如何解决在新的Django上更改哈希密码的最佳方法是什么?
Bcryptpasswordhasher在Django2.1上已删除。
如何更改现有用户的密码?我应该切换到另一个哈希器,然后让用户更改密码吗?
另外,最好使用哪种哈希器?
Traceback (most recent call last):
File "/Users/naohide/.virtualenvs/django-project/lib/python3.7/site-packages/mock/mock.py",line 1305,in patched
return func(*args,**keywargs)
File "/Users/naohide/Workspace/python3/django-project/project/users/tests_api.py",line 673,in test_something
self.client.login(username='abc',password='aaaaaaaa')
File "/Users/naohide/.virtualenvs/django-project/lib/python3.7/site-packages/django/test/client.py",line 602,in login
user = authenticate(**credentials)
File "/Users/naohide/.virtualenvs/django-project/lib/python3.7/site-packages/django/contrib/auth/__init__.py",line 73,in authenticate
user = backend.authenticate(request,**credentials)
File "/Users/naohide/.virtualenvs/django-project/lib/python3.7/site-packages/django/contrib/auth/backends.py",line 26,in authenticate
if user.check_password(password) and self.user_can_authenticate(user):
File "/Users/naohide/.virtualenvs/django-project/lib/python3.7/site-packages/django/contrib/auth/base_user.py",line 111,in check_password
return check_password(raw_password,self.password,setter)
File "/Users/naohide/.virtualenvs/django-project/lib/python3.7/site-packages/django/contrib/auth/hashers.py",line 61,in check_password
setter(password)
File "/Users/naohide/.virtualenvs/django-project/lib/python3.7/site-packages/django/contrib/auth/base_user.py",line 107,in setter
self.set_password(raw_password)
File "/Users/naohide/.virtualenvs/django-project/lib/python3.7/site-packages/django/contrib/auth/base_user.py",line 98,in set_password
self.password = make_password(raw_password)
File "/Users/naohide/.virtualenvs/django-project/lib/python3.7/site-packages/django/contrib/auth/hashers.py",line 78,in make_password
return hasher.encode(password,salt)
File "/Users/naohide/.virtualenvs/django-project/lib/python3.7/site-packages/django/contrib/auth/hashers.py",line 417,in encode
return "%s$%s" % (self.algorithm,data.decode('ascii'))
AttributeError: 'str' object has no attribute 'decode'
解决方法
Bcryptpasswordhasher
并未从Django 2.1中删除。它已从默认密码哈希列表中删除。
如果您的数据库中仍然有使用BCryptPasswordHasher
的密码,则可以将其包含在PASSWORD_HASHERS
中,例如
PASSWORD_HASHERS = [
# Default list in 3.1 https://docs.djangoproject.com/en/3.1/ref/settings/#password-hashers
'django.contrib.auth.hashers.PBKDF2PasswordHasher','django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher','django.contrib.auth.hashers.Argon2PasswordHasher','django.contrib.auth.hashers.BCryptSHA256PasswordHasher',# Manually include BCryptPasswordHasher
'django.contrib.auth.hashers.BCryptPasswordHasher',]
然后,当这些用户登录时,他们的密码将升级为使用列表中的第一项。如果数据库中不再有BCryptPasswordHasher
哈希,则可以从列表中删除BCryptPasswordHasher
。
我找到了解决方法。
我使用的是py-bcrypt,但是我需要使用bcrypt
而且,对我来说都是固定的。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。