quick-megabyte-21745
06/08/2022, 10:28 AMquick-megabyte-21745
06/08/2022, 10:31 AMmagnificent-energy-493
quick-megabyte-21745
06/08/2022, 10:46 AMdef decode_hash(encoded):
algorithm, iterations, salt, hash = encoded.split("$", 3)
return f"$pbkdf2-sha256$i={iterations},l=32${salt}${hash}"
def push_identities_to_kratos(apps, schema_editor):
User = apps.get_model("customers", "User")
headers = {
"Authorization": "Bearer ory_pat_xxxxxxxxxxxxxxxxxxxxxxxx",
"Content-Type": "application/json",
}
failed_users = []
for user in User.objects.all():
payload = {
"schema_id": "5b46b51c87f515485905a12d82494e5bceb13e50118d53d7902a4cbae442186afc5df852f4df49589e768780e49fae46a369c3a1d97a7127f3b2dcb4413795c2",
"traits": {
"email": user.email,
"name": {
"first": user.first_name,
"last": user.last_name,
},
},
"credentials": {
"password": {"config": {"hashed_password": decode_hash(user.password)}}
},
}
response = <http://requests.post|requests.post>(
"<https://myprojectkeythingy.projects.oryapis.com/admin/identities>",
json=payload,
headers=headers,
)
data = response.json()
errors = data.get("error")
if errors:
failed_users.append(user.id)
logger.warn(
f"Failed to migrate user to Kratos ({user.email})", error=errors
)
quick-megabyte-21745
06/08/2022, 10:47 AMpbkdf2_sha256$216000$pknum4sl85ri$g+8PPmkWp9/090lEd0MpxIjYu4d3HGPvPopkS3LaW1w=
where the password is admin123
steep-lamp-91158
steep-lamp-91158
steep-lamp-91158
quick-megabyte-21745
06/08/2022, 10:54 AMfunc TestComparepbkdf2hash(t *testing.T) {
assert.Nil(t, hash.Compare(context.Background(), []byte("admin123"), []byte("$pbkdf2-sha256$i=216000,l=32$pknum4sl85ri$pbkdf2_sha256$216000$pknum4sl85ri$g+8PPmkWp9/090lEd0MpxIjYu4d3HGPvPopkS3LaW1w=")))
}
quick-megabyte-21745
06/08/2022, 10:54 AMsteep-lamp-91158
steep-lamp-91158
steep-lamp-91158
steep-lamp-91158
$
as it doesquick-megabyte-21745
06/08/2022, 11:00 AM[131 239 15 62 105 22 167 223 244 247 73 68 119 67 41 196 136 216 187 135 119 28 99 239 62 138 100 75 114 218 91 92]
from the fn hash, err = base64.RawStdEncoding.Strict().DecodeString(parts[4])
quick-megabyte-21745
06/08/2022, 11:00 AMquick-megabyte-21745
06/08/2022, 11:01 AM$pbkdf2-sha256$i=216000,l=32$pknum4sl85ri$g+8PPmkWp9/090lEd0MpxIjYu4d3HGPvPopkS3LaW1w=
quick-megabyte-21745
06/08/2022, 11:01 AMassert.Nil(t, hash.Compare(context.Background(), []byte("admin123"), []byte("$pbkdf2-sha256$i=216000,l=32$pknum4sl85ri$g+8PPmkWp9/090lEd0MpxIjYu4d3HGPvPopkS3LaW1w")))
<- stripped for =steep-lamp-91158
RawStdEncoding is the standard raw, unpadded base64 encoding, as defined in RFC 4648 section 3.2. This is the same as StdEncoding but omits padding characters.
quick-megabyte-21745
06/08/2022, 11:04 AMsteep-lamp-91158
quick-megabyte-21745
06/08/2022, 11:15 AMotherHash
variable in the compare-func then I get a different hashquick-megabyte-21745
06/08/2022, 11:17 AM[131 239 15 62 105 22 167 223 244 247 73 68 119 67 41 196 136 216 187 135 119 28 99 239 62 138 100 75 114 218 91 92]
Other hash:
[207 124 123 50 7 138 99 189 75 62 43 103 169 234 56 43 78 61 36 233 43 47 70 138 61 179 100 37 148 55 8 23]
steep-lamp-91158
quick-megabyte-21745
06/08/2022, 11:30 AMquick-megabyte-21745
06/08/2022, 11:32 AMsalt, err = base64.RawStdEncoding.Strict().DecodeString(parts[3])
which made the pass not match. However if I assign the salt like so instead:
salt = []byte(parts[3])
it works (test passes).quick-megabyte-21745
06/08/2022, 11:34 AM[]byte(parts[3])
? Is there some formatting with base64 that I should do on the python end?steep-lamp-91158
quick-megabyte-21745
06/08/2022, 11:40 AMsteep-lamp-91158
quick-megabyte-21745
06/08/2022, 11:40 AMsteep-lamp-91158
steep-lamp-91158
quick-megabyte-21745
06/08/2022, 12:07 PMdef convert_django_to_kratos_hash(encoded):
_, iterations, salt, hash = encoded.split("$", 3)
encoded_salt = base64.b64encode(salt.encode("UTF-8")).decode("UTF-8")
stripped_hash = hash.replace("=", "")
return f"$pbkdf2-sha256$i={iterations},l=32${encoded_salt}${stripped_hash}"
steep-lamp-91158