From f708db3611cb6210d7d50a7531868e838f603093 Mon Sep 17 00:00:00 2001
From: Klaus-Uwe Mitterer <git@kumi.email>
Date: Sat, 15 Feb 2020 16:01:33 +0100
Subject: [PATCH] Make Argon2 default password hasher

---
 expcs/settings.py | 9 +++++++++
 requirements.txt  | 1 +
 2 files changed, 10 insertions(+)

diff --git a/expcs/settings.py b/expcs/settings.py
index 096c6b5..9ca0471 100644
--- a/expcs/settings.py
+++ b/expcs/settings.py
@@ -82,6 +82,15 @@ DATABASES = {
     }
 }
 
+# Password hasher
+# https://docs.djangoproject.com/en/3.0/topics/auth/passwords/#how-django-stores-passwords
+
+PASSWORD_HASHERS = [
+    'django.contrib.auth.hashers.Argon2PasswordHasher',
+    'django.contrib.auth.hashers.PBKDF2PasswordHasher',
+    'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
+    'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
+]
 
 # Password validation
 # https://docs.djangoproject.com/en/3.0/ref/settings/#auth-password-validators
diff --git a/requirements.txt b/requirements.txt
index 18c098a..118a4dc 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1 +1,2 @@
+django[argon2]
 mysqlclient