All of your comments prompted me to start reverse engineering what
django does and I came across the check_password method which just
separates the algorithm, salt and hash and then sends it to the
following method to compare the raw password to the hash password. So
basically, in Ruby, I can do the same thing using a similar library
and all will be good - I think. Does that sound reasonable?
Greg
def get_hexdigest(algorithm, salt, raw_password):
"""
Returns a string of the hexdigest of the given plaintext password
and salt
using the given algorithm ('md5', 'sha1' or 'crypt').
"""
raw_password, salt = smart_str(raw_password), smart_str(salt)
if algorithm == 'crypt':
try:
import crypt
except ImportError:
raise ValueError('"crypt" password algorithm not supported
in this environment')
return crypt.crypt(raw_password, salt)
if algorithm == 'md5':
return md5_constructor(salt + raw_password).hexdigest()
elif algorithm == 'sha1':
return sha_constructor(salt + raw_password).hexdigest()
raise ValueError("Got unknown password algorithm type in
password.")
On Feb 18, 8:35 am, Alex Robbins <alexander.j.robb...@gmail.com>
wrote:
> You could have a secure url that the RoR apps redirect to if the user
> isn't authenticated with Rails. That url would have the login_required
> decorator. If they successfully login on the django side (or are
> already logged in), then they get redirected with some sort of get
> variable user id + hash combo. You could check the validity of the
> user id from the hash (using a shared secret).
>
> Alex
>
> On Feb 17, 4:09 pm, geraldcor <gregco...@gmail.com> wrote:
>
> > Hello all,
>
> > Internally, we have some RoR apps and Django apps. Our main website
> > runs on Django and is considered to be the main portal for all other
> > apps. Currently, we have a Rails authentication system and a Django
> > authentication system. We want to have one user table to authorize
> > against.
>
> > The only problem I see is that the password stored in auth_user is
> > salted and hashed and impossible to get at because the salt is not
> > saved. How can I use the django auth_user inRubyOn Rails?
>
> > I have found this:http://docs.djangoproject.com/en/dev/howto/apache-auth/
> > but I don't know if that will work on therubyserver. Both ror and
> > django applications that we want to authenticate are on the same
> > server and use the same db (except our main website which is on
> > webfaction - but that's a different story I will tackle later -
> > possibly replication?).
>
> > So, anyone know how to a) access the raw string from auth_user or b)
> > set upruby(or other language and extrapolate) to properly interpret
> > the password hash?
>
> > Thanks for listening.
>
> > Greg
>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
