Django - 如何保存我的哈希密码

Question

我正在尝试将我的哈希密码保存在我的数据库中，但它一直在保存我的明文密码

型号：

class StudentRegistration(models.Model):
    email = models.EmailField(max_length=50)
    first_name = models.CharField(max_length=20)
    last_name = models.CharField(max_length=20)
    password = models.CharField(max_length=100, default="", null=False)
    prom_code = models.CharField(max_length=8, default="", null=False)
    gender = (
    ("M","Male"),
    ("F","Female"),
    )
    gender = models.CharField(max_length=1, choices=gender, default="M",    null=False)
    prom_name = models.CharField(max_length=20, default="N/A")
    prom_year = models.IntegerField(max_length=4, default=1900)
    school = models.CharField(max_length=50, default="N/A")



    def save(self):
         try:
            Myobj = Space.objects.get(prom_code = self.prom_code)
            self.prom_name = Myobj.prom_name
            self.prom_year = Myobj.prom_year
            self.school = Myobj.school_name

            super(StudentRegistration, self).save()

        except Space.DoesNotExist:
            print("Error")

观看次数：

def register_user(request):
    args = {}
    if request.method == 'POST':
        form = MyRegistrationForm(request.POST)     # create form object
        if form.is_valid():
            clearPassNoHash = form.cleaned_data['password']
            form.password = make_password(clearPassNoHash, None, 'md5')
            form.save()
            form = MyRegistrationForm()
            print ('se salvo')
        else:
            print ('Error en el form')
    else:
        form = MyRegistrationForm()


    args['form'] = form #MyRegistrationForm()

    return render(request, 'register/register.html', args)

我已经打印了散列结果，所以我知道它是散列但没有保存。

我是否使用了 make_password 错误？或者有什么更好的方法来保护我的密码？

--------------更新：（解决方案）-------- --------------------

记住在settings.py中：

#The Hasher you are using
PASSWORD_HASHERS = (
    'django.contrib.auth.hashers.MD5PasswordHasher',
)

模型.py：

#Import and add the AbstractBaseUser in your model

class StudentRegistration(AbstractBaseUser, models.Model):

Views.py：

if form.is_valid():
    user = form.save(commit=False)
    clearPassNoHash = form.cleaned_data['password']
    varhash = make_password(clearPassNoHash, None, 'md5')
    user.set_password(varhash)
    user.save()

Answer 1

在文档中使用 Django set_password

https://docs.djangoproject.com/en/1.9/ref/contrib/auth/

您还需要使用 form.save(commit=False) 从表单中获取模型对象

if form.is_valid():
    # get model object data from form here
    user = form.save(commit=False)

    # Cleaned(normalized) data
    username = form.cleaned_data['username']
    password = form.cleaned_data['password']

    #  Use set_password here
    user.set_password(password)
    user.save()

Answer 2

先保存对象，不提交到数据库，然后在最终保存之前更新密码。确保你的导入都是正确的。

def register_user(request):
        if request.method == 'POST':
            form = MyRegistrationForm(request.POST)     # create form object
            if form.is_valid():
                new_object = form.save(commit=False)
                new_object.password = make_password(form.cleaned_data['password'])
                new_object.save()
                messages.success(request, "Form saved.")
                return redirect("somewhere")
            else:
                messages.error(request, "There was a problem with the form.")
        else:
            form = MyRegistrationForm()

        return render(request, 'register/register.html', { 'form': form })