2726: why there are two ways to change user's password?

qhyic*****@gmai***** (Google Code) (Is this you? Claim this profile.)
Sept. 28, 2012 
Dear sir,

In "My account" option,we can change our password with 'sha1' algorithm:
class StandardAuthBackend(AuthBackend, ModelBackend):
    def update_password(self, user, password):
        salt = sha1(str(time.time())).hexdigest()[:5]
        hash = sha1(salt + password)
        new_password = 'sha1$%s$%s' % (salt, hash.hexdigest())
        user.password = new_password

But on admin or register page, we set password with another algorithm:
django.contrib.auth.models.make_password

why there are two ways to change user's password?
chipx86
#1 chipx86 
Hi,

Good question. I'm not sure why we hard-code that ourselves, but we should switch to using Django's code.
  • +Confirmed
  • -Priority-Medium
    +Priority-High
    +Milestone-Release1.6.x
    +EasyFix
#2 tah***@gmai***** (Google Code) (Is this you? Claim this profile.) 
I'll work on this
#3 tah***@gmai***** (Google Code) (Is this you? Claim this profile.) 
This auth method is only available in Django 1.4+
chipx86
#4 chipx86 
We use Django 1.4 for RB 1.7, so we should fix it there.
david
#5 david 
Fixed in master (a2ad3a7). Thanks!
  • -Confirmed
    +Fixed