Hello,
I would like to migrate a user database from an old (non-Plone) website to Plone 6. The passwords in that database are stored as MD5 hashes generated with htpasswd. What is the best approach to do this? As far as I understand, this will require a custom PAS plugin, which likely already exists. I would be grateful if someone could point me in the right direction.
Can't you just create new users in the Plone site with the same password of the htpasswd file?
That would have been easy, but htpasswd contains MD5 hashes rather than actual passwords, i.e. I don't know the passwords.
Send the link with password reset, you cannot reverse an hash.
Maybe worth a try:
you could register your own AuthEncoding digest like done here: AuthEncoding/src/AuthEncoding/AuthEncoding.py at master · zopefoundation/AuthEncoding · GitHub
example (untested):
from AuthEncoding.AuthEncoding import constant_time_compare
from AuthEncoding.AuthEncoding import registerScheme
import hashlib
class MD5DigestScheme:
def _encrypt(self, pw):
return hashlib.md5(pw).hexdigest()
def validate(self, reference, attempt):
compare = self._encrypt(attempt)
return constant_time_compare(compare, reference)
registerScheme("MD5", MD5DigestScheme())
Then you create the user like collective.exportimport does here: collective.exportimport/src/collective/exportimport/import_other.py at main · collective/collective.exportimport · GitHub
you have to make sure that your MD5 password hash is prefixed with {MD5} ... then it gets imported 1:1 since we've registered our MD5 authencoding scheme.
2 Likes
I'm wrong, you've, as @petschki show above, to import the hashes and have the same algorithm of .htpasswd.