{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 \"骚年 ilove 的问题《How to store Django hashed password without the Us》','https://www.manongdao.com/q-785903.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have a Django application that allows web visitors to create there own accounts. Once they create an account with a passwords, they should receive and email containing activation code. When a web-visitor creates a new account, they need to receive an activation email containing a unique key.
Obviously, I can do all this using Django's built-in authentication system. I've done it before without any problems. However, in this application, I don't want to pollute my Users table with inactive users. I only want activated users to appear in the Users table. So although I will use Django's account system for authenticating activated users, until they become activated, I'm rolling my own system. I'm keeping all the data about not-yet-activated users in a separate Django Model object (called UserActivation). And I will be managing the sending of the activation email myself.
The problem I'm having is that I don't want to store the user-submitted password in Plain text. I want to store it in my UserActivation object in a field called "password" in the same hashed-format it would appear in the User table. To put it into the user object, I would have done myUser.set_password("plainTextPassword"). How can I get this same value and stuff it into UserActivation.password?
From looking at this doc, it seems that there is a make_password() function that returns the value that I need. But I still need a User object to call that method. How can I conver "plainTextPassword" to hashed password without going through the User object?
You are on the right track. However you can manage the password manually using
Hasher configuration will be driven by PASSWORD_HASHERS which should be common for both the auth system and your UserActivation model. However you can pass it in
make_passwordmethod also.Hope this helps.
Read this link for more details: https://docs.djangoproject.com/en/dev/topics/auth/passwords/
The accepted answer was helpful to me - I just wanted to add the check_password call (for people like me, who haven't used this functionality before)