如何将Django 1.8用户迁移到Firebase

Question

我尝试将django 1.8用户迁移到firebase，并且django密码算法为django_pbkdf2_sha256，并且firebase支持PBKDF2_SHA256

错误：不支持的哈希算法DJANGO_PBKDF2_SHA256

我该如何绕过？

参考：https://firebase.google.com/docs/cli/auth?hl=es-419

from passlib.hash import pbkdf2_sha256, django_pbkdf2_sha256
from passlib.utils import to_bytes, to_native_str
import base64

PASSWORD = 'aA123456*'
ROUND = 20000
SALT = to_bytes('google')

hash0 = pbkdf2_sha256.using(salt=SALT,rounds=ROUND).hash(PASSWORD)
print(pbkdf2_sha256.identify(hash0)) 
# True 
print(pbkdf2_sha256.verify(PASSWORD,hash0)) 
# True
print(hash0) 
# $pbkdf2-sha256$20000$Z29vZ2xl$PtFLyZHJJucUa2KBg1iJeVJsivis8JimRhFifRRKlFc

# Current keys generate by django 1.8
dj = [{"model": "auth.user", "fields": {"password": "pbkdf2_sha256$20000$mkMhRA3bpiV7$GDkKvfuzu6b9YrKGk1jy3pKkA/DUIKYc9rYEuzRLoIw=", "last_login": "2019-01-07T15:30:38.959Z", "is_superuser": True, "username": "romel", "first_name": "", "last_name": "", "email": "", "is_staff": True, "is_active": True, "date_joined": "2018-11-02T18:07:14Z", "groups": [1], "user_permissions": [1]}, "pk": 2}]

print('is hash 0 is valid pbkdf2_sha256 algorithm >>>', pbkdf2_sha256.identify(hash0)) 
// Result: True
print('is hash 1 is valid pbkdf2_sha256 algorithm >>>', pbkdf2_sha256.identify(dj[0]['fields']['password']))
// Result: False
print('is hash 1 is valid django_pbkdf2_sha256 algorithm >>>', django_pbkdf2_sha256.identify(dj[0]['fields']['password']))
// Result: True

Answer 1

django password属性在base64中具有哈希值，而salt则没有，因此，必须将salt传递为base64格式才能使其正常工作。

from passlib.hash import pbkdf2_sha256, django_pbkdf2_sha256
from passlib.utils import to_bytes, to_native_str
import base64

PASSWORD = 'aA123456*'
ROUND = 20000
SALT = to_bytes('google')

# TEST with HASH_DEMO generate by pbkdf2_sha256 and fixed paramentes 
HASH_DEMO = pbkdf2_sha256.using(salt=SALT,rounds=ROUND).hash(PASSWORD)
print(HASH_DEMO) 
# $pbkdf2-sha256$20000$Z29vZ2xl$PtFLyZHJJucUa2KBg1iJeVJsivis8JimRhFifRRKlFc

print('is the HASH_DEMO a valid pbkdf2_sha256 algorithm? >>>', pbkdf2_sha256.identify(HASH_DEMO)) 
# True 
print('is the HASH_DEMO (pbkdf2_sha256 - algorithm) with the PASSWORD: aA123456*, valid? >>>', pbkdf2_sha256.verify(PASSWORD,HASH_DEMO)) 
# True

# Current key generate by django 1.8 [HASH_DJANGO]
HASH_DJANGO = [{"model": "auth.user", "fields": {"password": "pbkdf2_sha256$20000$VVEU1GnGCr0M$7ZtXwcAIAZXICBYXb82FVeCJAjdfWrBZ11gVzb2UGVc=", "last_login": "2019-01-07T15:30:38.959Z", "is_superuser": True, "username": "romel", "first_name": "", "last_name": "", "email": "", "is_staff": True, "is_active": True, "date_joined": "2018-11-02T18:07:14Z", "groups": [1], "user_permissions": [1]}, "pk": 2}]

print('is HASH_DJANGO is valid pbkdf2_sha256 algorithm? >>>', pbkdf2_sha256.identify(HASH_DJANGO[0]['fields']['password']))
# result: False
print('is HASH_DJANGO is valid django_pbkdf2_sha256 algorithm? >>>', django_pbkdf2_sha256.identify(HASH_DJANGO[0]['fields']['password']))
# result: True
print('is HASH_DJANGO (django_pbkdf2_sha256 - algorithm) with the PASSWORD: aA123456*, valid?', django_pbkdf2_sha256.verify(PASSWORD, HASH_DJANGO[0]['fields']['password']))
# result: True

# The django password property has the hash in base64, and the salt not, so, the salt must have to be pass to base64 format to make it work.

SAL_B64 = base64.b64encode(b'VVEU1GnGCr0M')
print('SAL_B64 >>>', SAL_B64) # >>> VlZFVTFHbkdDcjBN


# firebase auth:import sandbox/account_file.csv --hash-algo=PBKDF2_SHA256 --rounds=20000 --project <project_name>
#
# account_file.csv
# 555000444,example@gmail.com,false,7ZtXwcAIAZXICBYXb82FVeCJAjdfWrBZ11gVzb2UGVc=,VlZFVTFHbkdDcjBN,,,,,,,,,,,,,,,,,,,,,,

ref：https://mail.google.com/mail/u/0/#inbox/FMfcgxwBVDBlXBNKJRtwtfjbXcHmPJWL