Django版本:

1
2
3
4
5

In [14]: import django

In [15]: django.get_version()
Out[15]: '1.11.13'

导入包:

1
2
python manage.py shell
from django.contrib.auth.hashers import make_password, check_password

查看make_password并生成密码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
help(make_password)

Help on function make_password in module django.contrib.auth.hashers:
make_password(password, salt=None, hasher=u'default')
Turn a plain-text password into a hash for database storage

Same as encode() but generates a new random salt.
If password is None then a concatenation of
UNUSABLE_PASSWORD_PREFIX and a random string will be returned
which disallows logins. Additional random string reduces chances
of gaining access to staff or superuser accounts.
See ticket #20079 for more info

###生成密码
In [4]: make_password("123456", None, 'pbkdf2_sha256')
Out[4]: u'pbkdf2_sha256$36000$h0yUI3WVw7x5$NOOndKMq9Y+FQ3pu9nALNoJFIqdbfTez0FJ6tgNl5AU='

check_password校验密码:

1
2
3
4
5
6
7
8
9
10
11
12
help(check_password)

Help on function check_password in module django.contrib.auth.hashers:
check_password(password, encoded, setter=None, preferred=u'default')
Returns a boolean of whether the raw password matches the three
part encoded digest.

If setter is specified, it'll be called when you need to
regenerate the password.

In [6]: check_password("123456","pbkdf2_sha256$36000$h0yUI3WVw7x5$NOOndKMq9Y+FQ3pu9nALNoJFIqdbfTez0FJ6tgNl5AU=")
Out[6]: True

附官方源码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
def check_password(password, encoded, setter=None, preferred='default'):
"""
Returns a boolean of whether the raw password matches the three
part encoded digest.

If setter is specified, it'll be called when you need to
regenerate the password.
"""
if password is None or not is_password_usable(encoded):
return False

preferred = get_hasher(preferred)
hasher = identify_hasher(encoded)

hasher_changed = hasher.algorithm != preferred.algorithm
must_update = hasher_changed or preferred.must_update(encoded)
is_correct = hasher.verify(password, encoded)

# If the hasher didn't change (we don't protect against enumeration if it
# does) and the password should get updated, try to close the timing gap
# between the work factor of the current encoded password and the default
# work factor.
if not is_correct and not hasher_changed and must_update:
hasher.harden_runtime(password, encoded)

if setter and is_correct and must_update:
setter(password)
return is_correct


def make_password(password, salt=None, hasher='default'):
"""
Turn a plain-text password into a hash for database storage

Same as encode() but generates a new random salt.
If password is None then a concatenation of
UNUSABLE_PASSWORD_PREFIX and a random string will be returned
which disallows logins. Additional random string reduces chances
of gaining access to staff or superuser accounts.
See ticket #20079 for more info.
"""
if password is None:
return UNUSABLE_PASSWORD_PREFIX + get_random_string(UNUSABLE_PASSWORD_SUFFIX_LENGTH)
hasher = get_hasher(hasher)

if not salt:
salt = hasher.salt()

return hasher.encode(password, salt)

Comments

2018-06-02