Undocumented
| Function | check_password |
Return a boolean of whether the raw password matches the three part encoded digest. |
| Function | is_password_usable |
Return True if this password wasn't generated by User.set_unusable_password(), i.e. make_password(None). |
| Function | make_password |
Turn a plain-text password into a hash for database storage |
| Constant | UNUSABLE_PASSWORD_PREFIX |
Undocumented |
| Constant | UNUSABLE_PASSWORD_SUFFIX_LENGTH |
Undocumented |
| Class | Argon2PasswordHasher |
Secure password hashing using the argon2 algorithm. |
| Class | BasePasswordHasher |
Abstract base class for password hashers |
| Class | BCryptPasswordHasher |
Secure password hashing using the bcrypt algorithm |
| Class | BCryptSHA256PasswordHasher |
Secure password hashing using the bcrypt algorithm (recommended) |
| Class | CryptPasswordHasher |
Password hashing using UNIX crypt (not recommended) |
| Class | MD5PasswordHasher |
The Salted MD5 password hashing algorithm (not recommended) |
| Class | PBKDF2PasswordHasher |
Secure password hashing using the PBKDF2 algorithm (recommended) |
| Class | PBKDF2SHA1PasswordHasher |
No summary |
| Class | ScryptPasswordHasher |
Secure password hashing using the Scrypt algorithm. |
| Class | SHA1PasswordHasher |
The SHA1 password hashing algorithm (not recommended) |
| Class | UnsaltedMD5PasswordHasher |
Incredibly insecure algorithm that you should never use; stores unsalted MD5 hashes without the algorithm prefix, also accepts MD5 hashes with an empty salt. |
| Class | UnsaltedSHA1PasswordHasher |
Very insecure algorithm that you should never use; store SHA1 hashes with an empty salt. |
| Function | get_hasher |
Return an instance of a loaded password hasher. |
| Function | get_hashers |
Undocumented |
| Function | get_hashers_by_algorithm |
Undocumented |
| Function | identify_hasher |
Return an instance of a loaded password hasher. |
| Function | mask_hash |
Return the given hash, with only the first show number shown. The rest are masked with char for security reasons. |
| Function | must_update_salt |
Undocumented |
| Function | reset_hashers |
Undocumented |
Return a boolean of whether the raw password matches the three part encoded digest.
If setter is specified, it'll be called when you need to regenerate the password.
Turn a plain-text password into a hash for database storage
Same as encode() but generate a new random salt. If password is None then return a concatenation of UNUSABLE_PASSWORD_PREFIX and a random string, which disallows logins. Additional random string reduces chances of gaining access to staff or superuser accounts. See ticket #20079 for more info.
Return an instance of a loaded password hasher.
If algorithm is 'default', return the default hasher. Lazily import hashers specified in the project's settings file if needed.
Return an instance of a loaded password hasher.
Identify hasher algorithm by examining encoded hash, and call get_hasher() to return hasher. Raise ValueError if algorithm cannot be identified, or if hasher is not loaded.