使用包含标签登录每个页面:示例和疑问

时间:2013-04-16 07:48:33

标签: django django-models django-forms django-templates django-views

我需要在项目的每个页面上都有一个登录表单,我正在使用inclusion tags来实现它。使用django文档和一些例子this one,我到目前为止编写了以下代码:

  • 项目树:

    myProj
    ├── myProj
    │   └── settings.py
    ├── celeryPy2
    │   ├── forms.py
    │   ├── templatetags
    │   │   └── my_tags.py
    │   ├── urls.py
    │   └── views.py
    └── templates
        ├── base.html
        └── celeryPy2
            ├── login.html
            └── start.html
    
  • urls.py

    from django.contrib.auth.views import login, logout
    
    urlpatterns = patterns('celeryPy2.views',
        url(r'^$',    'start',   name='start'),
        url(r'^accounts/login/$', login,  name='login'),
        url(r'^accounts/logout/$', logout, {'next_page':'/celeryPy2'}, name='logout'),
    )
    
  • views.py

    def start(request):
        return render_to_response('celeryPy2/start.html', {},
                                  context_instance=RequestContext(request))
    
  • 的start.html

    {% extends "base.html" %}
    {% block title %}celeryPy2 start page{% endblock title %}
    {% block content %}
    {% load my_tags %}
    {% login_form %}
    {% endblock content %}
    
  • base.html文件

    <!DOCTYPE html>
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head><meta charset="utf-8" /><title>celeryPy2</title></head>
    <body>
        <div id="header">{% block header %}{% endblock %}</div>
        <div id="content">{% block content %}{% endblock %}</div>
        <footer id="footer">{% block footer %}{% endblock %}</footer>
    </body>
    </html>
    
  • my_tags.py

    from django import template
    register = template.Library()
    
    from celeryPy2.forms import UserForm
    
    @register.inclusion_tag('celeryPy2/login.html', takes_context=True)
    def login_form(context):
        form = UserForm
        user = context['user']
        return {'form': form,'user': user}
    
  • forms.py

    class UserForm(ModelForm):
        class Meta:
            model = User
            fields = ('username','password')
    
  • 的login.html

    {% if not user.is_authenticated %}
        <form  id="idLogInForm" method="post" action="{% url 'django.contrib.auth.views.login' %}?next=/celeryPy2" class="loginForm">{% csrf_token %}
            {{ form.as_p }}
            <button id="idLogInSubmit" name="idLogInSubmit" type="submit">Login</button>
        </form>
    {% else %}
        <form id="idLogOutForm" method="post" action="{% url 'django.contrib.auth.views.logout' %}">{% csrf_token %}
            <span id="welcomeUserId" class="welcomeUserClass">Welcome, <strong>{{ user.username }}</strong></span>
            <button id="idLogOutSubmit" name="idLogOutSubmit" type="submit">Logout</button>
        </form>
    {% endif %}
    

我有以下问题和怀疑:

  1. 这是实现它的正确方法还是我可以解决安全问题?
  2. 当我插入错误的用户凭据时,我正确地收到错误Please enter a correct username and password. Note that both fields may be case-sensitive.,并且浏览器网址栏设置为/celeryPy2/accounts/login/?next=/celeryPy2。但是,如果我尝试重新登录,它会尝试访问不存在的网址/accounts/profile/。为什么?我必须说我的settings.py中没有LOGIN_URLLOGIN_REDIRECT_URL [已解决,见下文]
  3. 为什么我得到带有明文的密码输入字段,而不是掩盖的字符应该隐藏? [已解决,见下文]
  4. 为什么我在用户名输入字段旁边显示标签Required. 30 characters or fewer. Letters, numbers and @/./+/-/_ characters [已解决,见下文]
  5. 这是我发现在每个页面中重用代码插件的方式,尽可能使用django内置功能。对我来说这看起来有点棘手(涉及很多文件)并且可能还有待完善,但我发现这是完成任务的最简单方法。 欢迎任何其他更好的想法!

1 个答案:

答案 0 :(得分:0)

我已经通过以下代码修改解决了第2,3和4点:

  • urls.py

    from django.contrib.auth.views import login, logout
    
    urlpatterns = patterns('celeryPy2.views',
        url(r'^$',    'start',   name='start'),
        url(r'^login/$', login, {'template_name':'celeryPy2/login.html'},  name='login'),
        url(r'^logout/$', logout, {'next_page':'/celeryPy2'}, name='logout'),
    )
    
  • forms.py

    from django.forms import CharField
    from django.forms import ModelForm, PasswordInput
    from django.contrib.auth.models import User
    
    class UserForm(ModelForm):
        username = CharField()
        class Meta:
            model = User
            fields = ('username','password')
            widgets = {'password': PasswordInput()}
    
  • 的login.html

    {% if not user.is_authenticated %}
        <form  id="idLogInForm" method="post" action="{% url 'login' %}" class="loginForm">{% csrf_token %}
            {{ form.as_p }}
            <button id="idLogInSubmit" name="idLogInSubmit" type="submit">Login</button>
        </form>
    {% else %}
        <form id="idLogOutForm" method="post" action="{% url 'logout' %}">{% csrf_token %}
            <span id="welcomeUserId" class="welcomeUserClass">Welcome, <strong>{{ user.username }}</strong></span>
            <button id="idLogOutSubmit" name="idLogOutSubmit" type="submit">Logout</button>
        </form>
    {% endif %}
    

最后我将LOGIN_REDIRECT_URL='/celeryPy2'添加到myProj / settings.py。

第1点仍然是开放的:这个实现是好的还是导致安全问题?