问题
I currently have a system with django which I need to migrate to rails. I am using Devise for authorization in rails. The old django system has it's own set of users which I need to migrate to rails. The thing that I am concerned with, is the password of the users. It is encrypted using sha1 algorithm. So, how I can modify devise such that it is compatible with the old user's password as well.
回答1:
Each user gets its own random salt, that way if the table with passwords get leaked, rainbow tables wont help to get the actual passwords.
Checkout django/contrib/auth.models.py, check_password(raw_password, enc_password) is what you need to implement in your Rails auth system:
def get_hexdigest(algorithm, salt, raw_password):
"""
Returns a string of the hexdigest of the given plaintext password and salt
using the given algorithm ('md5', 'sha1' or 'crypt').
"""
raw_password, salt = smart_str(raw_password), smart_str(salt)
if algorithm == 'crypt':
try:
import crypt
except ImportError:
raise ValueError('"crypt" password algorithm not supported in this environment')
return crypt.crypt(raw_password, salt)
if algorithm == 'md5':
return md5_constructor(salt + raw_password).hexdigest()
elif algorithm == 'sha1':
return sha_constructor(salt + raw_password).hexdigest()
raise ValueError("Got unknown password algorithm type in password.")
def check_password(raw_password, enc_password):
"""
Returns a boolean of whether the raw_password was correct. Handles
encryption formats behind the scenes.
"""
algo, salt, hsh = enc_password.split('$')
return constant_time_compare(hsh, get_hexdigest(algo, salt, raw_password))
回答2:
I have the following method in my user model:
def valid_password?(pwd)
begin
super(pwd)
rescue
my_pwds = self.encrypted_password.split '$'
Digest::SHA1.hexdigest( my_pwds[1] + pwd ) == my_pwds[2] rescue false
end
end
This extends the default_password? method that is used by Devise to see if a user has submitted the correct password. First the user is being checked using the normal devise logics, and if that doesn't work the Django sha1 logic is run. This way devise passwords are supported too, so you won't get compatibility issues in the future.
来源:https://stackoverflow.com/questions/8061001/migrate-django-users-to-rails