Django - how to save my hashed password

python django hash django-views password-protection

15,283

Use Django set_password in the documentation

https://docs.djangoproject.com/en/1.9/ref/contrib/auth/

You also need to get your model object from the form using form.save(commit=False)

if form.is_valid():
    # get model object data from form here
    user = form.save(commit=False)

    # Cleaned(normalized) data
    username = form.cleaned_data['username']
    password = form.cleaned_data['password']

    #  Use set_password here
    user.set_password(password)
    user.save()

15,283

Author by

BrianCas

Updated on June 04, 2022

Comments

BrianCas about 2 years

I'm trying to save my hashed password in my database, but It keeps saving my plaintext password

Models:

class StudentRegistration(models.Model):
    email = models.EmailField(max_length=50)
    first_name = models.CharField(max_length=20)
    last_name = models.CharField(max_length=20)
    password = models.CharField(max_length=100, default="", null=False)
    prom_code = models.CharField(max_length=8, default="", null=False)
    gender = (
    ("M","Male"),
    ("F","Female"),
    )
    gender = models.CharField(max_length=1, choices=gender, default="M",    null=False)
    prom_name = models.CharField(max_length=20, default="N/A")
    prom_year = models.IntegerField(max_length=4, default=1900)
    school = models.CharField(max_length=50, default="N/A")



    def save(self):
         try:
            Myobj = Space.objects.get(prom_code = self.prom_code)
            self.prom_name = Myobj.prom_name
            self.prom_year = Myobj.prom_year
            self.school = Myobj.school_name

            super(StudentRegistration, self).save()

        except Space.DoesNotExist:
            print("Error")

Views:

def register_user(request):
    args = {}
    if request.method == 'POST':
        form = MyRegistrationForm(request.POST)     # create form object
        if form.is_valid():
            clearPassNoHash = form.cleaned_data['password']
            form.password = make_password(clearPassNoHash, None, 'md5')
            form.save()
            form = MyRegistrationForm()
            print ('se salvo')
        else:
            print ('Error en el form')
    else:
        form = MyRegistrationForm()


    args['form'] = form #MyRegistrationForm()

    return render(request, 'register/register.html', args)

I've printed the hashed result so I know it is hashing but not saving that.

Am I using the make_password wrong? or is there any better way to protect my passwords?

--------------------------UPDATE:(The Solution)----------------------------

Remember In settings.py:

#The Hasher you are using
PASSWORD_HASHERS = (
    'django.contrib.auth.hashers.MD5PasswordHasher',
)

Models.py:

#Import and add the AbstractBaseUser in your model

class StudentRegistration(AbstractBaseUser, models.Model):

Views.py:

if form.is_valid():
    user = form.save(commit=False)
    clearPassNoHash = form.cleaned_data['password']
    varhash = make_password(clearPassNoHash, None, 'md5')
    user.set_password(varhash)
    user.save()

BrianCas about 8 years

It keeps saving the plaintext password, but I can see the results in my cmd
BrianCas about 8 years

To use set_password(), Wouldn't I need to change all my model? using the AbstractBaseUser (Custom Auth model) to use this method?
nastyn8 about 8 years

No, you shouldn't have to change your model.
BrianCas about 8 years

It throws me this error: 'MyRegistrationForm' object has no attribute 'set_password'
nastyn8 about 8 years

Did you get the model object data from the form using user = form.save(commit=False). After you do that then you can call user.set_password(password)
BrianCas about 8 years

my user = form.save(commit=False) is making reference to my forms.py but not directly to my Model, so now that I add user = form.save(commit=False), It throws me this error: 'StudentRegistration' (my model) object has no attribute 'set_password' , Sorry for all these questions, I'm new with Django
Daniel van Flymen about 8 years

My answer above is correct. Don't set form.password, set form.cleaned_data["password"]
BrianCas about 8 years

Again, It keeps saving the plaintext password, perhaps we are missing something
nastyn8 about 8 years

To use .set_password your User model must inherit from django.contrib.auth.models.AbstractBaseUser: "class StudentRegistration(models.Model, AbstractBaseUser):" Have you tried reading the docs on customizing authentication? docs.djangoproject.com/en/1.9/topics/auth/customizing
BrianCas about 8 years

I read about the customizing authentication when I was trying to extend my User, but then I just ended creating a new model for another type of user that was really different from the AdminUsers
BrianCas about 8 years

Thank you very much, I've save my Hashed password, I just needed to change the declaration order: StudentRegistration(AbstractBaseUser, models.Model):
Daniel van Flymen about 8 years

I've modified your code above, and verified it, it definitely works. If something is still wrong it is probably because of your imports.