I am migrating a site from Drupal 7 to Django 1.4, including the current users. How can I work with the passwords that were hashed by Drupal?
According to this, Drupal 7
I don't know Drupal very well, but I suppose that the passwords are stored hashed. If that's the case, you'll have to copy the passwords (I mean, copy them unchanged) and you'll have to change the way Django hashes its passwords, using the exactly same way of Drupal, with the same Security Salt.
I really don't know how to do that, but the logic for passwords is contained in the User object. For example. the User.set_password()
function (described here) uses the make_password function.
I think with a little research you'll find the way to change it, but the important thing is, remember that the functions must be equals! ie:
drupal_hash(x) == django_hash(x) for every x in the allowed passwords set.
EDIT:
Taking a deeper look django get the has function with the get_hasher function. Now in the 1.4 version there's a way to specify how Django will select that function. Take a look at this: https://docs.djangoproject.com/en/dev/topics/auth/#how-django-stores-passwords
Finally, in order to create your own function, you can take a look at how it's done on the MD5PasswordHasher. It seems really simple. You can use the hashlib python library to generate sha-512 algorithms.
Changing the encode method would require somthing similar to:
def encode(self, password, salt):
assert password
assert salt and '$' not in salt
hash = hashlib.sha512(salt + password).hexdigest()
return "%s$%s$%s" % (self.algorithm, salt, hash)