Firebase-tools: Import Django users with hash algorithm django_pbkdf2_sha256
I trying to import django 1.8 users to firebase, the algorithm used by django is django_pbkdf2_sha256, and the most similar that is currently supported is: PBKDF2_SHA256, it work if I generate a fixed password with the PBKDF2_SHA256 algorithm for just for test, but I need django_pbkdf2_sha256 algorithm to import all user of the django app.
from passlib.hash import pbkdf2_sha256, django_pbkdf2_sha256
from passlib.utils import to_bytes, to_native_str
import base64
PASSWORD = 'aA123456*'
ROUND = 20000
SALT = to_bytes('google')
hash0 = pbkdf2_sha256.using(salt=SALT,rounds=ROUND).hash(PASSWORD)
print(pbkdf2_sha256.identify(hash0))
# True
print(pbkdf2_sha256.verify(PASSWORD,hash0))
# True
print(hash0)
# $pbkdf2-sha256$20000$Z29vZ2xl$PtFLyZHJJucUa2KBg1iJeVJsivis8JimRhFifRRKlFc
# Current key generate by django 1.8 [hash 1]
dj = [{"model": "auth.user", "fields": {"password": "pbkdf2_sha256$20000$mkMhRA3bpiV7$GDkKvfuzu6b9YrKGk1jy3pKkA/DUIKYc9rYEuzRLoIw=", "last_login": "2019-01-07T15:30:38.959Z", "is_superuser": True, "username": "romel", "first_name": "", "last_name": "", "email": "", "is_staff": True, "is_active": True, "date_joined": "2018-11-02T18:07:14Z", "groups": [1], "user_permissions": [1]}, "pk": 2}]
print('is hash 0 is valid pbkdf2_sha256 algorithm >>>', pbkdf2_sha256.identify(hash0))
# result: True
print('is hash 1 is valid pbkdf2_sha256 algorithm >>>', pbkdf2_sha256.identify(dj[0]['fields']['password']))
# result: False
print('is hash 1 is valid django_pbkdf2_sha256 algorithm >>>', django_pbkdf2_sha256.identify(dj[0]['fields']['password']))
# result: True
romelgomez
All 7 comments
I don't see what question you might have that is relevant to the CLI. It seems to me that this is a statement? If you have a question regarding these things, I think Stack Overflow will be where you get better help.
bkendall
on 8 Jan 2019
Is relevant for the CLI have support for other type of algorithm?
hash-algo | The algorithm used to hash passwords in the user account file. Required to import accounts with password fields. One of the following values:聽BCRYPT,聽SCRYPT,聽STANDARD_SCRYPT,聽HMAC_SHA512,聽HMAC_SHA256,聽HMAC_SHA1,聽HMAC_MD5,聽MD5,SHA512,聽SHA256,聽SHA1,聽PBKDF_SHA1,聽PBKDF2_SHA256.
https://firebase.google.com/docs/cli/auth
I need django_pbkdf2_sha256 algorithm.
romelgomez
on 8 Jan 2019
Does PBKDF2_SHA256 not work for you? It's the same w/o the django_ prefix...
If not, please submit a feature request at https://firebase.google.com/support
bkendall
on 8 Jan 2019
Not don't work for me, they are similar:
The next hash is a valid django_pbkdf2_sha256 algorithm:
pbkdf2_sha256$20000$mkMhRA3bpiV7$GDkKvfuzu6b9YrKGk1jy3pKkA/DUIKYc9rYEuzRLoIw=
The next hash is a valid pbkdf2_sha256 algorithm
$pbkdf2-sha256$20000$Z29vZ2xl$PtFLyZHJJucUa2KBg1iJeVJsivis8JimRhFifRRKlFc
Note:
- the
$at the start of the string, - the
_vs-inpbkdf2-shavspbkdf2_sha
The pbkdf2_sha256 lib has methods for validate the type of the algorithm used, pbkdf2_sha256.identify, django_pbkdf2_sha256.identify.
