【问题标题】:Django password not hashed when creating new accounts创建新帐户时未对 Django 密码进行哈希处理
【发布时间】:2021-10-01 12:25:48
【问题描述】:

我是 django 的新手,我试图找出为什么通过我的帐户表单创建新帐户不会对密码进行哈希处理(我假设密码没有被哈希处理,因为在创建帐户时我无法使用密码登录,并且此消息显示在 django 管理员的密码字段下,用于通过表单创建的帐户:Invalid password format or unknown hashing algorithm)。我可以在 django 管理员中成功创建没有此未哈希密码问题的新帐户。

views.py:

@unauthenticated_user
def create_account(request):
    form = AccountForm()

    if request.method == 'POST':
        form = AccountForm(request.POST)
        # should hash the password, check username/email doesnt already exist, etc
        if form.is_valid():
            user = form.save()
            return redirect('/login')
        else:
            messages.info(request, "Count not create account.")

    context = {'form': form}
    return render(request, 'accounts/create_account.html', context)

models.py:

class Account(AbstractUser):

    def __str__(self) -> str:
        return self.first_name

    pass

创建帐户表单:

<form action="{% url 'create_account' %}" method="POST">
    {% csrf_token %}
    {{form.as_p}}
    <input type="submit" name="submit">
</form>

形式:

class AccountForm(ModelForm):
    class Meta:
        model = Account  # which model we're building a form for
        # password not hashed and requires username even if username omitted from fields
        fields = ['email', 'password', 'first_name', 'last_name', 'username']

我正在关注一个教程系列,其中与我的代码的唯一区别是我使用 Account 类从 AbstractUser 模型扩展(这样我就可以将创建用户表单更改为只需要电子邮件和密码而不是用户名和密码)。除非我不正确,否则我认为 AbstractUser 模型应该会自动为您加密密码。

我哪里错了?

【问题讨论】:

标签: python django


【解决方案1】:

正如@purple 提到的,使用set_password(...)--Doc 方法作为

@unauthenticated_user
def create_account(request):
    form = AccountForm()

    if request.method == 'POST':
        form = AccountForm(request.POST)
        
        if form.is_valid():
            user = form.save(commit=False)  # set `commit=False`
            user.set_password(
                form.cleaned_data["password"]
            )  # call `set_password(...)` with "raw password"
            user.save()  # save the actual User instance
            return redirect('/login')
        else:
            messages.info(request, "Count not create account.")

    context = {'form': form}
    return render(request, 'accounts/create_account.html', context)

【讨论】:

    【解决方案2】:

    使用 set_password 方法

    def create_account(request):
        form = AccountForm()
    
        if request.method == 'POST':
            form = AccountForm(request.POST)
            # should hash the password, check username/email doesnt already exist, etc
            if form.is_valid():
                form.set_password(request.POST['password'])
                form.save()
                return redirect('/login')
            else:
                messages.info(request, "Count not create account.")
    
        context = {'form': form}
        return render(request, 'accounts/create_account.html', context)
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2015-03-22
      • 2012-05-06
      • 2010-10-16
      • 1970-01-01
      相关资源
      最近更新 更多