Cann't import_users in Django
-
I'm running Django 2.2.4 with the default
PASSWORD_HASHESsetting. I'm trying to bulk import our users withimport_users. The bulk import works for all of the fields I care about, except the password. The user is unable to login. My code generates this payload:{"users": [{"active": true, "sendSetPasswordEmail": false, "skipVerification": true, "email": "<email address>@outsideinc.com", "id": "2ba87aa2-033c-44e5-8251-cbf2ecc07d8a", "registrations": [{"applicationId": "ac5656bb-08e7-4433-b5a6-05a7652d756c", "roles": ["user", "free_membership", "registered"]}], "encryptionScheme": "salted-pbkdf2-hmac-sha256", "factor": 150000, "salt": "DxFgAtoVimgE", "password": "wZzgYlJnnTiJ/HaS1XSx+uCsmC3To5FMQ1yMGqX//8s="}], "validateDbConstraints": true}which is derived from this password entry:
'pbkdf2_sha256$150000$DxFgAtoVimgE$wZzgYlJnnTiJ/HaS1XSx+uCsmC3To5FMQ1yMGqX//8s='I'm not able to login to this users account on fusion auth using their password, but the password does hash correctly in Django:
>>> User.objects.get(email='<email>@outsideinc.com').check_password('0p;/)P:?') TrueHow am I misusing the
import_usersend point? -
If I copy your request body into the import API, I get a failure. Are you sure you want to set the
sendSetPasswordEmailattribute as it doesn't look to be available for use on the import API? This error is likely due to the fact you are setting a password, salt, factor, and hash already (so no need to have the user "set" a password at creation).The same goes for the
skipVerfiicationattribute (not valid on this endpoint).Can you validate the user you import shows up in the admin UI under users?
My command/curl:
curl --request POST \ --url https://local.fusionauth.io/api/user/import \ --header 'Authorization: ---------------' \ --header 'Content-Type: application/json' \ --header 'X-FusionAuth-TenantId: -----------' \ --data '{ "users": [ { "active": true, "sendSetPasswordEmail": false, "skipVerification": true, "email": "\u003cemail address\u003e@outsideinc.com", "id": "2ba87aa2-033c-44e5-8251-cbf2ecc07d8a", "registrations": [ { "applicationId": "ac5656bb-08e7-4433-b5a6-05a7652d756c", "roles": [ "user", "free_membership", "registered" ] } ], "encryptionScheme": "salted-pbkdf2-hmac-sha256", "factor": 150000, "salt": "DxFgAtoVimgE", "password": "wZzgYlJnnTiJ/HaS1XSx+uCsmC3To5FMQ1yMGqX//8s\u003d" } ], "validateDbConstraints": true }'And the errors section (first example shown only)
{ "generalErrors": [ { "code": "[invalidJSON]", "message": "Invalid JSON in the request body. The property was [users.sendSetPasswordEmail]. The error was [Unrecognized property]. The detailed exception was [Unrecognized field \"sendSetPasswordEmail\"Once we validate you can get the user to import correctly, the next step is to make sure you are setting the users
salt,hash, and other cryptographic passwords setting correctly per how the users' password was previously created.Thanks,
Josh -
@engineering-0 said in Cann't import_users in Django:
wZzgYlJnnTiJ/HaS1XSx+uCsmC3To5FMQ1yMGqX//8s=
I don't know why .. if I Base64 encode your salt
DxFgAtoVimgEtoRHhGZ0F0b1ZpbWdFit works. Not sure why this would be the case, the value looks to be Base64 encoded already.@Test public void django_test() { PBKDF2HMACSHA256PasswordEncryptor encryptor = new PBKDF2HMACSHA256PasswordEncryptor(); String hash = encryptor.encrypt("0p;/)P:?", "RHhGZ0F0b1ZpbWdF", 150_000); assertEquals(hash, "wZzgYlJnnTiJ/HaS1XSx+uCsmC3To5FMQ1yMGqX//8s="); }Can you try importing the salt pulled from Django after Base64 encoding the value, and see if that works?
-
@engineering-0 Try this:
users = [] for user in User.objects.all(): user_data = {} ... encryption_scheme = "salted-pbkdf2-hmac-sha256" algorithm, iterations, salt, password_hash = user.password.split('$') salt = base64.b64encode(salt.encode('utf-8')).decode('utf-8') user_data['password'] = password_hash user_data['encryptionScheme'] = encryption_scheme user_data['factor'] = int(iterations) user_data['salt'] = salt users.append(user_data)
