Exporting Plone 2.5 Member Password Hashes from GRUF

Those with no idea what the subject line means can safely ignore this post. For the merely curious, this relates to my responsibility to manage a Plone-based web site for the body of churches to which I belong. For other webmasters and Plone folk, this is a tidbit I had to search quite a bit to find, which will allow me to export my user records from Plone 2.5’s GRUF (Group User Folder) system for import into another system, without losing their ability to log in with current passwords. I plan to import my users into Plone 3+.

The recipes available at plone.org were little help, as the getPassword() and _getPassword() methods seem to have been rendered inert by Plone 2.5, probably in an attempt to tighten security. But I finally managed to find this blog post about exporting member hashes from Plone 3, and was able to confirm that the essentials also work in Plone 2.5. (By the way, you can’t export the original passwords, because they are not stored on the system. Only the cryptographic hash is stored, which can be compared at login time to a hash generated from the password provided by the user.)

If you find that you want to extract your users’ password hashes, then this is what you need to do within an External Method.

acl_users = getToolByName(self, 'acl_users')
passwords = acl_users.source_users._user_passwords

Then you can use a user id as an index into passwords to find the corresponding hash. If you need help obtaining the user ids…

mtool = getToolByName(self, 'portal_membership')
for member in mtool.listMembers():
    pwhash = (passwords[member.getId()])

Leave a Reply