django add prefix to many schemes of hash
https://passlib.readthedocs.io/en/stable/lib/passlib.hash.django_std.html
romelgomez
on 8 Jan 2019
Bummer. I'd still direct you towards Firebase Support for a feature request or Stack Overflow for more help from the community. This would be something needing to be changed in the underlying API rather than the CLI itself, so there's not much we can do in this repository.
bkendall
on 8 Jan 2019
@bkendall It work to with pbkdf2_sha256, The django password property has the hash in base64, and the salt not, so, the salt must have to be pass to base64 format to make it work.
from passlib.hash import pbkdf2_sha256, django_pbkdf2_sha256
from passlib.utils import to_bytes, to_native_str
import base64
PASSWORD = 'aA123456*'
ROUND = 20000
SALT = to_bytes('google')
# TEST with HASH_DEMO generate by pbkdf2_sha256 and fixed paramentes
HASH_DEMO = pbkdf2_sha256.using(salt=SALT,rounds=ROUND).hash(PASSWORD)
print(HASH_DEMO)
# $pbkdf2-sha256$20000$Z29vZ2xl$PtFLyZHJJucUa2KBg1iJeVJsivis8JimRhFifRRKlFc
print('is the HASH_DEMO a valid pbkdf2_sha256 algorithm? >>>', pbkdf2_sha256.identify(HASH_DEMO))
# True
print('is the HASH_DEMO (pbkdf2_sha256 - algorithm) with the PASSWORD: aA123456*, valid? >>>', pbkdf2_sha256.verify(PASSWORD,HASH_DEMO))
# True
# Current key generate by django 1.8 [HASH_DJANGO]
HASH_DJANGO = [{"model": "auth.user", "fields": {"password": "pbkdf2_sha256$20000$VVEU1GnGCr0M$7ZtXwcAIAZXICBYXb82FVeCJAjdfWrBZ11gVzb2UGVc=", "last_login": "2019-01-07T15:30:38.959Z", "is_superuser": True, "username": "romel", "first_name": "", "last_name": "", "email": "", "is_staff": True, "is_active": True, "date_joined": "2018-11-02T18:07:14Z", "groups": [1], "user_permissions": [1]}, "pk": 2}]
print('is HASH_DJANGO is valid pbkdf2_sha256 algorithm? >>>', pbkdf2_sha256.identify(HASH_DJANGO[0]['fields']['password']))
# result: False
print('is HASH_DJANGO is valid django_pbkdf2_sha256 algorithm? >>>', django_pbkdf2_sha256.identify(HASH_DJANGO[0]['fields']['password']))
# result: True
print('is HASH_DJANGO (django_pbkdf2_sha256 - algorithm) with the PASSWORD: aA123456*, valid?', django_pbkdf2_sha256.verify(PASSWORD, HASH_DJANGO[0]['fields']['password']))
# result: True
# The django password property has the hash in base64, and the salt not, so, the salt must have to be pass to base64 format to make it work.
SAL_B64 = base64.b64encode(b'VVEU1GnGCr0M')
print('SAL_B64 >>>', SAL_B64) # >>> VlZFVTFHbkdDcjBN
# firebase auth:import sandbox/account_file.csv --hash-algo=PBKDF2_SHA256 --rounds=20000 --project <project_name>
#
# account_file.csv
# 555000444,[email protected],false,7ZtXwcAIAZXICBYXb82FVeCJAjdfWrBZ11gVzb2UGVc=,VlZFVTFHbkdDcjBN,,,,,,,,,,,,,,,,,,,,,,
Ref: https://groups.google.com/forum/#!topic/firebase-talk/GsvvjuDZ42A
romelgomez
on 14 Jan 2019
awesome! glad you figured it out!
bkendall
on 14 Jan 2019
Related issues
DragonOsman
路
3Comments
FluorescentHallucinogen
路
3Comments
adam-remotesocial
路
3Comments
Symbolk
路
3Comments
satishverma143
路
4Comments
Most helpful comment
awesome! glad you figured it out!