash = make_password(clearPassNoHash, None, 'md5')
user.set_password(varhash)
user.save()

Answer

Use Django set_password in the documentation

https://docs.djangoproject.com/en/1.9/ref/contrib/auth/

You also need to get your model object from the form using form.save(commit=False)

if form.is_valid():
    # get model object data from form here
    user = form.save(commit=False)

    # Cleaned(normalized) data
    username = form.cleaned_data['username']
    password = form.cleaned_data['password']

    #  Use set_password here
    user.set_password(password)
    user.save()