Cannot create a superuser (hasher not found: django_sha2.hashers.BcryptHMACCombinedPasswordVerifier)

[mathjazz]

In order to use the admin interface, I have to create a super user first. But I'm getting the following error in an unmodified Playdoh:

vagrant@lucid32:~/project$ ./manage.py createsuperuser /home/vagrant/project/vendor/lib/python/django/conf/init.py:110: DeprecationWarning: The SECRET_KEY setting must not be empty. warnings.warn("The SECRET_KEY setting must not be empty.", DeprecationWarning) /home/vagrant/project/vendor/lib/python/django/utils/translation/init.py:63: DeprecationWarning: Translations in the project directory aren't supported anymore. Use the LOCALE_PATHS setting instead. DeprecationWarning) Username (leave blank to use 'vagrant'): mathjazz E-mail address: one@two.com Password: Password (again): Traceback (most recent call last): File "./manage.py", line 27, in manage.main() File "/home/vagrant/project/vendor/src/funfactory/funfactory/manage.py", line 143, in main execute_manager(current_settings) File "/home/vagrant/project/vendor/lib/python/django/core/management/init.py", line 459, in execute_manager utility.execute() File "/home/vagrant/project/vendor/lib/python/django/core/management/init.py", line 382, in execute self.fetch_command(subcommand).run_from_argv(self.argv) File "/home/vagrant/project/vendor/lib/python/django/core/management/base.py", line 196, in run_from_argv self.execute(_args, _options.dict) File "/home/vagrant/project/vendor/lib/python/django/core/management/base.py", line 232, in execute output = self.handle(_args, _options) File "/home/vagrant/project/vendor/lib/python/django/contrib/auth/management/commands/createsuperuser.py", line 124, in handle User.objects.db_manager(database).create_superuser(username, email, password) File "/home/vagrant/project/vendor/lib/python/django/contrib/auth/models.py", line 164, in create_superuser u = self.create_user(username, email, password) File "/home/vagrant/project/vendor/lib/python/django/contrib/auth/models.py", line 159, in create_user user.set_password(password) File "/home/vagrant/project/vendor/lib/python/django/contrib/auth/models.py", line 294, in set_password self.password = make_password(raw_password) File "/home/vagrant/project/vendor/lib/python/django/contrib/auth/hashers.py", line 62, in make_password hasher = get_hasher(hasher) File "/home/vagrant/project/vendor/lib/python/django/contrib/auth/hashers.py", line 107, in get_hasher load_hashers() File "/home/vagrant/project/vendor/lib/python/django/contrib/auth/hashers.py", line 84, in load_hashers raise ImproperlyConfigured("hasher not found: %s" % backend) django.core.exceptions.ImproperlyConfigured: hasher not found: django_sha2.hashers.BcryptHMACCombinedPasswordVerifier vagrant@lucid32:~/project$

[fwenzel]

@kumar303 is this fallout from the upgrade to bcrypt by default? Is the vendor submodule pointing to the latest playdoh-lib?

[fwenzel]

@mathjazz also check out: https://github.com/fwenzel/django-sha2/issues/14 -- though that Issue indicates it works out of the box, just not when upgrading.

[kumar303]

@mathjazz did you run pip install -r requirements/compiled.txt? It looks like you might be missing py-bcrypt

[mathjazz]

Thanks @fwenzel and @kumar303. To be precise, it happend after I upgraded playdoh to the latest version.

Running 'pip install -r requirements/compiled.txt' gives me:

vagrant@lucid32:~/pontoon$ pip install -r requirements/compiled.txt Requirement already satisfied: Jinja2==2.5.5 in /usr/local/lib/python2.6/dist-packages (from -r requirements/../vendor/src/funfactory/funfactory/requirements/compiled.txt (line 2)) Requirement already satisfied: MySQL-python==1.2.3c1 in /usr/local/lib/python2.6/dist-packages (from -r requirements/../vendor/src/funfactory/funfactory/requirements/compiled.txt (line 1)) Requirement already satisfied: py-bcrypt==0.2 in /usr/local/lib/python2.6/dist-packages (from -r requirements/../vendor/src/funfactory/funfactory/requirements/compiled.txt (line 5)) Installing collected packages: Jinja2, MySQL-python, py-bcrypt Successfully installed vagrant@lucid32:~/pontoon$

And it still doesn't work.

[kumar303]

ok, huh, I had this problem when I upgraded too but I never found the culprit or missing settings. I'd suggest building a new playdoh project with the funfactory installer and comparing the new base/local settings with your old base/local ones. Please report back if you find out where the mismatch is.

[mathjazz]

The problem was my settings.HMAC_KEYS key was empty. Maybe we should add a comment to local.py-dist to let people know they have to set the HMAC_KEYS in order to use admin.

[fwenzel]

Interesting. @kumar303 do you still have your dev setup of the app where this occurred so you can try and confirm if the missing setting is it?

[kumar303]

I'm pretty sure I had an empty HMAC_KEYS dict too. Since I wasn't using bcrypt (the site didn't have users) it was intuitive to me to disable the feature like this:

HMAC_KEYS = {
    # disabled:
    #'2012-07-06': 'DisabledKey',
}

Maybe django_sha2 could support that case without a traceback?

[fwenzel]

Hmm. In Issue #112 you made bcrypt+hmac the default, which I support. However, that needs configuration. If you don't configure it, you can't use bcrypt+hmac. So I don't really know how to reconcile this :-/

I guess one option would be to carry on (throw a warning maybe) and only explode if you actually try to hash something? That'll be a little more graceful but ironically will still not fix this particular bug (you need to hash a password to create a superuser). But at least, then you'd know what's wrong, which is MUCH better than the current error message.