Setting an unusable password on an existing user
2,955 views
Skip to first unread message
nav
Sep 21, 2012, 2:16:22 AM9/21/12
to django...@googlegroups.com
Hi,
Is there any way to set the password of an existing user to and unusable value like none?
I tried user.set_unusable_password() and subsequently user.save() but this did not work.
Other than using this method is there a way to set the password to None or such like so that the user.has_usable_password() method will return False instead of True?
Many Thanks,
nav
Is there any way to set the password of an existing user to and unusable value like none?
I tried user.set_unusable_password() and subsequently user.save() but this did not work.
Other than using this method is there a way to set the password to None or such like so that the user.has_usable_password() method will return False instead of True?
Many Thanks,
nav
Paul Backhouse
Sep 21, 2012, 5:47:25 AM9/21/12
to django...@googlegroups.com
Works for me...
>>> from django.contrib.auth.models import User
>>> user = User.objects.latest('id')
>>> user.has_usable_password()
True
>>> user.set_unusable_password()
>>> user.has_usable_password()
False
> --
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/django-users/-/yqNmZJR5mJgJ.
> To post to this group, send email to django...@googlegroups.com.
> To unsubscribe from this group, send email to django-users
> +unsub...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>>> from django.contrib.auth.models import User
>>> user = User.objects.latest('id')
>>> user.has_usable_password()
True
>>> user.set_unusable_password()
>>> user.has_usable_password()
False
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/django-users/-/yqNmZJR5mJgJ.
> To post to this group, send email to django...@googlegroups.com.
> To unsubscribe from this group, send email to django-users
> +unsub...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
Nandakumar Chandrasekhar
Sep 21, 2012, 5:56:58 AM9/21/12
to django...@googlegroups.com
Thanks Paul,
I have tried this on the Django shell and works for me as well.
Since I am using some third party software to do social site
authentication I might have made a mistake and not accessed the actual
django user object.
Thanks once again.
nav
I have tried this on the Django shell and works for me as well.
Since I am using some third party software to do social site
authentication I might have made a mistake and not accessed the actual
django user object.
Thanks once again.
nav
Nandakumar Chandrasekhar
Sep 22, 2012, 3:18:04 AM9/22/12
to django...@googlegroups.com
Thanks Andrew but I have a requirement where I have to programmatically
set it to an unusable password based on a particular condition.
I know this is a rare requirement but in the context of the application
I am building it makes sense. :-)
nav
On Friday 21 September 2012 12:22 PM, Andrew Macgregor wrote:
> AFAIK you can set it to ! in the admin interface. Don't use the change
> password form, just enter ! into the password field on the Auth User
> table. I believe this will cause has_usable_password() to return False.
>
> Cheers, Andrew.
set it to an unusable password based on a particular condition.
I know this is a rare requirement but in the context of the application
I am building it makes sense. :-)
nav
On Friday 21 September 2012 12:22 PM, Andrew Macgregor wrote:
> AFAIK you can set it to ! in the admin interface. Don't use the change
> password form, just enter ! into the password field on the Auth User
> table. I believe this will cause has_usable_password() to return False.
>
> Cheers, Andrew.
> --
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/django-users/-/yhVjvHQNUekJ.
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To view this discussion on the web visit
> To post to this group, send email to django...@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users...@googlegroups.com.
> To unsubscribe from this group, send email to
Jamie Lawrence
Sep 22, 2012, 3:40:40 AM9/22/12
to django...@googlegroups.com, django...@googlegroups.com
This isn't that rare - it is a common UX requirement.
Set the value to something that cannot hash to any input. Depending on your setup, '0' could work, or any other nonsense value. If you have a strict DB schema, IIRC, there are some magic values that SHA will never generate, but I'd have to look that up. Why not have a "this account cannot log in" flag?
-j
--
Sent from a phone, please excuse any terseness.
Set the value to something that cannot hash to any input. Depending on your setup, '0' could work, or any other nonsense value. If you have a strict DB schema, IIRC, there are some magic values that SHA will never generate, but I'd have to look that up. Why not have a "this account cannot log in" flag?
-j
--
Sent from a phone, please excuse any terseness.
Russell Keith-Magee
Sep 22, 2012, 7:46:27 PM9/22/12
to django...@googlegroups.com
On Sat, Sep 22, 2012 at 3:18 PM, Nandakumar Chandrasekhar
<navani...@gmail.com> wrote:
> Thanks Andrew but I have a requirement where I have to programmatically set
> it to an unusable password based on a particular condition.
Andrew's given you the answer - it's just not clear that you've
<navani...@gmail.com> wrote:
> Thanks Andrew but I have a requirement where I have to programmatically set
> it to an unusable password based on a particular condition.
understood what the answer is.
There are two ways to set a password on a user object:
* Use the set_password() method on the user object.
* Set the underlying password attribute directly.
The set_password() method is just applying the password hashing logic
and then saving the password field directly. If you want to set the
hashed value -- or set an "unusable" value -- directly, you can do the
same thing:
>>> from django.contrib.auth.models import User, UNUSABLE_PASSWORD
>>> user = User.objects.get(username='frank')
>>> user.password
u'sha1$911ee$25e954dc93f920c134ebaa067da7827922e474a6'
>>> user.has_usable_password()
True
>>> user.set_password('foo')
>>> user.password
'sha1$7h9Fpv6nLJt4$99f05f9b65569b617f32a448431736108e83be36'
>>> user.has_usable_password()
True
>>> user.password = UNUSABLE_PASSWORD
>>> user.save()
>>> user.password
'!'
>>> user.has_usable_password()
False
Yours,
Russ Magee %-)
Nandakumar Chandrasekhar
Sep 23, 2012, 12:13:42 PM9/23/12
to django...@googlegroups.com
Thanks Russ for your explanation.
You are right I did not understand Andrew correctly. Forgive me for my
ignorance. :-)
I did not know there were so many ways to do the same thing.
Thank you very much for the example.
nav
You are right I did not understand Andrew correctly. Forgive me for my
ignorance. :-)
I did not know there were so many ways to do the same thing.
Thank you very much for the example.
nav
Reply all
Reply to author
Forward
0 new messages