django, entering a hashed password in registration and storing it as such

Question

I am working on openedx(works on django) and i need to create an api to register the user coming from a particular site, i am being given a hashed password not a normal one and i need to save it as so.

The problem here is that the openedx's registration function hashes the password that is being passed into it.

so is there a way in django to store a password/register a user without hashing the password.

Should i go for updating the user's credentials directly using

raw()

any help would be appreciated, thanks.

FYI, it's good practice to either flag an answer as correct, or to give further details on what did not work with the proposed answers. — Régis B., Jul 20 '16 at 07:58

score 1 · Answer 1 · answered Jun 30 '16 at 13:08

I would suggest to override method set set_password in user_model.

class MyUser(AbstractBaseUser):
    # if you need to hash passwords for some users.
    is_password_hashed = models.BooleanField(default=True)
    ...

    def set_password(self, raw_password):
        if self.is_password_hashed:
            super(MyUser, self).set_password(raw_password)
        else:
            self.password = raw_password

If you want to store only non-hashed passwords:

class MyUser(AbstractBaseUser):
    ...

    def set_password(self, raw_password):
        self.password = raw_password

Or even override default user model set_password method.

score 1 · Answer 2 · answered Jul 04 '16 at 07:19

1

It's as simple as:

from django.contrib.auth.models import User
User.objects.filter(username="myuser").update(password=hashed_password)

(remember passwords are stored as hashed values in the database)

answered Jul 04 '16 at 07:19

Régis B.

10,092
6
54
90

score 0 · Answer 3 · answered Aug 03 '16 at 22:15

0

The Open edX manage_user management command was recently updated to support this use case when creating a new user.

Example:

./manage.py lms --settings=devstack manage_user jane jane@example.com --initial-password-hash 'pbkdf2_sha256$20000$mRxYkenyBiH6$yIk8aZYmWisW2voX5qP+cAr+i7R/IrZoohGsRK2fy4E='

However, that command requires a very recent version of Open edX and it will not have any effect if the user account already exists.

As an alternative, you could set up SSO between the external app and Open edX using OAuth2, in which case there's no need for Open edX to store any password at all.

answered Aug 03 '16 at 22:15

bradenm

2,150
1
17
10

Hey, thanks for the answer.. can you point me on some material regarding sso between openedx and some application? – Taranjeet Singh Aug 04 '16 at 10:23
There is some documentation at http://edx.readthedocs.io/projects/edx-installing-configuring-and-running/en/latest/configuration/tpa/ though it's currently missing OAuth2 details, which is the easiest approach. Essentially, you need to Enable the Third Party Authentication Feature (see docs), then go to the django admin, and use the OAuth2 provider settings area of django admin to configure OAuth2. – bradenm Aug 04 '16 at 19:39

django, entering a hashed password in registration and storing it as such

3 Answers3