我尝试将django 1.8用户迁移到firebase,并且django密码算法为django_pbkdf2_sha256,并且firebase支持PBKDF2_SHA256
错误:不支持的哈希算法DJANGO_PBKDF2_SHA256
我该如何绕过?
参考:https://firebase.google.com/docs/cli/auth?hl=es-419
from passlib.hash import pbkdf2_sha256, django_pbkdf2_sha256
from passlib.utils import to_bytes, to_native_str
import base64
PASSWORD = 'aA123456*'
ROUND = 20000
SALT = to_bytes('google')
hash0 = pbkdf2_sha256.using(salt=SALT,rounds=ROUND).hash(PASSWORD)
print(pbkdf2_sha256.identify(hash0))
# True
print(pbkdf2_sha256.verify(PASSWORD,hash0))
# True
print(hash0)
# $pbkdf2-sha256$20000$Z29vZ2xl$PtFLyZHJJucUa2KBg1iJeVJsivis8JimRhFifRRKlFc
# Current keys generate by django 1.8
dj = [{"model": "auth.user", "fields": {"password": "pbkdf2_sha256$20000$mkMhRA3bpiV7$GDkKvfuzu6b9YrKGk1jy3pKkA/DUIKYc9rYEuzRLoIw=", "last_login": "2019-01-07T15:30:38.959Z", "is_superuser": True, "username": "romel", "first_name": "", "last_name": "", "email": "", "is_staff": True, "is_active": True, "date_joined": "2018-11-02T18:07:14Z", "groups": [1], "user_permissions": [1]}, "pk": 2}]
print('is hash 0 is valid pbkdf2_sha256 algorithm >>>', pbkdf2_sha256.identify(hash0))
// Result: True
print('is hash 1 is valid pbkdf2_sha256 algorithm >>>', pbkdf2_sha256.identify(dj[0]['fields']['password']))
// Result: False
print('is hash 1 is valid django_pbkdf2_sha256 algorithm >>>', django_pbkdf2_sha256.identify(dj[0]['fields']['password']))
// Result: True
答案 0 :(得分:1)
django password属性在base64中具有哈希值,而salt则没有,因此,必须将salt传递为base64格式才能使其正常工作。
from passlib.hash import pbkdf2_sha256, django_pbkdf2_sha256
from passlib.utils import to_bytes, to_native_str
import base64
PASSWORD = 'aA123456*'
ROUND = 20000
SALT = to_bytes('google')
# TEST with HASH_DEMO generate by pbkdf2_sha256 and fixed paramentes
HASH_DEMO = pbkdf2_sha256.using(salt=SALT,rounds=ROUND).hash(PASSWORD)
print(HASH_DEMO)
# $pbkdf2-sha256$20000$Z29vZ2xl$PtFLyZHJJucUa2KBg1iJeVJsivis8JimRhFifRRKlFc
print('is the HASH_DEMO a valid pbkdf2_sha256 algorithm? >>>', pbkdf2_sha256.identify(HASH_DEMO))
# True
print('is the HASH_DEMO (pbkdf2_sha256 - algorithm) with the PASSWORD: aA123456*, valid? >>>', pbkdf2_sha256.verify(PASSWORD,HASH_DEMO))
# True
# Current key generate by django 1.8 [HASH_DJANGO]
HASH_DJANGO = [{"model": "auth.user", "fields": {"password": "pbkdf2_sha256$20000$VVEU1GnGCr0M$7ZtXwcAIAZXICBYXb82FVeCJAjdfWrBZ11gVzb2UGVc=", "last_login": "2019-01-07T15:30:38.959Z", "is_superuser": True, "username": "romel", "first_name": "", "last_name": "", "email": "", "is_staff": True, "is_active": True, "date_joined": "2018-11-02T18:07:14Z", "groups": [1], "user_permissions": [1]}, "pk": 2}]
print('is HASH_DJANGO is valid pbkdf2_sha256 algorithm? >>>', pbkdf2_sha256.identify(HASH_DJANGO[0]['fields']['password']))
# result: False
print('is HASH_DJANGO is valid django_pbkdf2_sha256 algorithm? >>>', django_pbkdf2_sha256.identify(HASH_DJANGO[0]['fields']['password']))
# result: True
print('is HASH_DJANGO (django_pbkdf2_sha256 - algorithm) with the PASSWORD: aA123456*, valid?', django_pbkdf2_sha256.verify(PASSWORD, HASH_DJANGO[0]['fields']['password']))
# result: True
# The django password property has the hash in base64, and the salt not, so, the salt must have to be pass to base64 format to make it work.
SAL_B64 = base64.b64encode(b'VVEU1GnGCr0M')
print('SAL_B64 >>>', SAL_B64) # >>> VlZFVTFHbkdDcjBN
# firebase auth:import sandbox/account_file.csv --hash-algo=PBKDF2_SHA256 --rounds=20000 --project <project_name>
#
# account_file.csv
# 555000444,example@gmail.com,false,7ZtXwcAIAZXICBYXb82FVeCJAjdfWrBZ11gVzb2UGVc=,VlZFVTFHbkdDcjBN,,,,,,,,,,,,,,,,,,,,,,
ref:https://mail.google.com/mail/u/0/#inbox/FMfcgxwBVDBlXBNKJRtwtfjbXcHmPJWL