Monkey-patching stronger hash support into Django
""" | |
from future import django_sha256_support | |
Monkey-patch SHA-256 support into Django's auth system. If Django ticket #5600 | |
ever gets fixed, this can be removed. | |
""" | |
import hashlib | |
import random | |
import os | |
from django.contrib.auth import models as auth_models | |
from django.contrib.auth.backends import ModelBackend | |
def get_hexdigest(algorithm, salt, raw_password): | |
"""Generate SHA-256 hash.""" | |
if algorithm == 'sha256': | |
return hashlib.sha256(salt + raw_password).hexdigest() | |
else: | |
return get_hexdigest_old(algorithm, salt, raw_password) | |
get_hexdigest_old = auth_models.get_hexdigest | |
auth_models.get_hexdigest = get_hexdigest | |
def set_password(self, raw_password): | |
"""Set SHA-256 password.""" | |
algo = 'sha256' | |
salt = os.urandom(5).encode('hex') # Random, 10-digit (hex) salt. | |
hsh = get_hexdigest(algo, salt, raw_password) | |
self.password = '$'.join((algo, salt, hsh)) | |
auth_models.User.set_password = set_password | |
class Sha256Backend(ModelBackend): | |
""" | |
Overriding the Django model backend without changes ensures our | |
monkeypatching happens by the time we import auth. | |
""" | |
pass |
AUTHENTICATION_BACKENDS = ('myapp.auth.Sha256Backend',) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment