user import with pbkdf2-sha256 hashes

[Matthew Huebert]

Hi there,

Excited to see the user import functionality. I was wondering if there is any chance that pbkdf2-sha256 hashes will be supported? (this is the default for django: https://docs.djangoproject.com/en/1.10/topics/auth/passwords/).

Thanks,

Matt

[Kato Richardson]

Hi Matthew,

Great to meet you and thanks for asking! All of the supported formats are listed here. There are no public plans I can share to support additional algorithms.

You can submit this as a feature request here.

☼, Kato

--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/afaced21-c024-4fcd-8f13-413c107857a2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Kato Richardson |

Developer Programs Eng |

kato...@google.com |

775-235-8398

[Yanhao Wang]

Hi Matthew,

PBKDF2_SHA256 is supported now. Please try new auth:import tool[1].

[1] https://github.com/firebase/firebase-tools/releases/tag/v3.2.3

[Matthew Huebert]

Many thanks!

For anyone else importing Django accounts, it took me awhile to figure out that in my pbkdf2 hash strings, the hash segment is already in base64, but the salt is not. (ClojureScript example follows.)

(defn str64
 "Convert string to base64 (via Buffer)"
 [s]
 (-> (js/Buffer. s)
     (.toString "base64")))

(defn pbkdf2-fields
 "Return passwordHash and salt fields from PBKDF2_SHA256 hash string."
 [hash-str]
 (let [[_ iter salt hash] (string/split hash-str "$")]
   (assert (= iter "10000")) ;; double-check that iteration count is constant for all hashes
   ;; Note: the hash segment is already in base64, but the salt is not. (this caused great consternation.)
   {"passwordHash" hash
    "salt"         (str64 salt)}))

[Brett Ansite]

Thank you SO MUCH for posting the info about the salt not being encoded 

here is a sample to export your accounts with node js

"use strict"

// run with

// firebase auth:import 15000.csv --hash-algo="PBKDF2_SHA256" --rounds=15000

// firebase auth:import 12000.csv --hash-algo="PBKDF2_SHA256" --rounds=12000

// firebase auth:import md5.csv --hash-algo="MD5" --rounds=5000

var _ = require("lodash")

var fs = require('fs');

let csv = require('csv')

let moment = require('moment')

var parse = csv.parse

let stringer = csv.stringify

let pbkdf2_sha256_15000 = []

let pbkdf2_sha256_12000 = []

let md5 = []

var parser = parse({ columns: true, delimiter: ',' }, function (err, data) {

   console.log(data.length);

   console.log(data[0])

   _.map(data, ele => {

        let temp = ele.bighash.split('$')

       ele.last_login = +moment(ele.last_login).toDate()

       ele.created = +moment(ele.created).toDate()

       ele.email_verified = 'true'

       if (ele.bighash.indexOf('15000') !== -1) {

           ele.hash = ele.bighash.split('pbkdf2_sha256$15000$')[1]

           ele.hash = temp[3]

           if(typeof temp[2]==="string")

               ele.salt = new Buffer(temp[2]).toString('base64')

           else{

               ele.salt = "derp"

               console.log("failed ele",ele)

           }

               

           pbkdf2_sha256_15000.push(ele)

       } else if (ele.bighash.indexOf('12000') !== -1) {

           ele.hash = temp[3]

           ele.salt = new Buffer(temp[2]).toString('base64')

           pbkdf2_sha256_12000.push(ele)

       } else {

           //md5

           ele.hash = ele.bighash

           md5.push(ele)

       }

   })

    stringer(pbkdf2_sha256_12000, (err, data) => {

       fs.writeFile(__dirname + '/12000.csv', data, function (err) {

           if (err) {

               return console.log(err);

           }

           console.log("12000 was saved!");

       });

   })

    stringer(pbkdf2_sha256_15000, (err, data) => {

       fs.writeFile(__dirname + '/15000.csv', data, function (err) {

           if (err) {

               return console.log(err);

           }

           console.log("15000 was saved!");

       });

   })

    stringer(md5, (err, data) => {

       fs.writeFile(__dirname + '/md5.csv', data, function (err) {

           if (err) {

               return console.log(err);

           }

           console.log("md5 was saved!");

       });

   })

});

fs.createReadStream(__dirname + '/account.csv').pipe(parser);