[Django] How to retrieve the saved password in raw format
1,282 views
Skip to first unread message
Dilipkumar Noone
Oct 21, 2019, 2:15:30 PM10/21/19
to Django users
Dear Django group,
In one of my View i need UserName & Password details in raw format but Django uses PBKDF2 algorithm to store the password.
I would like to know how to retrieve the saved password from Authentication Form.
Using these Username and password details from my Django app , i need to use the same credentials to access another website to perform web automation on it using selenium chrome webdriver.
Please let us know how to get the password in raw format once user authenticated using below LoginForm and login_view.
My forms.py:
===========
forms.py:
=======
class LoginForm(AuthenticationForm):
remember_me = forms.BooleanField(required=True, initial=False)
def __init__(self, *args, **kwargs):
super(LoginForm, self).__init__(*args, **kwargs)
self.helper = FormHelper()
self.helper.form_action = '.'
self.helper.layout = Layout(
Field('username', placeholder="Enter Username", autofocus=""),
Field('password', placeholder="Enter Password"),
Field('remember_me'),
Submit('sign_in', 'Log in',
css_class="btn btn-lg btn-primary btn-block"),
)
def apply_gsp_request_form(request, id=None):
if id:
action = 'edit'
model = get_object_or_404(ApplyGSP, pk=id)
else:
action = 'submit'
model = ApplyGSP()
message = ""
if request.method == 'POST':
form = ApplyGSPForm(request.POST, instance=model)
if form.is_valid():
form.save()
username = request.user.username
print("password:", request.user.password)
# How to get password details ? If i get pwd here using request.user.password it is displaying in <SHAalgorithm>$<iterations>$<salt>$<hash> format.
# but i need in raw(clear text format)
applyselenium(username,password)
def applyselenium():
-----------
----------
My Views.py:
=======
views.py:
========
def login_view(request):
logout(request)
username = password = ''
redirect_to = request.GET.get('next', '/gspapp/')
form = LoginForm()
if request.POST:
form = LoginForm(request.POST)
username = request.POST['username']
password = request.POST['password']
user = authenticate(request, username=username, password=password)
if user is not None:
login(request, user)
remember_me = request.POST.get('remember_me', False)
if remember_me == "on":
ONE_MONTH = 30 * 24 * 60 * 60
expiry = getattr(settings, "KEEP_LOGGED_DURATION", ONE_MONTH)
request.session.set_expiry(expiry)
else:
request.session.set_expiry(0)
return HttpResponseRedirect(redirect_to)
context = {'form': form, 'page_title': page_title, 'loginpage_heading': loginpage_heading}
return render(request, 'login.html', context)
Regards
N.Dilip Kumar.
Alex Heyden
Oct 21, 2019, 3:21:50 PM10/21/19
to django...@googlegroups.com
Password tables should never be human-readable. Never ever. No exceptions.
If the intent is to power automation, store that password where the test agent can read it. If you don't know the password, reset it, then save it. Don't expect your web server to leak a password, though. Not even if you ask it nicely.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/11a515fc-8b06-4130-8a0d-5ab6c9a21497%40googlegroups.com.
John Bagiliko
Oct 21, 2019, 7:31:43 PM10/21/19
to django...@googlegroups.com
It is so wrong to want to read the users
's password. I think this should not be done.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CA%2Bv0ZYVQUxqqRbKM-2Wbiuia7d5uWFNWTAyuGH200LmnmnK2kg%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages