Django - 如何保存我的哈希密码

时间:2016-05-18 19:11:58

标签: python django hash django-views password-protection

我正在尝试在我的数据库中保存我的哈希密码,但它一直保存我的明文密码

型号: 

class StudentRegistration(models.Model):
    email = models.EmailField(max_length=50)
    first_name = models.CharField(max_length=20)
    last_name = models.CharField(max_length=20)
    password = models.CharField(max_length=100, default="", null=False)
    prom_code = models.CharField(max_length=8, default="", null=False)
    gender = (
    ("M","Male"),
    ("F","Female"),
    )
    gender = models.CharField(max_length=1, choices=gender, default="M",    null=False)
    prom_name = models.CharField(max_length=20, default="N/A")
    prom_year = models.IntegerField(max_length=4, default=1900)
    school = models.CharField(max_length=50, default="N/A")



    def save(self):
         try:
            Myobj = Space.objects.get(prom_code = self.prom_code)
            self.prom_name = Myobj.prom_name
            self.prom_year = Myobj.prom_year
            self.school = Myobj.school_name

            super(StudentRegistration, self).save()

        except Space.DoesNotExist:
            print("Error")

查看: 

def register_user(request):
    args = {}
    if request.method == 'POST':
        form = MyRegistrationForm(request.POST)     # create form object
        if form.is_valid():
            clearPassNoHash = form.cleaned_data['password']
            form.password = make_password(clearPassNoHash, None, 'md5')
            form.save()
            form = MyRegistrationForm()
            print ('se salvo')
        else:
            print ('Error en el form')
    else:
        form = MyRegistrationForm()


    args['form'] = form #MyRegistrationForm()

    return render(request, 'register/register.html', args)

我已经打印出散列结果,所以我知道它是哈希但不能保存。

我使用make_password错了吗?或者有更好的方法来保护我的密码吗?

-------------------------- 更新:(解决方案) -------- --------------------

记住在settings.py中:

#The Hasher you are using
PASSWORD_HASHERS = (
    'django.contrib.auth.hashers.MD5PasswordHasher',
)

Models.py:

#Import and add the AbstractBaseUser in your model

class StudentRegistration(AbstractBaseUser, models.Model):

Views.py:

if form.is_valid():
    user = form.save(commit=False)
    clearPassNoHash = form.cleaned_data['password']
    varhash = make_password(clearPassNoHash, None, 'md5')
    user.set_password(varhash)
    user.save()

2 个答案:

答案 0 :(得分:4)

在文档

中使用Django set_password

https://docs.djangoproject.com/en/1.9/ref/contrib/auth/

您还需要使用form.save(commit = False)

从表单中获取模型对象 
if form.is_valid():
    # get model object data from form here
    user = form.save(commit=False)

    # Cleaned(normalized) data
    username = form.cleaned_data['username']
    password = form.cleaned_data['password']

    #  Use set_password here
    user.set_password(password)
    user.save()

答案 1 :(得分:-1)

首先保存对象,不提交数据库,然后在最终保存之前更新密码。确保您的导入都正确无误。

def register_user(request):
        if request.method == 'POST':
            form = MyRegistrationForm(request.POST)     # create form object
            if form.is_valid():
                new_object = form.save(commit=False)
                new_object.password = make_password(form.cleaned_data['password'])
                new_object.save()
                messages.success(request, "Form saved.")
                return redirect("somewhere")
            else:
                messages.error(request, "There was a problem with the form.")
        else:
            form = MyRegistrationForm()

        return render(request, 'register/register.html', { 'form': form })
相关问题
最新问题