检查现有密码并重置密码

时间:2013-05-22 20:25:19

标签: django django-models django-forms django-admin django-views

views.py保存密码:

elif 'reset_password' in request.POST:
    if request.POST['reset_password'].strip():
    saveuser = User.objects.get(id=user.id)
    saveuser.set_password(request.POST['reset_password']);
    saveuser.save()
    userform = UserForm(instance=saveuser)
    return redirect('incident.views.about_me')

弹出框以获取旧密码和新密码

<div id="overlay_form" style="display:none">
    <form  method="post" action=".">
        {% csrf_token %}
        <h2>Reset Password</h2><br />
        <table>
      <tr><td>Enter your old password</td><td>
        <input type="text" name="old_password" id="old_password" maxlength="30" /></td></tr>
      <tr><td>Enter your new password</td><td><input type="text" name="new_password" id="new_password" maxlength="30" /></td></tr>
     <tr><td>Confirm your new password</td><td><input type="text" name="reset_password" id="reset_password" maxlength="30" /></td></tr>
      </table>
        <div style="width:180px;float:right;margin:20px 5px 0 10px">
            {% include "buttons/save.html" %}
            <button style="margin-right:10px;" type="button" id="close" name="cancel" class="forward backicon">
                <img src="{{ STATIC_URL }}images/button-icon-ir-back.png" width="12" height="17" alt="" />
            Cancel</button>
        </div>
    </form>
</div>

我可以保存新密码,但我想了解以下内容

  • 如何使用现有密码检查输入的旧密码是否正确。

  • 如何验证新密码字段并确认密码字段。哪种验证更适合执行。

需要一些帮助。

4 个答案:

答案 0 :(得分:1)

Django Code检查用户输入的密码是否与实际旧密码匹配;如果没有,则以django形式引发验证错误。另外,如果两个密码都匹配,请更新密码。

经过测试(Django 1.10,Python 3.4)

forms.py

来自django导入表格

class changePassForm(forms.Form):

old_password_flag = True #Used to raise the validation error when it is set to False

old_password = forms.CharField(label="Old Password", min_length=6, widget=forms.PasswordInput())
new_password = forms.CharField(label="New Password", min_length=6, widget=forms.PasswordInput())
re_new_password = forms.CharField(label="Re-type New Password", min_length=6, widget=forms.PasswordInput())

def set_old_password_flag(self): 

#This method is called if the old password entered by user does not match the password in the database, which sets the flag to False

    self.old_password_flag = False

    return 0

def clean_old_password(self, *args, **kwargs):
    old_password = self.cleaned_data.get('old_password')

    if not old_password:
        raise forms.ValidationError("You must enter your old password.")

    if self.old_password_flag == False:
    #It raise the validation error that password entered by user does not match the actucal old password.

        raise forms.ValidationError("The old password that you have entered is wrong.")

    return old_password

views.py

def设置(请求):

if request.user.is_authenticated:

    form = changePassForm(request.POST or None)

    old_password = request.POST.get("old_password")
    new_password = request.POST.get("new_password")
    re_new_password = request.POST.get("re_new__password")

    if request.POST.get("old_password"):

        user = User.objects.get(username= request.user.username)

        #User entered old password is checked against the password in the database below.
        if user.check_password('{}'.format(old_password)) == False:
            form.set_old_password_flag()

    if form.is_valid():

        user.set_password('{}'.format(new_password))
        user.save()
        update_session_auth_hash(request, user)

        return redirect('settings')

    else:
        return render(request, 'settings.html', {"form": form})

else:
    return redirect('login')

settings.html

<h1>Settings Page</h1>

<h2>Change Password</h2>

<form action="" method="POST">

    {% csrf_token %}

    {{ form.as_p }}

    <input type="Submit" value="Update"></input>

</form>

答案 1 :(得分:0)

这是您在set_password之前检查旧密码的方法,

user.check_password(request.POST['reset_password'])

另外,请按以下方式检查密码确认。

elif 'reset_password' in request.POST:
    old_password = request.POST['old_password'].strip()
    reset_password = request.POST['reset_password'].strip()
    new_password = request.POST['new_password'].strip()

    if old_password && reset_password && reset_password == new_password:
        saveuser = User.objects.get(id=user.id)
        if user.check_password(old_password):
            saveuser.set_password(request.POST['reset_password']);
            saveuser.save()

            userform = UserForm(instance=saveuser)

        return redirect('incident.views.about_me')

使用form是一种更好的方法。

答案 2 :(得分:0)

<form class="form-horizontal" action="/your_views/reset_password/" method="post">
                            {% csrf_token %}
                            <div class="form-group">
                                <div class="col-md-12">
                                    <input type="password" placeholder="Old password" id="old_password" name="old_password" autocomplete="off" required class="form-control">
                                </div>
                            </div>
                            <div class="form-group">
                                <div class="col-md-12">
                                    <input type="password" placeholder="New password" id="password1" name="password1" autocomplete="off" required class="form-control">
                                </div>
                            </div>
                            <div class="form-group">
                                <div class="col-md-12">
                                    <input type="password" placeholder="Re-new password" id="password2" name="password2" autocomplete="off" required class="form-control">
                                </div>
                            </div>
                            <div class="form-group">
                                <div class="col-md-12">
                                    <button type="submit" class="btn btn-block btn-success" style="background: #00A79D;">Reset</button>
                                </div>
                            </div>                         
                        </form>

答案 3 :(得分:0)

我实现了一种使用JWT登录的方法,它的作用是:

  1. 获取随请求发送的电子邮件和密码,然后 将其转换为字符串变量
  2. 我检查电子邮件是否已经 我创建的自定义用户模型中存在。
  3. 如果用户已经 存在,我将对象模型转换为字典,以便可以获取 其特定的密码。
  4. 因为我与密码匹配 对应于用户型号和随密码一起发送的密码 发布请求。
  5. 如果电子邮件存在于用户模型中,并且与该用户模型相对应的密码与发布请求中发送的密码匹配,那么我将使用pyJWT将JWT与我的自定义数据一起使用并返回响应。
  6. 在所有其他情况下,电子邮件和密码不匹配,我返回“不匹配”

假设请求为{“ email”:“ xyz@gmail.com”,“ password”:“ 12345”}

    @api_view(['POST'])
    def signin(request):

    email = list(request.data.values())[0] #gets email value from post request {"email":"xyz@gmail.com", "password":"123"} -> this xyz@gmail.com
    password = list(request.data.values())[1] #gets password value from post request {"email":"xyz@gmail.com", "password":"123"} -> this 123

    usr = User.objects.filter(email=email).exists() #checks if email exists
    if usr:
      dictionary = User.objects.filter(email=email).values()[0] #converts object to dictionary for accessing data like dictionary["password"] dictionary["first_name"] etc
      if usr and dictionary["password"] == password: #check if email and its corresponing password stored matches the password that is sent
        branch = dictionary["branch"]
        id = dictionary["id"]
        encoded_jwt = jwt.encode({'email': email,}, 'secret', algorithm='HS256')
        return Response({'token':encoded_jwt,'email':email,'branch':branch,'id':id})
      else: 
        return Response({'No Match'})
    return Response({'No Match'})