DJANGO backend.authenticate(* args,**凭证)不返回

时间:2017-08-17 15:34:12

标签: python django

我有一个奇怪的案例:

  • 我有一个自定义用户模型,连接到注册表单,我在将其保存到数据库之前执行set_password(密码),并使用argon2进行哈希处理,并正确保存到数据库中。我查了一下。

  • check_password(密码)可以正常验证用户名和密码。

BUT 

auth.authenticate(username=username, password=password)

不返回。使用Pycharm进行调试时,我发现用户名和密码正确传递,但此时失败了:

backend.authenticate(*args, **credentials)

请记住,我首先从数据库中获取用户以检查是否存在,所以问题在于我猜的密码,但无法弄清楚原因。

此外, login(request, user)不起作用。

没有例外也没有,他们都没有返回。

任何人,因为对编码的热爱可以帮助我吗?

以下是代码:

形式:

class SignUpForm(forms.ModelForm):

def __init__(self, *args, **kwargs):
    super(SignUpForm, self).__init__(*args, **kwargs)
    self.fields['first_name'].widget.attrs['placeholder'] = 'first name'
    self.fields['username'].widget.attrs['placeholder'] = 'username'
    self.fields['email'].widget.attrs['placeholder'] = 'email'

password = forms.CharField(widget=forms.PasswordInput(attrs={
    'placeholder': 'password'
}))

class Meta:
    # points the form to the model to use
    model = MyUser
    fields = [
        'first_name',
        'username',
        'email',
    ]

def save(self, commit=True):
    user = super(SignUpForm, self).save(commit=False)
    user.set_password(self.cleaned_data["password"])
    if commit:
        user.save()
    return user

注册视图:

def signup(request):
context = {}

if request.method == "POST":
    form = SignUpForm(request.POST)
    if form.is_valid():
        form.save()
        return HttpResponseRedirect(reverse('activate'))

else:
    form = SignUpForm()

response = render(request, 'signup.html', context={'form': form})
return response

登录视图:

def signin(request):

form = SignInForm()
context = {
    'form': form
}

if request.method == "POST":
    if request.method == "POST":
        username = request.POST.get('username')
        password = request.POST.get('password')

    if not get_or_none(MyUser, username=username):
        context['user_not_found_message'] = 'Invalid Credentials - username'

    else:
        user = authenticate(username=username, password=password)
        login(request, user)
        if not user:
            context['user_not_found_message'] = 'Invalid Credentials - password'
        elif not user.is_active:
            return HttpResponseRedirect(reverse('activate'))
        else:
            return HttpResponseRedirect(reverse('landingpage'))

response = render(request, 'signin.html', context=context)
return response

get_or_none是我创建的方法并且工作正常,并返回正确的用户。我用user.password它给了我散列传递。

1 个答案:

答案 0 :(得分:0)

求助:

我调试了核心Django库,发现backends.py中的代码如下:

    def authenticate(self, request, username=None, password=None, **kwargs):
    if username is None:
        username = kwargs.get(UserModel.USERNAME_FIELD)
    try:
        user = UserModel._default_manager.get_by_natural_key(username)
    except UserModel.DoesNotExist:
        # Run the default password hasher once to reduce the timing
        # difference between an existing and a non-existing user (#20760).
        UserModel().set_password(password)
    else:
        if user.check_password(password) and self.user_can_authenticate(user):
            return user

因此,由于我的用户未处于活动状态,因此无法进行身份验证

相关问题
最新问题