Add SHA1 password migration.

Author: dracos

profiles/hashers.py

@@ -0,0 +1,14 @@
+from django.contrib.auth.hashers import (
+    PBKDF2PasswordHasher, SHA1PasswordHasher,
+)
+
+
+class PBKDF2WrappedSHA1PasswordHasher(PBKDF2PasswordHasher):
+    algorithm = 'pbkdf2_wrapped_sha1'
+
+    def encode_sha1_hash(self, sha1_hash, salt, iterations=None):
+        return super().encode(sha1_hash, salt, iterations)
+
+    def encode(self, password, salt, iterations=None):
+        _, _, sha1_hash = SHA1PasswordHasher().encode(password, salt).split('$', 2)
+        return self.encode_sha1_hash(sha1_hash, salt, iterations)

profiles/migrations/0005_migrate_passwords.py

@@ -0,0 +1,25 @@
+from django.db import migrations
+
+from ..hashers import PBKDF2WrappedSHA1PasswordHasher
+
+
+def forwards_func(apps, schema_editor):
+    User = apps.get_model('profiles', 'User')
+    users = User.objects.filter(password__startswith='sha1$')
+    hasher = PBKDF2WrappedSHA1PasswordHasher()
+    for user in users:
+        print('Migrating', user.email)
+        algorithm, salt, sha1_hash = user.password.split('$', 2)
+        user.password = hasher.encode_sha1_hash(sha1_hash, salt)
+        user.save(update_fields=['password'])
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('profiles', '0004_auto_20190310_1750'),
+    ]
+
+    operations = [
+        migrations.RunPython(forwards_func),
+    ]

theatricalia/settings/base.py

@@ -178,6 +178,11 @@
 if DEBUG:
     INSTALLED_APPS.append('debug_toolbar')
 
+PASSWORD_HASHERS = [
+    'django.contrib.auth.hashers.PBKDF2PasswordHasher',
+    'profiles.hashers.PBKDF2WrappedSHA1PasswordHasher',
+]
+
 from django.db.utils import OperationalError