Changing password in Django Admin

I added this method to my UserAdmin class:

def save_model(self, request, obj, form, change):
    # Override this to set the password to the value in the field if it's
    # changed.
    if obj.pk:
        orig_obj = models.User.objects.get(pk=obj.pk)
        if obj.password != orig_obj.password:
            obj.set_password(obj.password)
    else:
        obj.set_password(obj.password)
    obj.save()

You can the show the password field normally, but admins will only see the hashed password. If they alter it, the new value is then hashed and save.

This adds a single query to each time you save a user via the admin. It should generally not be an issue, since most systems don't have admins intensively editing users.


You can also do like this, in this way you just have to write over the field password and once you will save it, it will create the hash for it :

class UserModelAdmin(admin.ModelAdmin):

    """
        User for overriding the normal user admin panel, and add the extra fields added to the user
        """


def save_model(self, request, obj, form, change):
    user_database = User.objects.get(pk=obj.pk)
    # Check firs the case in which the password is not encoded, then check in the case that the password is encode
    if not (check_password(form.data['password'], user_database.password) or user_database.password == form.data['password']):
        obj.password = make_password(obj.password)
    else:
        obj.password = user_database.password
    super().save_model(request, obj, form, change)

Put this in your UserChangeForm:

password = ReadOnlyPasswordHashField(label=("Password"),
        help_text=("Raw passwords are not stored, so there is no way to see "
                    "this user's password, but you can change the password "
                    "using <a href=\"../password/\">this form</a>."))


password = ReadOnlyPasswordHashField(label= ("Password"),
        help_text= ("Raw passwords are not stored, so there is no way to see "
                    "this user's password, but you can change the password "
                    "using <a href=\"../password/\">this form</a>."))

There is change in the href, for previous versions of django you can use

<a href=\"/password/\">this form</a>.

For django 1.9+ <a href=\"../password/\">this form</a>

Tags:

Python

Django

Django Admin

Django 1.5

Recent Posts