Trigger a django user password change...

1,260 views
Skip to first unread message

Jens Diemer

unread,
Aug 2, 2007, 5:20:16 AM8/2/07
to django...@googlegroups.com

I would like to do something if the django user password has been set or update.
So i trigger signals.post_save with the User class, like this:


===============================================================================

from django.db.models import signals
from django.dispatch import dispatcher


def update(sender, instance, signal, *args, **kwargs):

user_obj = instance

...

user_obj.message_set.create(message="Updated!")


dispatcher.connect(update, signal=signals.post_save, sender=User)

===============================================================================


But my function 'update' is not only called if the user password changed.
The problem is, in the User model exists e.g. 'last_login'. So the save method
called every time, the user logged in :(

One idea is this:

===============================================================================

old_passwords = {}
def save_old_pass(sender, instance, signal, *args, **kwargs):
user_obj = instance
old_pass = user_obj.password
old_passwords[user_obj] = old_pass

def update(sender, instance, signal, *args, **kwargs):
user_obj = instance
new_password = user_obj.password

if user_obj in old_passwords and old_passwords[user_obj] == new_password:
# Nothing to change
return

...

user_obj.message_set.create(message="Updated!")


from django.db.models import signals
from django.dispatch import dispatcher

dispatcher.connect(save_old_pass, signal=signals.post_init, sender=User)
dispatcher.connect(update, signal=signals.post_save, sender=User)

===============================================================================


This works, but save_old_pass() would be often called, if the user is logged in.
So it's not a really good idea.


Any better ideas?

--
Mfg.

Jens Diemer


----
A django powered CMS: http://www.pylucid.org

RajeshD

unread,
Aug 2, 2007, 4:37:02 PM8/2/07
to Django users
<snip>
>
> One idea is this:
>
> ===========================================================================­====

>
> old_passwords = {}
> def save_old_pass(sender, instance, signal, *args, **kwargs):
> user_obj = instance
> old_pass = user_obj.password
> old_passwords[user_obj] = old_pass
>
<snip>

>
> dispatcher.connect(save_old_pass, signal=signals.post_init, sender=User)
> dispatcher.connect(update, signal=signals.post_save, sender=User)
>
>
> This works, but save_old_pass() would be often called, if the user is logged in.
> So it's not a really good idea.

It's also not a good idea to end up caching all your users' passwords
in the old_passwords dictionary like that.

>
> Any better ideas?

Create a custom view to allow your users to change just their
password. In that view, you will be able to tell in a straightforward
fashion if the user has changed her password and take action
accordingly.

RajeshD

unread,
Aug 2, 2007, 4:43:17 PM8/2/07
to Django users

>
> Any better ideas?

You could also use the pre_save signal in your first solution (instead
of post_save). That will give you the new password before it's saved
to the DB. So, you can pull up that user's DB User object and compare
the two passwords. Of course, and send a message to the user. Of
course, your message may be misleading if the subsequent save of the
current instance actually fails for any reason.

Jens Diemer

unread,
Aug 8, 2007, 2:46:15 AM8/8/07
to django...@googlegroups.com
RajeshD schrieb:

> Create a custom view to allow your users to change just their
> password. In that view, you will be able to tell in a straightforward
> fashion if the user has changed her password and take action
> accordingly.

Yes. That would work fine.
Now, i realized that i need the raw_password for my things. With signals i can
only get the hashed password, not the raw plaintext password.

On the other side, wit signals i can catch every changes from every views. So i
must build my own views and the user can used the default django views to change
his password.

Is there is an other way to trigger a django user password change and get the
raw password???

Jens Diemer

unread,
Aug 31, 2007, 3:25:35 AM8/31/07
to django...@googlegroups.com
Jens Diemer schrieb:

> I would like to do something if the django user password has been set or update.
> So i trigger signals.post_save with the User class, like this:
> ===============================================================================
> from django.db.models import signals
> from django.dispatch import dispatcher
>
>
> def update(sender, instance, signal, *args, **kwargs):
>
> user_obj = instance
>
> ...
>
> user_obj.message_set.create(message="Updated!")
>
>
> dispatcher.connect(update, signal=signals.post_save, sender=User)
> ===============================================================================
> But my function 'update' is not only called if the user password changed.
> The problem is, in the User model exists e.g. 'last_login'. So the save method
> called every time, the user logged in :(
>
> Any better ideas?

I found a simple way to trigger a user password change. I hacked directly into
the django.contrib.auth.models.User.set_password() method.

It looks like this:

===============================================================================

from django.contrib.auth.models import User

# Save the original method
old_set_password = User.set_password

def set_password(user, raw_password):
if user.id == None:
# It's a new user. We must save the django user account first.
user.save()

#
# Do something with the user obejct and the given raw_password ;)
#

# Use the original method to set the django User password:
old_set_password(user, raw_password)

# Replace the method
User.set_password = set_password

===============================================================================

So every normal password change (e.g. from the django admin panel) are caught
and i can access to the raw plaintext password.


I added a snippets here: http://www.djangosnippets.org/snippets/397/

Reply all
Reply to author
Forward
0 new messages