How to migrate users from Magento to Odoo including passwords

this is an article for developers

During the migration of our customer's webshop from Magento 1.9 to Odoo we came across the migration of the users. There is no Odoo plugin that is able to migrate users from Magento including the passwords. This is understandable because Magento uses a different method of encryption/hashing of the passwords, which is not compatible to the method that Odoo uses.

So there are basically two ways to work around that issue:

  1. We force the users to reset their password after they login the first time on the new Odoo shop.
  2. We copy the method of Magento into Odoo to validate the password after the first login. After successful validation, we update the password with the standard Odoo password method.

The second option offers the best user experience. Every manual step that a user needs to do will loose some users. So we decided to go for the second option.

Using the password hashing method from Magento 1.9 in Odoo

Password hashing method of Magento 1.9 is quite simple:

// From app/code/core/Mage/Core/Model/Encryption.php
public function getHash($password, $salt = false)
if (is_integer($salt)) {
$salt = $this->/*_helper->*/getRandomString($salt);
return $salt === false ? $this->hash($password) : $this->hash($salt . $password) . ':' . $salt;

That basically means, that there will be a random string - so called salt used to prefix the password before it gets hashed by MD5. This salt will then be added in clear text after a colon ":" to the user's password.

To verify the password in Odoo/Python can be done like this:

hashed_password, salt = hashed.split(':')
if salt:
return hashed_password == f'{hashlib.md5((salt + password).encode()).hexdigest()}'
return False

Need support for your Odoo project?