Upgrading a django 1.2 Alpha site to 1.10 final site, passwords don't work
34 views
Skip to first unread message
Evan Roberts
Sep 30, 2016, 11:18:36 AM9/30/16
to Django users
Hello All,
I'm new to django and python. A project that was last maintained in 2009 was bestowed upon me because the underlying OS is approaching end-of-life.
I've read the first few chapters the Django book and the first 10 chapters of Django Unleashed. I've got the project and supporting libraries brought up to the python 3.5.0 and django 1.10.
My current hurdle is the user's passwords are stored using SHA1 hashing. I ***think*** django 1.10 no longer supports the sha1 hashing algorithm.
Is there a way to allow the users to login (using SHA1 to validate the password) and then force them to change their passwords (storing them using new hash)?
Best Regards,
Evan R.
Tim Graham
Sep 30, 2016, 1:40:53 PM9/30/16
to Django users
Django 1.10 can still support SHA1, but it's not enabled by default. Please read https://docs.djangoproject.com/en/dev/releases/1.10/#removed-weak-password-hashers-from-the-default-password-hashers-setting and https://docs.djangoproject.com/en/stable/topics/auth/passwords/.
Evan Roberts
Oct 4, 2016, 11:00:21 AM10/4/16
to Django users
Thank you Tim, the pointer was just I needed.
If anyone runs into this issue you will also need to update the auth_user table to allow NULLs in the last_login date.
See this defect for details https://code.djangoproject.com/ticket/24679
Reply all
Reply to author
Forward
0 new messages