我在Django中创建了一个自定义用户注册表单/视图,以便我可以通过不同的模型包含其他用户属性。我已经使用set_password将新创建的用户的密码设置为在表单中输入的密码,但我发现保存的密码没有经过哈希处理。
形式:
class UserForm(forms.ModelForm):
password = forms.CharField(widget=forms.PasswordInput())
class Meta:
model = User
fields = ('username', 'email', 'password')
class StudentForm(forms.ModelForm):
class Meta:
model = Student
fields = ('theclass',)
widgets = {
'theclass': forms.CheckboxSelectMultiple(),
}
class TeacherForm(forms.ModelForm):
class Meta:
model = Teacher
fields = ('theclass',)
widgets = {
'theclass': forms.CheckboxSelectMultiple(),
}
视图:
def register_student(request):
context = RequestContext(request)
registered = False
if request.method == 'POST':
user_form = UserForm(data=request.POST)
student_form = StudentForm(data = request.POST)
if user_form.is_valid() and student_form.is_valid():
user = user_form.save()
user.set_password(user.password)
user.save
student = student_form.save(commit = False)
student.user = user
student.save()
registered = True
else:
user_form = UserForm()
student_form = StudentForm()
return render_to_response('classapp/register_student.html', {'user_form': user_form, 'student_form': student_form, 'registered': registered}, context)
def register_teacher(request):
context = RequestContext(request)
registered = False
if request.method == 'POST':
user_form = UserForm(data=request.POST)
teacher_form = TeacherForm(data = request.POST)
if user_form.is_valid() and teacher_form.is_valid():
user = user_form.save()
user.set_password(user.password)
user.save
teacher = teacher_form.save(commit = False)
teacher.user = user
teacher.save()
registered = True
else:
user_form = UserForm()
teacher_form = TeacherForm()
return render_to_response('classapp/register_teacher.html', {'user_form': user_form, 'teacher_form': teacher_form, 'registered': registered}, context)
当我通过此表单注册用户时,登录无效。我检查了Admin上的用户信息,发现密码字段说: 无效的密码格式或未知的散列算法。 我还同步了db并打开了shell并手动检索了使用我的注册表创建的用户对象,发现用户密码没有被哈希,如下所示:
>>> from django.contrib.auth.models import User
>>> user = User.objects.get(username = "username")
>>> user.password
u'password'
>>> user = User.objects.get(username = "superuser")
>>> user.password
u****hashed password****
使用Admin创建的用户已经对其密码进行了哈希处理,但我的自定义表单没有。文档说set_password(raw_password)会自动处理哈希。
答案 0 :(得分:13)
set_password仅创建哈希密码;它不会保存数据中的值。请致电save()以实际保存。
在您的观点中,我认为应该是
user.save()
以下
user.set_password(user.password)
您没有写括号(括号)。这就是为什么在散列密码后没有调用save方法的原因。
答案 1 :(得分:0)
2021 年 7 月 25 日的答案更新
set_password 方法适用于 django 3.2 版
确保变量不传递空值。对于开发,您可以在传递给 set_password 方法之前进行打印。
def user_register(request):
if (request.method == 'POST'):
username = request.POST.get('username')
password = request.POST.get('password')
print(password, type(password))
#make sure the password not passed null
user = User.objects.create_user(
email=email,
name=username,
password=password,
)
user.set_password(password)
user.save()
你如何使用 django shell 进行测试。
python manage.py shell
from .models import user_type, User
user = User.objects.create_user(email="ll55@gmail.com",password="uU123456",name="le5")
user.set_password("uU123456")
user.save()
u = User.objects.get(name="as6")
u.name
u.password