This is the hashers django currently supports:
https://docs.djangoproject.com/en/2.0/topics/auth/passwords/#included-hashers
The case Marco has I think is unsalted md5.
We need to figure out what's the best way to do this.
Django stores the passwords in a way that the hashing algorithm is
automatically understood, for example:
>>> u = User.objects.last()
>>> u.password
'pbkdf2_sha256$100000$mCxeZktfubPL$DKcpEYXK8dwW7qfGhrJOz0dxxsUryHcWyGi+Pj9u404='
Which indicates the password is hashed using the algorithm pbkdf2_sha256,
which according to the django docs, is
"django.contrib.auth.hashers.PBKDF2PasswordHasher"
This other value:
sha1$bd921$0ede5c7ab710dbd0af60ca21nfa871a678184849
Is salted sha1 with no iterations, notice this string has only 3 blocks
(the previous one had 4: algorithm, iterations, salt, and hash).
Unsalted md5 therefore should be something like (please verify by doing
your own tests):
unsalted_md5$vRTDfhKNvXqofawrtJXNPA==
If I sum all this information up, the first and simplest solution that
comes into my mind is the following:
- the column dedicated to the password is optional, if not supplied
passwords will be generated automatically
- if the password column is present we have the following cases:
- passwords should be written as django expects them (eg: like one of
the previous password hashes I provided above), that means we should find
at least one dollar sign in them, this means the users will have
work a bit
more to generate a correct CSV, and we will do less work, which is ok for
now because we don't want to spend too much time on this, but it
also mean
the password must be saved as is, without further hashing
- if the password does not contain any dollar sign, the system will
assume it's a cleartext password and the password will be hashed with the
default django password hasher
Either of the cases in which the password is present should not be
complicated to implement, it's just a matter of calling the right user
model methods.
Create a test case for each of the previous points, but for the hashed
password case it would be better to create 3 tests, one for pbkdf2_sha256,
one for salted sha1 and one for unsalted md5.
Before working on this, please read this page entirely:
https://docs.djangoproject.com/en/2.0/topics/auth/passwords/
I created a github issue:
https://github.com/openwisp/django-freeradius/issues/115
Fed
--
You received this message because you are subscribed to the Google Groups
"OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
