**Iam using the built-in django view to reset password so my Question is how can i validate the password to make it have 1 capital letter and 1 symbol at least??
Related
I have a registration test that creates one account but I want to add a loop to this so that if will run 5 times in a row entering different usernames and email address, I already have the usernames I want to use stored in a seperate python file. Any ideas on how to do this?
Welcome to SO. There are different approaches but below is the simple approach.
Store all the required details in the list and then iterate.
users = [['user1','pass1'],['user2','pass2'],['user3','pass3'],['user5','pass5'],['user5','pass5']]
for user in users:
# get user name and use in registration
userName = user[0]
# get password and use in registration
passWord = user[1]
print (userName + ":" + passWord)
I am using the following code
email = validated_data["login"]
password = validated_data["password"]
user_obj = User.objects.filter(Q(email__exact=email) & Q(password__exact=password))
I changed the password from admin however no user is returned. However if I remove the password check then I get a user object back.The object that I get back if I remove the Q(password__exact=password) condition has _password field as None. This code has been working fine for a while but today it is not returning back the object. Am I missing something here ? I verified that I am receiving the correct username and password from the client.I also tried accessing the admin with that username and password (The account has staff status) and I was able to log in. So the password is correct but for some reason I cant obtain that user by filtering. ? What might I be doing wrong ?
password isn't stored in plain text, but as a hash (and a little more). Get the user by username and check the password:
# assumes there can be only one
user = User.objects.get(email=email)
# this checks the plaintext password against the stored hash
correct = user.check_password(password)
BTW, you don't need Q objects for logical AND. filter(email__exact=email, password__exact=password) would suffice, even though it doesn't make much sense, in this case.
it is because Django doesn't stores password as the simple text they are hashed, you cant perform a password__exact on that it will return none every time unless you are getting the same hash password = validated_data["password"] here
I have written a custom hasher for the passwords and it returns a hashed password length of 148. But Django seems to limit the length of the password in the SQL table to 128 by default. How do I change it?
The correct way would be to use a custom user model that overrides the password field:
https://docs.djangoproject.com/en/dev/topics/auth/customizing/#specifying-a-custom-user-model for details.
As an alternative workaround, you can use a third party applicaton called django-primate: https://github.com/aino/django-primate#alternative-password-hashing
We are using CF MX7 for one of our applications.
When we enter a set of characters to search for through the application CF throws out an error stating the below:
Element USER_NAME is undefined in URL.
The error occurred in D:\Inetpub\wwwroot\MISWEB\lci\userNavigator.cfm: line 2
1 : <CFSET login_id = #url.user_login#>
2 : <CFSET user_name = #url.user_name#>
3 : <CFSET user_id = #url.user_id#>
This is occurring when we enter a login ID to search for that has an # character in it 0952#2. so basically, i understood that the problem is with the login ID that we are entering, but we cannot ask the user to change his login ID. is there an alternate way to change the code in such a way that it accepts these values?
<CFSET login_id = #0952#2#>
hence the error is being thrown out at the second line where it is not accepting the username as it is not correct. Is there any way we can include the # present in the login ID provided inside the declaring #..# open and close # function?
Because the search form is performing a GET request, the form fields are added to the URL. The problems is the hashes (#) are being interpreted by the browser as an on-page location, so nothing after the first hash in the URL is even being sent to the server, which is why ColdFusion says it doesn't exist.
To overcome this, you'll need to encode the hashes before submitting the form. You can do this with JavaScript and the form's onsubmit handler.
escape(document.formName.user_name.value);
This will send the user_name in the URL in an encoded format (%230952%232%23), which you can then decode when you set it to user_name.
<cfset user_name = urlDecode(url.user_name)>
I create a user in my view.py using this simple code.
if not errors:
user = User.objects.create_user(username, email, password)
user.save()
Except for the validation, there is nothing that I do to the username and password values before creating the object.
But I find this in the User class in Django API. I don't know how to use the help text. If it is help text what does it print? How do I find the default values of algo, salt and hexdigest?
password = models.CharField(_('password'), max_length=128, help_text=_("Use '[algo]$[salt]$[hexdigest]' or use the change password form."))
"If it is help text what does it print?"
-> it prints exactly this: Use '[algo]$[salt]$[hexdigest]'
when you create a user, it will automatically call make_password(password[, salt, hashers])
which: Creates a hashed password in the format used by this application. It takes one mandatory argument: the password in plain-text. Optionally, you can provide a salt and a hashing algorithm to use, if you don't want to use the defaults (first entry of PASSWORD_HASHERS setting). Currently supported algorithms are: 'pbkdf2_sha256', 'pbkdf2_sha1', 'bcrypt' (see Using bcrypt with Django), 'sha1', 'md5', 'unsalted_md5'
are you facing any problems with this?
create_user will automatically generate password hash and it will create user in the database (thus you don't need that user.save())
See docs on creating users.
The help text is basicly just code for the message that shows up in the django admin, when editing a User object. It's meant to explain to someone looking at the edit form, why the password field has something like sha1$12345$1234567890abcdef1234567890abcdef12345678 instead of the password that was set for that user. The reason is, of course that the password is hashed for security, and that representation holds all the information required to verify a user-typed password later.
The admin user edit form has a special page for editing passwords. If you want to edit the users password in your code use the set_password method of the User object, the check_password method is for verifying a supplied password.
The documentation for make_password has more information about the algorithms Django uses and can use. The default for Django <1.3 was sha1, Django 1.4 changed the default to PBKDF2. The default value for salt is a random string (it's there so that two identical passwords don't look the same in the database). Hexdigest is the value of the password string and the salt string hashed with the hashing algorithm. You can read the details in the code on github.