有关如何通过Django docs安装Bcrypt的一些非常好的文档,但它们实际上并没有向您展示如何使用Bcrypt来散列密码或使用其他命令.
你需要从某个地方导入Brcrypt吗?如果是这样,它的正确语法是什么?散列密码和将散列密码与非散列密码进行比较的语法是什么?
我在settings.py文件中安装了Bcrypted库,并通过pip安装了Bcrypt.使用Bcrypt还需要做什么?
解决方法
The password attribute of a User object is a string in this format:
<algorithm>$<iterations>$<salt>$<hash>
Those are the components used
for storing a User’s password,separated by the dollar-sign character
and consist of: the hashing algorithm,the number of algorithm
iterations (work factor),the random salt,and the resulting password
hash. The algorithm is one of a number of one-way hashing or password
storage algorithms Django can use; see below. Iterations describe the
number of times the algorithm is run over the hash. Salt is the random
seed used and the hash is the result of the one-way function.
I installed the Bcrypted library in the settings.py file…
What else do I need to do to use Bcrypt?
我不确定第一句话是什么意思.您需要在settings.py中添加以下内容:
PASSWORD_HASHERS = ( 'django.contrib.auth.hashers.BCryptSHA256PasswordHasher','django.contrib.auth.hashers.BCryptPasswordHasher','django.contrib.auth.hashers.PBKDF2PasswordHasher','django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher','django.contrib.auth.hashers.SHA1PasswordHasher','django.contrib.auth.hashers.MD5PasswordHasher','django.contrib.auth.hashers.CryptPasswordHasher',)
use Bcrypt to validate a password a user provides upon login against
the hashed version stored in the database.
您可以手动执行此操作:
The django.contrib.auth.hashers module provides a set of functions to
create and validate hashed password. You can use them independently
from the User model.check_password(password,encoded)
If you’d like to manually authenticate a user by comparing a plain-text password to the hashed
password in the database,use the convenience function
check_password(). It takes two arguments: the plain-text password to
check,and the full value of a user’s password field in the database
to check against,and returns True if they match,False otherwise.
https://docs.djangoproject.com/en/1.9/topics/auth/passwords/#module-django.contrib.auth.hashers
或者,您可以使用authenticate():
authenticate(**credentials)
To authenticate a given username and password,use authenticate(). It takes credentials in the form of
keyword arguments,for the default configuration this is username and
password,and it returns a User object if the password is valid for
the given username. If the password is invalid,authenticate() returns
None. Example:06001
https://docs.djangoproject.com/en/1.9/topics/auth/default/#authenticating-users
这里有些例子:
(django186p34)~/django_projects/dj1$python manage.py shell Python 3.4.3 (v3.4.3:9b73f1c3e601,Feb 23 2015,02:52:03) [GCC 4.2.1 (Apple Inc. build 5666) (dot 3)] on darwin Type "help","copyright","credits" or "license" for more information. (InteractiveConsole) >>> from django.conf import settings >>> print(settings.PASSWORD_HASHERS) ('django.contrib.auth.hashers.PBKDF2PasswordHasher','django.contrib.auth.hashers.BCryptSHA256PasswordHasher','django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher','django.contrib.auth.hashers.UnsaltedMD5PasswordHasher','django.contrib.auth.hashers.CryptPasswordHasher')
这些是默认值:我的settings.py中没有PASSWORD_HASHERS条目.
>>> from django.contrib.auth.models import User >>> my_user = User.objects.create_user('ea87','ea@gmail.com','666monkeysAndDogs777') >>> my_user.save() >>> my_user.password 'pbkdf2_sha256$20000$L7uq6goI1HIl$RYqywMgPywhhku/YqIxWKbpxODBeczfLm5zthHjNSSk=' >>> my_user.username 'ea87' >>> from django.contrib.auth import authenticate >>> authenticate(username='ea87',password='666monkeysAndDogs777') <User: ea87> >>> print(authenticate(username='ea87',password='wrong password')) None >>> from django.contrib.auth.hashers import check_password >>> check_password('666monkeysAndDogs777',my_user.password) True >>> exit()
PASSWORD_HASHERS = ( 'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',)
(django186p34)~/django_projects/dj1$python manage.py shell Python 3.4.3 (v3.4.3:9b73f1c3e601,"credits" or "license" for more information. (InteractiveConsole) >>> from django.conf import settings >>> print(settings.PASSWORD_HASHERS) ('django.contrib.auth.hashers.BCryptSHA256PasswordHasher','django.contrib.auth.hashers.CryptPasswordHasher')
注意元组前面的bcrypt哈希.
>>> from django.contrib.auth.models import User >>> user = User.objects.get(username='ea87') >>> user <User: ea87> >>> user.password 'pbkdf2_sha256$20000$DS20ZOCWTBFN$AFfzg3iC24Pkj5UtEu3O+J8KOVBQvaLVx43D0Wsr4PY=' >>> user.set_password('666monkeysAndDogs777') >>> user.password 'bcrypt_sha256$$2b$12$QeWvpi7hQ8cPQBF0LzD4C.89R81AV4PxK0kjVXG73fkLoQxYBundW'
您可以看到密码已更改为bcrypt版本.