I create a user in my view.py using this simple code.
if not errors:
user = User.objects.create_user(username, email, password)
user.save()
Except for the validation, there is nothing that I do to the username and password values before creating the object.
But I find this in the User class in Django API. I don’t know how to use the help text. If it is help text what does it print? How do I find the default values of algo, salt and hexdigest?
password = models.CharField(_('password'), max_length=128, help_text=_("Use '[algo]$[salt]$[hexdigest]' or use the <a href=\"password/\">change password form</a>."))
The help text is basicly just code for the message that shows up in the django admin, when editing a User object. It’s meant to explain to someone looking at the edit form, why the password field has something like
sha1$12345$1234567890abcdef1234567890abcdef12345678instead of the password that was set for that user. The reason is, of course that the password is hashed for security, and that representation holds all the information required to verify a user-typed password later.The admin user edit form has a special page for editing passwords. If you want to edit the users password in your code use the set_password method of the User object, the check_password method is for verifying a supplied password.
The documentation for make_password has more information about the algorithms Django uses and can use. The default for Django <1.3 was
sha1, Django 1.4 changed the default toPBKDF2. The default value forsaltis a random string (it’s there so that two identical passwords don’t look the same in the database).Hexdigestis the value of the password string and the salt string hashed with the hashing algorithm. You can read the details in the code on github.