I'm trying to get my userPass field to be hashed with PBKDF2PasswordHasher upon successful submission and when submitted to check if the userNm field, already exists or not.
I have a modelform:
class RegistrationForm(ModelForm):
userPass = forms.CharField(widget=forms.PasswordInput, label='Password')
class Meta:
model = Client
fields = ['userNm','userPass']
def clean_RegForm(self):
cleanedUserName = self.cleaned_data.get('userNm')
if Client.objects.filter(userNm=cleanedUserName).exists():
errorMsg = u"Error occurred."
raise ValidationError(errorMsg)
else:
return cleanedUserName
a hasher.py file to define a custom definition for PBKDF2PasswordHasher:
from django.contrib.auth.hashers import PBKDF2PasswordHasher
class PBKDF2PasswordHasher(PBKDF2PasswordHasher):
iterations = PBKDF2PasswordHasher.iterations * 100
a view
def Registration(request):
RegForm = RegistrationForm(request.POST or None)
if request.method == 'POST':
if RegForm.is_valid():
clearUserName = RegForm.cleaned_data['userNm']
clearPassNoHash = RegForm.cleaned_data['userPass']
clearPass = make_password(clearPassNoHash.encode("utf-8"),bcrypt.gensalt(14))
RegForm.save()
try:
return HttpResponseRedirect('/Newuser/?userNm=' + clearUserName)
except:
raise ValidationError(('Invalid request'), code='300') ## [ TODO ]: add a custom error page here.
else:
RegForm = RegistrationForm()
return render(request, 'reuse/register.html', {
'RegForm': RegForm
})
settings.py has:
PASSWORD_HASHERS = (
'MyApp.hashers.MyPBKDF2PasswordHasher',
'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
'django.contrib.auth.hashers.BCryptPasswordHasher',
)
It currently outputs the userNm on the next page, and saves both userNm and userPass to database, but the userPass is cleartext.
What am I doing wrong here? can someone help?