Django登录无效。仅适用于超级用户/管理员

时间:2018-07-02 14:26:59

标签: python django

我之前在注册后端使用django-registration-redux,并且一切正常。然后,我决定将注册后端更改为django的默认注册django.contrib.auth,并且注册工作正常,但登录无效。但是,事实是,只有我的超级用户acoount可以登录,其他所有用户都不能登录,无论是普通用户还是具有工作人员权限的用户。它不断给我无效的用户名/密码错误。

下面是我的views.py

的登录部分
def signin(request):
if request.user.is_authenticated:
    return HttpResponseRedirect("/")
form = LoginForm()
errors = None
if request.method == 'POST':
    form = LoginForm(request.POST)
    if form.is_valid():
        username = form.cleaned_data.get('username')
        username = username.lower()
        password = form.cleaned_data.get('password')
        user = authenticate(username=username, password=password)
        login(request, user)
        if user.is_staff:
            return redirect('sweet:vendor_index')
        else:
            return redirect('sweet:index')
    else:
        errors = "Invalid Username or Password"
return render(request, 'myregistration/signin.html', {'form':form, 'errors':errors})

下面是我的signin.html

{% extends "base.html" %}

{% block title %}sign in{% endblock %}

{% block content %}

<h1>Sign in</h1>

{% if form.errors %}
<p class="error">Please correct the errors below:</p>
  {{ errors }}
{% endif %}

<form method="post" action="{% url 'myregistration:signin' %}">{% csrf_token %}
<dl>
<dt><label for="id_username">Username:</label>{% if form.username.errors %} <span class="error">{{ form.username.errors|join:", " }}</span>{% endif %}</dt>
<dd>{{ form.username }}</dd>
<dt><label for="id_password">Password:</label>{% if form.password.errors %} <span class="error">{{ form.password.errors|join:", " }}</span>{% endif %}</dt>
<dd>{{ form.password }}</dd>
<dt><input type="submit" value="sign in" /></dt>
</dl>
</form>
<p>Forgotten password? Click <a href="{% url 'auth_password_reset' %}">here</a> to reset password</p>
{% endblock %}

{% block content-related %}
<p>If you don't have an account, you can <a href="/accounts/register/">sign
up</a> for one.
{% endblock %}

最后是我的urls.py

from django.conf.urls import url
from myregistration import views
from django.contrib.auth import views as auth_views    

app_name = 'myregistration'
urlpatterns = [
    url(r'^register_vendor/', views.register_vendor, name='register_vendor'),
    url(r'^register_customer/', views.register_customer, name='register_customer'),
    url(r'^email_confirm/', views.email_confirm, name='email_confirm'),
    url(r'^password_change/$', views.password_change, name='password_change'),
    url(r'^password_reset/$', auth_views.password_reset, name='password_reset'),
    url(r'^password_reset/done/$', auth_views.password_reset_done, name='password_reset_done'),
    url(r'^signin/', views.signin, name='signin'),
    url(r'^logout/', views.logout, name='logout'),
    url(r'^activate/(?P<uidb64>[0-9A-Za-z_\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$', views.activate, name='activate'),
]

下面是我的注册方法

def register_customer(request):
registered = False

if request.method == 'POST':
    customerform = CustomerSignUpForm(data=request.POST)

    if customerform.is_valid():
        customer = customerform.save(commit=False)
        # Remeber to hash password again
        customer.set_password(customer.password)
        customer.is_active = False
        customer.is_staff = False
        customer.save()

        text_content = "Account Activation Email"
        mail_subject = "Activate your Juggernut account"
        template_name = "myregistration/account_activate.html"
        from_email = customerform.cleaned_data.get('email')
        recipients = [customer.email]
        kwargs = {
            "uidb64":urlsafe_base64_encode(force_bytes(customer.pk)).decode(),
            "token":account_activation_token.make_token(customer)
        }
        activation_url = reverse("myregistration:activate", kwargs=kwargs)
        activation_url = "{0}://{1}{2}".format(request.scheme, request.get_host(), activation_url)

        context = {
            'customer':customer, 
            'activation_url':activation_url
        }
        html_content = render_to_string(template_name, context)
        email=EmailMultiAlternatives(mail_subject, text_content, from_email, recipients)
        email.attach_alternative(html_content, 'text/html')
        email.send()
        return redirect("myregistration:email_confirm")
        registered=True
    else:
        print(customerform.errors)

else:
    customerform = CustomerSignUpForm()
return render(request, 'myregistration/register_customer.html', {'customerform':customerform, 'registered':registered})

1 个答案:

答案 0 :(得分:0)

如您所见,在您的视图中,视图form = LoginForm()有一个表单类,但是在模板中,您没有呈现此表单,因此您将无法验证它,而行{ {1}}将始终返回False。

您有两个选择,呈现表单类或进行更改:

if form.is_valid():

收件人:

form = LoginForm(request.POST)
    if form.is_valid():
        username = form.cleaned_data.get('username')
        username = username.lower()
        password = form.cleaned_data.get('password')
        user = authenticate(username=username, password=password)
        login(request, user)
        if user.is_staff:
            return redirect('sweet:vendor_index')
        else:
            return redirect('sweet:index')
    else:
        errors = "Invalid Username or Password"

LoginForm类可能带有其他参数,因此无法验证