Best way to detect if a user has changed password

[Roarster]

I'm running a Django 1.4 site and I have some operations I want to perform if a user changes their password.  I'm using the standard contrib.auth user accounts with the normal password_change view and I'm not sure if I should somehow hook into this view or if I should use a signal on post_save for the user.  If I do use the signal, is it possible to tell when the password has been changed?  I do feel that if I can use a signal this might be the best approach since it would handle any other password change mechanisms that I might add later without any extra work.

Does anyone have any ideas on the best way to do this?

[Brad Pitcher]

You could use a "pre_save" signal. kwargs['instance'] will contain the updated record and you can get the old record with "User.objects.get(id=user.id) if user.pk else None". I've done this in the past to check for a changed email address.

On Wed, Oct 24, 2012 at 2:23 PM, Roarster <ianstra...@gmail.com> wrote:

I'm running a Django 1.4 site and I have some operations I want to perform if a user changes their password.  I'm using the standard contrib.auth user accounts with the normal password_change view and I'm not sure if I should somehow hook into this view or if I should use a signal on post_save for the user.  If I do use the signal, is it possible to tell when the password has been changed?  I do feel that if I can use a signal this might be the best approach since it would handle any other password change mechanisms that I might add later without any extra work.

Does anyone have any ideas on the best way to do this?

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/yrhcGbYf0f4J.
To post to this group, send email to django...@googlegroups.com.
To unsubscribe from this group, send email to django-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

[lacry...@gmail.com]

If you hook into pre_save, you can compare agaist the DB with MyModel.objects.get(id=object.id)

I think there might be a way of checking directly on the instance if a field's been changed in 1.4

-----Mensaje original-----
De: Roarster
Enviados: 24/10/2012 18:23:15
Asunto: Best way to detect if a user has changed password

[Roarster]

Thanks for the answers, that was pretty much what I was expecting.  I haven't had a chance to test this yet but do you think it'll be as simple as just comparing the value with the previous value, seeing as the password field is (I assume) a bit different with it storing the hash rather than the plain text.

[Tom Evans]

The password_change view takes additional arguments, one of which is
'password_change_form'. The form is responsible for changing the users
password, and by default is django.contrib.auth.forms.SetPasswordForm
(see docs):

https://docs.djangoproject.com/en/1.4/topics/auth/#django.contrib.auth.views.password_change

The form itself is responsible for changing the users password, so by
extending that class and specifying that class to be used, you can
hook directly in to the derived class's save() method and perform
whatever actions you need to when the password is changed.

Cheers

Tom

[Roarster]

Ended up using Tom's method in the end (thanks!) - it seemed more efficient than grabbing the user object back out of the database to do a password comparison on every save.