我在Django中制作了自定义用户注册表单/视图,以便可以通过其他模型添加其他用户属性。我已经使用set_password将新创建的用户的密码设置为在表单中输入的密码,但是我发现保存的密码没有被散列。
形式:
class UserForm(forms.ModelForm):
password = forms.CharField(widget=forms.PasswordInput())
class Meta:
model = User
fields = ('username', 'email', 'password')
class StudentForm(forms.ModelForm):
class Meta:
model = Student
fields = ('theclass',)
widgets = {
'theclass': forms.CheckboxSelectMultiple(),
}
class TeacherForm(forms.ModelForm):
class Meta:
model = Teacher
fields = ('theclass',)
widgets = {
'theclass': forms.CheckboxSelectMultiple(),
}
看法:
def register_student(request):
context = RequestContext(request)
registered = False
if request.method == 'POST':
user_form = UserForm(data=request.POST)
student_form = StudentForm(data = request.POST)
if user_form.is_valid() and student_form.is_valid():
user = user_form.save()
user.set_password(user.password)
user.save
student = student_form.save(commit = False)
student.user = user
student.save()
registered = True
else:
user_form = UserForm()
student_form = StudentForm()
return render_to_response('classapp/register_student.html', {'user_form': user_form, 'student_form': student_form, 'registered': registered}, context)
def register_teacher(request):
context = RequestContext(request)
registered = False
if request.method == 'POST':
user_form = UserForm(data=request.POST)
teacher_form = TeacherForm(data = request.POST)
if user_form.is_valid() and teacher_form.is_valid():
user = user_form.save()
user.set_password(user.password)
user.save
teacher = teacher_form.save(commit = False)
teacher.user = user
teacher.save()
registered = True
else:
user_form = UserForm()
teacher_form = TeacherForm()
return render_to_response('classapp/register_teacher.html', {'user_form': user_form, 'teacher_form': teacher_form, 'registered': registered}, context)
当我通过此表单注册用户时,登录名无效。我在Admin上检查了用户信息,发现密码字段显示:无效的密码格式或未知的哈希算法。我还同步了数据库并打开了外壳程序,并手动检索了使用我的注册表单创建的用户对象,发现用户密码没有被散列,如下所示:
>>> from django.contrib.auth.models import User
>>> user = User.objects.get(username = "username")
>>> user.password
u'password'
>>> user = User.objects.get(username = "superuser")
>>> user.password
u****hashed password****
使用Admin创建的用户的密码会被哈希处理,但我的自定义表格不会进行哈希处理。文档说set_password(raw_password)自动处理哈希处理。
set_password
仅创建哈希密码;它不会将值保存在数据库中。调用save()
以实际保存它。
您认为应该是
user.save()
线下
user.set_password(user.password)
您没有写括号(括号)。这就是为什么save
在对密码进行哈希处理后未调用method的原因。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句