Django：旧版（非auth_user）表的加密密码

Question

Django noob. Exported and imported tables from MySQL to PostgreSQL. The table for clients and customers is called users .

Trying to update the password for the test account to what Django uses for encryption using python manage.py shell . Tried the following which obviously wouldn't work because the hashing algorithm isn't being imported in:

from account.models import Users
user = Users.objects.filter(pk=2)
user.set_password('new_password')

Errors because there is no attribute 'set_password' .

Fine. Try what all the tutorials say:

from django.contrib.auth.models import User
User.objects.filter(pk=2)
Queryset []
User.objects.all()

Then it returns the only user in auth_user table.

So basically, how do I use Django's encryption against the legacy users table?

It appears that in Django clients and customer accounts go in auth_user table? I thought of that table as more for users who should have access to /admin and that clients/customers who use the app go in a different table.

EDIT 1:

The legacy table had the passwords stored with an admin defined salt (I believe Django uses a unique algorithm for each user or something like that so that is why I mention that the salt was the same for everyone) + user password that sent through the hashing algorithm (SHA256 I think). So not plain text.

I cleared out everyones passwords and was just going to make new ones. Since the old table used one hash and Django uses and entirely different one, I didn't want to mess with decrypting and re-encrypting under the Django hash. Just start from scratch.

Also, I would like to keep using the users table for clients/customers and keep the auth_user for users of /admin ... unless my thinking is wrong on this.

Answer 1

Well you haven't mentioned what your legacy table looks like, this answer assumes that it has the basic username, password and email fields. if you are storing passwords in plain text at the moment it can be hashed but if you are using some kind of third party solution, each user will have to reset his/her password.

import account.models import User as LegacyUser
import django.contrib.auth.models User

users = []
for u in LegacyUser.objects.all():
    new_user = User(username=u.user, email=u.email)
    new_user.set_password(u.password)
    users.append(new_user)

User.objects.bulk_create(users)

the above is if you want to salvage passwords, if you don't just do this:

INSERT INTO auth_user(username,password,email) SELECT username, password, email FROM account_user

in psql or pgadmin or whatever. This should be much faster.

Also, I would like to keep using the users table for clients/customers and keep the auth_user for users of /admin... unless my thinking is wrong on this.

Sorry to say your thinking is wrong on this. There is no need for two tables because the django.contrib.auth.User table has two fields is_staff and is_superuser specifically designed to deal with this situation.

Alternatively, you can ditch the django.contrib.auth.models.User model completely and use your user model as the default. See Specifying a custom user model having two models is just duplicating code and work and potentially introducing security problems