Django authenticate does not register a user

Question

Somehow, I have a user in my data base from the django.contrib.auth.models model which isn't being authenticated.

So we have, in the ./manage.py shell:

>>> django.contrib.auth.models.User.objects.filter(username='tester')[0].password

u'yolo'

>>> django.contrib.auth.models.User.objects.filter(username='tester')[0].username

u'tester' 

but:

>>> should_be_tester = django.contrib.auth.authenticate(username='tester',password='yolo')

returns nothing. Is there something that needs to be done to the users before django will authenticate them? I think I created these using objects.create() .

Answer 1

It looks as though your password is stored as clear text in the database. Try using the set_password method so that the password is run through the proper hashing algorithm.

When you call the authenticate method Django is running yolo through a hashing algorithm which produces a password that looks something like so: jRQarGxWd7ZV$+npDSC0ffIXAOUo/R5KSaPFbauQdTV5eAOmkq1P/p/Y= and then comparing the hashed value to what is stored in the database, in your case a plain text version of yolo . Since you are storing the password in plain text the values don't match and None is returned.

>>> from django.contrib.auth.models import User
>>> from django.contrib.auth import authenticate

>>> u = User.objects.get(username='tester')
>>> u.set_password('yolo')
>>> u.save()

>>> should_be_tester = authenticate(username='tester', password='yolo')
>>> print(should_be_tester)
tester

Additional note. When you are wanting to retrieve one and only one record from the database use the .get() method instead of .filter()[0] .