DEV Community

loading...
JetRockets

Migrating user passwords from Django to Ruby

Igor Alexandrov
Originally published at jetrockets.pro ・1 min read

One of our clients asked us to migrate his existing Django application to Ruby. A part of this process was a migration of an existing users database.
Of course we had to find a way to use existing crypto passwords from Django and not asking our users to reset them

Passwords in Django are stored as a string that consists of four parts splitted with a dollar sign.

<algorithm>$<iterations>$<salt>$<hash>

By default, Django uses the PBKDF2 algorithm with a SHA256 hash. I found a rather outdated Ruby gem that implements a Password-Based Key-Derivation Function and gave it a try.

def migrate_django_password_seamlessly(user, password)
  alg, iteration, salt, django_password = user.crypted_django_password.split('$')
  attempt = Base64.encode64(
    PBKDF2.new(password: password, salt: salt, iterations: 36000).bin_string
  ).strip

  # check if hash of user provided password equals to the password in a database
  if attempt == django_password
    user.update(password: password, password_confirmation: password)
  end
end

The method above is a part of user sign in service and called only if crypted_django_passwordcolumn from users table is not null.

Discussion (0)