我正在尝试在成功提交后使用 PBKDF2PasswordHasher 对我的userPass字段进行哈希处理,并在提交时检查userNm字段是否已存在。
我有 modelform :
class RegistrationForm(ModelForm):
userPass = forms.CharField(widget=forms.PasswordInput, label='Password')
class Meta:
model = Client
fields = ['userNm','userPass']
def clean_RegForm(self):
cleanedUserName = self.cleaned_data.get('userNm')
if Client.objects.filter(userNm=cleanedUserName).exists():
errorMsg = u"Error occurred."
raise ValidationError(errorMsg)
else:
return cleanedUserName
hasher.py 文件,用于为PBKDF2PasswordHasher定义自定义定义:
from django.contrib.auth.hashers import PBKDF2PasswordHasher
class PBKDF2PasswordHasher(PBKDF2PasswordHasher):
iterations = PBKDF2PasswordHasher.iterations * 100
视图
def Registration(request):
RegForm = RegistrationForm(request.POST or None)
if request.method == 'POST':
if RegForm.is_valid():
clearUserName = RegForm.cleaned_data['userNm']
clearPassNoHash = RegForm.cleaned_data['userPass']
clearPass = make_password(clearPassNoHash.encode("utf-8"),bcrypt.gensalt(14))
RegForm.save()
try:
return HttpResponseRedirect('/Newuser/?userNm=' + clearUserName)
except:
raise ValidationError(('Invalid request'), code='300') ## [ TODO ]: add a custom error page here.
else:
RegForm = RegistrationForm()
return render(request, 'reuse/register.html', {
'RegForm': RegForm
})
settings.py 有:
PASSWORD_HASHERS = (
'MyApp.hashers.MyPBKDF2PasswordHasher',
'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
'django.contrib.auth.hashers.BCryptPasswordHasher',
)
它目前在下一页输出userNm,并将userNm和userPass保存到数据库,但userPass是明文。
我在这里做错了什么?有人可以帮忙吗?