Undocumented
| Class | |
Secure password hashing using the argon2 algorithm. |
| Class | |
Abstract base class for password hashers |
| Class | |
Secure password hashing using the bcrypt algorithm |
| Class | |
Secure password hashing using the bcrypt algorithm (recommended) |
| Class | |
Password hashing using UNIX crypt (not recommended) |
| Class | |
The Salted MD5 password hashing algorithm (not recommended) |
| Class | |
Secure password hashing using the PBKDF2 algorithm (recommended) |
| Class | |
Alternate PBKDF2 hasher which uses SHA1, the default PRF recommended by PKCS #5. This is compatible with other implementations of PBKDF2, such as openssl's PKCS5_PBKDF2_HMAC_SHA1(). |
| Class | |
Secure password hashing using the Scrypt algorithm. |
| Class | |
The SHA1 password hashing algorithm (not recommended) |
| Class | |
Incredibly insecure algorithm that you should *never* use; stores unsalted MD5 hashes without the algorithm prefix, also accepts MD5 hashes with an empty salt. |
| Class | |
Very insecure algorithm that you should *never* use; store SHA1 hashes with an empty salt. |
| Function | check |
Return a boolean of whether the raw password matches the three part encoded digest. |
| Function | get |
Return an instance of a loaded password hasher. |
| Function | get |
Undocumented |
| Function | get |
Undocumented |
| Function | identify |
Return an instance of a loaded password hasher. |
| Function | is |
Return True if this password wasn't generated by User.set_unusable_password(), i.e. make_password(None). |
| Function | make |
Turn a plain-text password into a hash for database storage |
| Function | mask |
Return the given hash, with only the first ``show`` number shown. The rest are masked with ``char`` for security reasons. |
| Function | must |
Undocumented |
| Function | reset |
Undocumented |
| Constant | UNUSABLE |
Undocumented |
| Constant | UNUSABLE |
Undocumented |
Return a boolean of whether the raw password matches the three part encoded digest. If setter is specified, it'll be called when you need to regenerate the password.
Return an instance of a loaded password hasher. If algorithm is 'default', return the default hasher. Lazily import hashers specified in the project's settings file if needed.
Return an instance of a loaded password hasher. Identify hasher algorithm by examining encoded hash, and call get_hasher() to return hasher. Raise ValueError if algorithm cannot be identified, or if hasher is not loaded.
Return True if this password wasn't generated by User.set_unusable_password(), i.e. make_password(None).
Turn a plain-text password into a hash for database storage Same as encode() but generate a new random salt. If password is None then return a concatenation of UNUSABLE_PASSWORD_PREFIX and a random string, which disallows logins. Additional random string reduces chances of gaining access to staff or superuser accounts. See ticket #20079 for more info.