I would like to do something if the django user password has been set or update.
So i trigger signals.post_save with the User class, like this:

=========================================================================== ====

from django.db.models import signals
from django.dispatch import dispatcher

def update(sender, instance, signal, *args, **kwargs):

     user_obj = instance

     ...

     user_obj.message_set.create(message="Updated!")

dispatcher.connect(update, signal=signals.post_save, sender=User)

=========================================================================== ====

But my function 'update' is not only called if the user password changed.
The problem is, in the User model exists e.g. 'last_login'. So the save method
called every time, the user logged in :(

One idea is this:

=========================================================================== ====

old_passwords = {}
def save_old_pass(sender, instance, signal, *args, **kwargs):
     user_obj = instance
     old_pass = user_obj.password
     old_passwords[user_obj] = old_pass

def update(sender, instance, signal, *args, **kwargs):
     user_obj = instance
     new_password = user_obj.password

     if user_obj in old_passwords and old_passwords[user_obj] == new_password:
         # Nothing to change
         return

     ...

     user_obj.message_set.create(message="Updated!")

from django.db.models import signals
from django.dispatch import dispatcher

dispatcher.connect(save_old_pass, signal=signals.post_init, sender=User)
dispatcher.connect(update, signal=signals.post_save, sender=User)

=========================================================================== ====

This works, but save_old_pass() would be often called, if the user is logged in.
So it's not a really good idea.

Any better ideas?

--
Mfg.

Jens Diemer

----
A django powered CMS: http://www.pylucid.org

<snip>

It's also not a good idea to end up caching all your users' passwords
in the old_passwords dictionary like that.

Create a custom view to allow your users to change just their
password. In that view, you will be able to tell in a straightforward
fashion if the user has changed her password and take action
accordingly.

You could also use the pre_save signal in your first solution (instead
of post_save). That will give you the new password before it's saved
to the DB. So, you can pull up that user's DB User object and compare
the two passwords. Of course, and send a message to the user. Of
course, your message may be misleading if the subsequent save of the
current instance actually fails for any reason.

RajeshD schrieb:

Yes. That would work fine.
Now, i realized that i need the raw_password for my things. With signals i can
only get the hashed password, not the raw plaintext password.

On the other side, wit signals i can catch every changes from every views. So i
must build my own views and the user can used the default django views to change
his password.

Is there is an other way to trigger a django user password change and get the
raw password???

--
Mfg.

Jens Diemer

----
A django powered CMS: http://www.pylucid.org

Jens Diemer schrieb:

I found a simple way to trigger a user password change. I hacked directly into
the django.contrib.auth.models.User.set_password() method.

It looks like this:

=========================================================================== ====

from django.contrib.auth.models import User

# Save the original method
old_set_password = User.set_password

def set_password(user, raw_password):
     if user.id == None:
         # It's a new user. We must save the django user account first.
         user.save()

     #
     # Do something with the user obejct and the given raw_password ;)
     #

     # Use the original method to set the django User password:
     old_set_password(user, raw_password)

# Replace the method
User.set_password = set_password

=========================================================================== ====

So every normal password change (e.g. from the django admin panel) are caught
and i can access to the raw plaintext password.

I added a snippets here: http://www.djangosnippets.org/snippets/397/

--
Mfg.

Jens Diemer

----
A django powered CMS: http://www.pylucid.org