setting user passwords in admin

A rather ugly - but still useful - monkeypatch:

# monkey-patch for auth.users
from django.models.auth import User

def user_pre_save(self):
    if not self.password.startswith('sha1$'):
        self.set_password(self.password)

User._pre_save = user_pre_save

Put this into your model file (or somewhere else that is loaded early on) and you will be able to set passwords in the admin by entering clear text passwords. If the password starts with 'sha1$', it is seen as already encrypted and nothing happens. If it doesn't start with that string, it is converted using the standard Django function for password encryption.

No, this isn't something that should go into core - it's far too ugly for that. But at least it allows you to set passwords through the admin, without requiring the user to calculate the actual password hash.

tags: Django, Programmierung

Brett Hoerner Dec. 12, 2005, 9:37 p.m.

Should you check for startswith('md5$') also? I forget how the password change went over, but I thought old (md5) passwords would still work correctly... so if you view a user page who had an old password, and then save, you'll set their password to a very messy 'md5$etcetcetc' without knowing it.

Just a thought, this is obviously moot to any new projects, etc.

hugo Dec. 12, 2005, 10:59 p.m.

Old passwords don't carry an algorithm designator, so you can't really recognize them. So yes, this patch will only work with new passwords, not with the old pure-md5-hash passwords.

Keith Veleba Dec. 14, 2005, 9:25 p.m.

Is this for what's in SVN, not in 0.9? This patch doesn't seem to work for me on the released version.

hugo Dec. 15, 2005, 12:27 a.m.

That's possible, yes - I only run trunk.