我有以下视图类:
class LoginView(View):
form_class = LoginForm
template_name = 'workoutcal/login.html'
def post(self, request):
form = self.form_class(request.POST)
if form.is_valid():
email = form.cleaned_data['email']
password = form.cleaned_data['password']
user = authenticate(email = email, password = password)
if user is not None:
if user.is_active:
login(request, user)
return calendar(request)
else:
return render(request, self.template_name, {'form':form})
else:
form['custom_error_message'] = 'Invalid user'
return render(request, self.template_name, {'form':form})
def get(self, request):
form = self.form_class(None)
return render(request, self.template_name, {'form':form})
这个模板:
的login.html
{% extends "workout/base.html" %}
{% block logoutwidget %}{% endblock %}
{% block content %}
<form action="/workoutcal/login/">
{% include "workoutcal/form_disp_errors.html" %}
<input type="submit" value="Log in">
</form>
{% endblock %}
form_disp_errors.html
{% csrf_token %}
{{ form.custom_error_message }}
{{ form.non_field_errors }}
{% for field in form.visible_fields %}
<div class="row">
<div class="col-xs-2">
{{ field.label_tag }}
</div>
<div class="col-xs-2">
{{ field }}
</div>
<div class="col-xs-3">
{{ field.errors }}
</div>
</div>
{% endfor %}
当我去exercisecal / login时,输入一个不正确的用户名和密码(用户不存在),页面再次转到workoutcal / login,但是这个url:
http://localhost:8000/workoutcal/login/?csrfmiddlewaretoken=ZywQUh7gnNfaHi8FcA3be4ynLB7SpGgwdJ0UxGzUuRYp0G0Y9LQ9e24Jx8Q1OD3Y&email=myemail%40hotmail.com&password=MYPASSWORD
正如您在链接末尾所看到的,显示密码。这显然不太好。但是,我无法理解为什么会这样。有什么想法吗?
答案 0 :(得分:2)
您必须使用HTTP方法POST,因为您必须将属性method="post"设置为表单标记。像那样:
<form method="post" action="/workoutcal/login/" >
使用方法POST请求将在HTTP message body instead of URL中发送查询字符串(键/值对)。
注意:考虑使用PUT / PATCH更新对象,使用DELETE删除RESTful API(默认情况下,Django将在所有这些情况下使用方法POST)。