我在django中使用了默认的path('',include("django.contrib.auth.urls"))来为我的项目执行登录,密码重置操作,我已经彻底检查了我的注册表单和数据库,注册部分一切正常,但是我无法对除超级用户以外的所有其他用户进行身份验证,可能是此问题的原因?
myproject/urls.py:
from django.contrib import admin
from django.urls import path,include
urlpatterns = [
path('admin/', admin.site.urls),
path('home/', include('home.urls')),
path('accounts/',include('accounts.urls')),
path('',include("django.contrib.auth.urls"))
]
在注册目录的模板中,我的登录表单如下所示:
{% extends 'base.html' %}
{% block title %}Login{% endblock %}
{% block content %}
<h2>Login</h2>
<form method="post">
{% csrf_token %}
{{ form.as_p }}
<button type="submit">Login</button>
</form>
{% endblock %}
我的注册视图是:
class UserFormView(View):
form_class = RegForm
template_name = 'signup.html'
def get(self, request):
form = self.form_class()
return render(request, self.template_name, {'form': form})
def post(self, request):
form = self.form_class(request.POST)
if (form.is_valid()):
form.save()
return redirect('login')
return render(request, self.template_name, {'form': form})
然后是我的表格:
class RegForm(forms.ModelForm):
password = forms.CharField(widget=forms.PasswordInput())
confirm_password=forms.CharField(widget=forms.PasswordInput())
class Meta:
model= User
fields=['first_name','last_name','username','email','date_joined','password','confirm_password']
def clean_password(self):
password=self.cleaned_data.get("password")
confirm_password = self.cleaned_data.get("confirm_password")
if(len(password)<8):
raise forms.ValidationError("The length of the password should be minimum 8 characters")
return password
def clean_email(self):
email=self.cleaned_data.get('email')
if(validate_email(email)==False):
raise forms.ValidationError("The Email Format is In Correct")
return email
def clean_confirm_password(self):
password = self.cleaned_data.get("password")
confirm_password = self.cleaned_data.get("confirm_password")
if (password != confirm_password):
raise forms.ValidationError('Password doesn\'t match')
答案 0 :(得分:1)
Django希望password模型的User字段包含哈希密码。您的表单将密码以纯文本格式存储(这是不安全的大操作)。
我建议您看看source code中的django.contrib.auth.forms.UserCreationForm,了解如何正确创建用户。
编辑:我的猜测是您可以使用超级用户登录,因为您是使用createsuperuser命令创建的。
答案 1 :(得分:1)
这是因为您错误地保存了密码。在django中,它对密码执行哈希处理。您可以使用django用户密码字段(ref链接https://docs.djangoproject.com/en/2.1/ref/contrib/auth/#django.contrib.auth.models.User.password),以便RegForm类似于
class RegForm(forms.ModelForm):
confirm_password=forms.CharField(widget=forms.PasswordInput())
class Meta:
model= User
fields=['first_name','last_name','username','email','date_joined','password','confirm_password']
def clean_password(self):
password=self.cleaned_data.get("password")
confirm_password = self.cleaned_data.get("confirm_password")
if(len(password)<8):
raise forms.ValidationError("The length of the password should be minimum 8 characters")
return password
def clean_email(self):
email=self.cleaned_data.get('email')
if(validate_email(email)==False):
raise forms.ValidationError("The Email Format is In Correct")
return email
def clean_confirm_password(self):
password = self.cleaned_data.get("password")
confirm_password = self.cleaned_data.get("confirm_password")
if (password != confirm_password):
raise forms.ValidationError('Password doesn\'t match')
或
在post方法中保存输入密码的哈希值。所以代码看起来像
def post(self, request):
form = self.form_class(request.POST)
if (form.is_valid()):
user_form = form.save(commit=False)
user_form.set_password(request.POST.get('password'))
user_form.save()
return redirect('login')
return render(request, self.template_name, {'form': form})
答案 2 :(得分:0)
正如我在评论中所说,您需要像这样保存用户:
def post(self, request):
form = self.form_class(request.POST)
if form.is_valid():
user = form.save(commit=False)
password = form.cleaned_data['password']
user.set_password(password)
user.save()
return redirect('login')
return render(request, self.template_name, {'form': form})