I want to update some fields of auth_user table in django. Actually i am migrating some users from one website to another so i want to update the password field in auth_user table.But when i am using the update query it gives me some errors
some things which i have tried
values=User.objects.get(username=request.POST['username'])
values.password=request.POST['password']
values.password.save()
it gives the error of 'unicode' object has no attribute 'save
and if i tried this one
values=User.objects.get(username=request.POST['username']).update(password=request.POST['password'])
then the error is 'User' object has no attribute 'update'
actually i do not want to send emails to users to update their password and redirect them to forgot password page.
But whenever user try to login to site and if his password do not match but he typed the password correctly but due to migration his password do not work in django then the password he enters must be updated in auth_user table(encrypted password).
In between i have ensure that this user is the authenticate user of previous site.
So please suggest me some way so that i can update his password in auth_user table.
Passwords in django are stored as sha256 hashes, so setting
user.password = 'new password'
is not a good idea. Fortunately django has methods that would take care of hashing your password. Second thing:
values.password.save()
Here you are trying to execute save() method on password object which is a string, not a user object. values.save() would be better, but still not correct. What you want to do is this:
values.set_password('new password') # Takes care of hashing
values.save()
More on the topic in django documentation
(On behalf of OP)
I used this and the problem is solved
u = User.objects.get(username__exact='john')
u.set_password('new password')
u.save()
Related
I am trying to create users in the django django.contrib.auth.models.User model but when I use a username which already exists in the database it will give me an error like:
{username: ["A user with that username already exists."]}
as an http response
How can I disable this in django so I can have many users with the same username
Thanks all.
I have a login form. Also I have a huge database. One of the tables in DB is 'zusers', where stores information about users: username, password, 'telefon' and some other columns. I learned about user = auth.authenticate(username = 'John', password = 'pass'). And the question: wheredoes this function check if such user exists or no? And how to do it so that this function check for users in my DB table 'zusers'?
You will need to create a custom authentication backend in Django for your exisiting users. You can read more at the Django Docs: https://docs.djangoproject.com/en/dev/topics/auth/customizing/
You should not need to manual check auth.authenticate but just swap out the backend.
You can also substitute a completely customised model for your Django user to support telefon and the other columns you have https://docs.djangoproject.com/en/dev/howto/custom-model-fields/
I am not going to post any example code as you haven't provided any yourself and the Django links above very clearly show you how to achieve this.
I need to reset the admin password in a Sitecore 5.3 installation - any ideas how i can do this? Currently i have no access to the backend, as the password has been changed, but no one remembers to what.
There is no info in the security db that can not be overwritten, so any options are open. I have direct access to the database (SQL).
I don't have an instance of 5.3 running so I don't know if this will fully work for 5.3 but here's my suggestion.
One thing you could try is copying the values of the Passowrd and PasswordSalt field of the aspnet_Membership table in the Core database for a user whose password you know and pasting those values into the respective fields for the admin user.
The aspnet_Membership table stores only the ID of the admin user. To get the ID of your admin user you need to query the aspnet_Users table for username admin. Get the ID of the admin user in the aspnet_Users table, then query the aspnet_Membership table for that ID, update the Password and PasswordSalt fields with the values from another user whose password you know and try logging in again with that user's password.
To reset the 'admin' password and change it to 'b'. It is very simple just execute the provided SQL script on the core database:
UPDATE [aspnet_Membership] SET Password='qOvF8m8F2IcWMvfOBjJYHmfLABc='
WHERE UserId IN (SELECT UserId FROM [aspnet_Users] WHERE UserName = 'sitecore\Admin')
WARNING (Sitecore 6.x)!
After executing following script (thanks to Harsh Baid)
UPDATE [aspnet_Membership] SET Password='qOvF8m8F2IcWMvfOBjJYHmfLABc='
WHERE UserId IN (SELECT UserId FROM [aspnet_Users] WHERE UserName = 'sitecore\Admin')
don't forget to execute the similar script for salt:
UPDATE [aspnet_Membership] SET PasswordSalt='OM5gu45RQuJ76itRvkSPFw=='
WHERE UserId IN (SELECT UserId FROM [aspnet_Users] WHERE UserName = 'sitecore\Admin')
And for user approve
UPDATE [aspnet_Membership] SET IsApproved=1
WHERE UserId IN (SELECT UserId FROM [aspnet_Users] WHERE UserName = 'sitecore\Admin')
I wrote an script to import user information from my old site database to my new django database. I should be able to import theses fields: user, email and password.
All passwords users on my old database are hashed with "md5". So... I should get this "md5" hashed password and save as they are on my auth_user database. However, I dont know how to do it without hash it again....
How can I do that?
If I do...
u = User.objects.create_user(user_name,email)
u.set_password(old_pass)
u.save()
the password is hashed again... How can I save a "pure" password?
Just directly set the password attribute.
u.password = old_pass
The set_password function is intended as a helper to use because u.password = 'some_pass' will just store the password directly in human-readable form -- it doesn't apply here since you already have the hashed password.
Okay, this one is pretty obvious to everyone who use Django and frequently asked by newbies, but I'd like to make it clear and discuss if there are any other ways to do it. The most widespread and convenient approach now is to store email in username field as Django 1.2 allows "#", "_" and "-" characters, but this way has following issues:
The worst one: username field is restricted by max_length=30 property, which is ridiculously small for emails. Even if you override form validation, DB will have varchar(30) instead of EmailField's varchar(75) unless you alter your table manually.
You need to store your email data both in username and email field to make User.email_user() working. I think there are some other places when User.email is used.
Code readability fail. Sure, other djangonauts know about this pitfall, but treating field called 'username' (especially when there is still email field) as email obviously makes your code less understandable.
The other approach could be authentication using email field by passing it to your auth backend like so, but it still has problems:
authenticate(self, email=None, password=None)
User.email doesn't have unique=True property, which means that your DB won't have index, making your lookups by email slow like hell.
You have to deal with username field, which has unique=True, by completely removing it from your table or altering it to allow NULL and removing index.
Resuming, both ways are evil and require DB-specific code to be executed after syncdb, which is unacceptable if you need DB-independent application.
I've packaged up django-email-as-username which should pretty much do everything you need if you're looking to remove usernames, and only use emails.
The brief overview is:
Provides an email auth backend and helper functions for creating users.
Patches the Django admin to handle email based user authentication.
Overides the createsuperuser command to create users with email only.
Treats email authentication as case-insensitive.
Under the hood usernames are hashed versions of the emails, which ends up meaning we're not limited to the Django's username 30 char limit (Just the regular email 75 char limit.)
Edit: As of Django 1.5, you should look into using a custom User model instead of the 'django-email-as-username' package.
David Cramer came up with a solution to this problem that I love. I'm currently using it on a production site where the user has to be able to log in using their email OR their username. You can find it here:
Logging In With Email Addresses in Django
If the login name provided on the form is an email (contains the '#' symbol), it will attempt to authenticate with that, and will fall back on the username if it isn't an email. (Naturally, you just need to make sure your registration form captures an email for this work.)
Well, I haven't had to use emails as usernames in Django but I guess You could create a UserProfile model and aggregate fields to it, like another email field and make it unique. So you could do user.get_profile().email for your authentication.
I guess other way to go would be to inherit User and redefine the fields, but I think this still not recommended by Django developers.
Finally you could define your own custom User model and back on the django.contrib.auth.models.User for some logic.
Code to alter User table within Django:
from django.db import connection
cursor = connection.cursor()
cursor.execute("ALTER TABLE auth_user MODIFY COLUMN username varchar(75) NOT NULL")