Storing passwords in MySQL database in hashed form Django App

Question

I am working on a Django app and my django is using MySQL database which can be handled through django admin page (inbuilt).

Currently, I m creating users who can access the app by manually creating username and password in Django administration --> Authentication and Authorization --> users --> add. (that's what i want and hence my requirement is satidfied here.)

When i create user and add password through django admin, it gets hashed and no one can see the password in plain text.

Also, my django app consists of login through which user can authenticate and also it consists of model (Login) which records who has logged-in. But the problem here is that, when the user Logs-In the Login model stores the password in Plain text in Db (MySQL) and i want that the Login model should store the password in hashed form.

Note:- i have included ALL the hashers in settings.py

here's the code

Models.py

from django.db import models
from datetime import datetime
from django.contrib.auth.models import User

# Create your models here.


class LoginEvent(models.Model):

    user = models.ForeignKey(User, on_delete=models.CASCADE)
    date_and_time = models.DateField(auto_now_add=True)

    def __str__(self):
        return str(self.user) + ': ' + str(self.date)



class Login(models.Model):              #model that stores username and Password in MySQL database in plain text.

    username = models.CharField(max_length=50) 

    password = models.CharField(max_length=32, default="", null=False)  



    def __str__(self):                               
        return self.username                    

Views.py

from .models import Login
from datetime import datetime

# Create your views here.

def login_view(request):
    context = {}
    if request.method == "POST":
        username = request.POST.get('username')
        password = request.POST.get('password')
        authform_data = authForm (request.POST or None)

        user = authenticate(request, username=username, password=password)
        if user:
            login(request, user)
            authform_data.save()
            return HttpResponseRedirect(reverse('IP form'))
        else:
            messages.error(request,'Please provide valid credentials')
            return render (request,"first_app/login.html", context)

    else:
        return render (request,"first_app/login.html", context)

Settings.py

PASSWORD_HASHERS = [
    'django.contrib.auth.hashers.PBKDF2PasswordHasher',
    'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
    'django.contrib.auth.hashers.Argon2PasswordHasher',
    'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
    'django.contrib.auth.hashers.MD5PasswordHasher',    
]

thnx for the help. :-)

Answer 1

I figured it out.! Using django's Inbuilt User model as said by @Daniel Roseman, no upon login the user password gets Hashed. thx all for replying. :-)