Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Monkey-patching stronger hash support into Django
"""
from future import django_sha256_support
Monkey-patch SHA-256 support into Django's auth system. If Django ticket #5600
ever gets fixed, this can be removed.
"""
import hashlib
import random
import os
from django.contrib.auth import models as auth_models
from django.contrib.auth.backends import ModelBackend
def get_hexdigest(algorithm, salt, raw_password):
"""Generate SHA-256 hash."""
if algorithm == 'sha256':
return hashlib.sha256(salt + raw_password).hexdigest()
else:
return get_hexdigest_old(algorithm, salt, raw_password)
get_hexdigest_old = auth_models.get_hexdigest
auth_models.get_hexdigest = get_hexdigest
def set_password(self, raw_password):
"""Set SHA-256 password."""
algo = 'sha256'
salt = os.urandom(5).encode('hex') # Random, 10-digit (hex) salt.
hsh = get_hexdigest(algo, salt, raw_password)
self.password = '$'.join((algo, salt, hsh))
auth_models.User.set_password = set_password
class Sha256Backend(ModelBackend):
"""
Overriding the Django model backend without changes ensures our
monkeypatching happens by the time we import auth.
"""
pass
AUTHENTICATION_BACKENDS = ('myapp.auth.Sha256Backend',)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment