On Wed, May 18, 2016 at 12:08 AM, Arun S <[email protected]> wrote: > Hi , > > I have a small issue with the Validation of Passwords in the Change > Password Page. > > Due to certain different requirements, i have written my own Custom Forms > for Change Password. > > Now in this, I would want to first Validate the Old Password Field with > the Current Users Password. > > The Problem i am facing here is that the OldPassword Field provides me a > Password in Raw String Format. > But the user.password returns a Hashed Output of the Users Password > > And for obvious Reasons, the Validation fails between OldPassword and the > User.Password. > > In many forums i checked that the Reverse way to get the Passed from the > Hashed Values is not possible. > So my only way to do this validation is through Encrypting the OldPassword > and then Comparing the Hash. > But i am not sure how to do that. >
Note that you are hashing the raw password, not encrypting it. Hashes are not reversible by design. > > Can some one please tell me how is this possible to achieve and what are > the Apis that i can use to get the Password to be compared. > If your form has access to the username, I would recommend writing a custom validator or clean() method for one of your password fields: https://docs.djangoproject.com/en/1.9/ref/forms/fields/#validators https://docs.djangoproject.com/en/1.9/ref/forms/validation/#cleaning-a-specific-field-attribute If you don't have access to the username (just the user ID in the DB), it may be easier to run the validation in the view itself since you'll have access to request.user to pass along to authenticate(). The form itself (and therefore none of the clean() or validation functions) do not have access to the request where the user object is stored. That's of course assuming that you are changing the password of the logged-in user. You can then use the authenticate() method with the existing password in your custom validation function to see if the provided password is the same one the user is currently using. https://docs.djangoproject.com/en/1.9/topics/auth/default/#django.contrib.auth.authenticate -James -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CA%2Be%2BciVmMt4ZfoobneUpRmW4vwoj3W3F8J%3DZwNOBbAEm34m0nA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
