Django:set_password 不是散列密码吗?
Django: set_password isn't hashing passwords?
我在 Django 中进行了自定义用户注册 form/view,这样我就可以通过不同的模型包含额外的用户属性。我已经使用 set_password 将新创建的用户的密码设置为在表单中输入的密码,但我发现保存的密码没有经过哈希处理。
形式:
class UserForm(forms.ModelForm):
password = forms.CharField(widget=forms.PasswordInput())
class Meta:
model = User
fields = ('username', 'email', 'password')
class StudentForm(forms.ModelForm):
class Meta:
model = Student
fields = ('theclass',)
widgets = {
'theclass': forms.CheckboxSelectMultiple(),
}
class TeacherForm(forms.ModelForm):
class Meta:
model = Teacher
fields = ('theclass',)
widgets = {
'theclass': forms.CheckboxSelectMultiple(),
}
查看:
def register_student(request):
context = RequestContext(request)
registered = False
if request.method == 'POST':
user_form = UserForm(data=request.POST)
student_form = StudentForm(data = request.POST)
if user_form.is_valid() and student_form.is_valid():
user = user_form.save()
user.set_password(user.password)
user.save
student = student_form.save(commit = False)
student.user = user
student.save()
registered = True
else:
user_form = UserForm()
student_form = StudentForm()
return render_to_response('classapp/register_student.html', {'user_form': user_form, 'student_form': student_form, 'registered': registered}, context)
def register_teacher(request):
context = RequestContext(request)
registered = False
if request.method == 'POST':
user_form = UserForm(data=request.POST)
teacher_form = TeacherForm(data = request.POST)
if user_form.is_valid() and teacher_form.is_valid():
user = user_form.save()
user.set_password(user.password)
user.save
teacher = teacher_form.save(commit = False)
teacher.user = user
teacher.save()
registered = True
else:
user_form = UserForm()
teacher_form = TeacherForm()
return render_to_response('classapp/register_teacher.html', {'user_form': user_form, 'teacher_form': teacher_form, 'registered': registered}, context)
当我通过此表单注册用户时,登录无效。我在admin上查看了用户信息,发现密码栏是这样写的:
密码格式无效或哈希算法未知。
我还同步了数据库并打开了 shell 并手动检索了使用我的注册表创建的用户对象,发现用户密码没有被散列,如下所示:
>>> from django.contrib.auth.models import User
>>> user = User.objects.get(username = "username")
>>> user.password
u'password'
>>> user = User.objects.get(username = "superuser")
>>> user.password
u****hashed password****
使用 Admin 创建的用户会对其密码进行哈希处理,但我的自定义表单会 not.The 文档说 set_password(raw_password) 会自动处理哈希处理。
set_password 仅创建散列密码;它不会将值保存在数据库中。调用save()实际保存。
在你看来,应该是
user.save()
线下
user.set_password(user.password)
你没有写括号(圆括号)。这就是为什么在您对密码进行哈希处理后 save 方法没有被调用的原因。
user.set_password(user.password)
user.save()
答案更新 2021 年 7 月 25 日
set_password 方法适用于 django 版本 3.2
自定义 singup django 3.2
确保变量不传递空值。对于开发,您可以在传递给 set_password 方法之前进行打印。
def user_register(request):
if (request.method == 'POST'):
username = request.POST.get('username')
password = request.POST.get('password')
print(password, type(password))
#make sure the password not passed null
user = User.objects.create_user(
email=email,
name=username,
password=password,
)
user.set_password(password)
user.save()
你如何使用 django 进行测试 shell。
python manage.py shell
此处列出 django shell 命令
from .models import user_type, User
user = User.objects.create_user(email="ll55@gmail.com",password="uU123456",name="le5")
user.set_password("uU123456")
user.save()
u = User.objects.get(name="as6")
u.name
u.password
我在 Django 中进行了自定义用户注册 form/view,这样我就可以通过不同的模型包含额外的用户属性。我已经使用 set_password 将新创建的用户的密码设置为在表单中输入的密码,但我发现保存的密码没有经过哈希处理。
形式:
class UserForm(forms.ModelForm):
password = forms.CharField(widget=forms.PasswordInput())
class Meta:
model = User
fields = ('username', 'email', 'password')
class StudentForm(forms.ModelForm):
class Meta:
model = Student
fields = ('theclass',)
widgets = {
'theclass': forms.CheckboxSelectMultiple(),
}
class TeacherForm(forms.ModelForm):
class Meta:
model = Teacher
fields = ('theclass',)
widgets = {
'theclass': forms.CheckboxSelectMultiple(),
}
查看:
def register_student(request):
context = RequestContext(request)
registered = False
if request.method == 'POST':
user_form = UserForm(data=request.POST)
student_form = StudentForm(data = request.POST)
if user_form.is_valid() and student_form.is_valid():
user = user_form.save()
user.set_password(user.password)
user.save
student = student_form.save(commit = False)
student.user = user
student.save()
registered = True
else:
user_form = UserForm()
student_form = StudentForm()
return render_to_response('classapp/register_student.html', {'user_form': user_form, 'student_form': student_form, 'registered': registered}, context)
def register_teacher(request):
context = RequestContext(request)
registered = False
if request.method == 'POST':
user_form = UserForm(data=request.POST)
teacher_form = TeacherForm(data = request.POST)
if user_form.is_valid() and teacher_form.is_valid():
user = user_form.save()
user.set_password(user.password)
user.save
teacher = teacher_form.save(commit = False)
teacher.user = user
teacher.save()
registered = True
else:
user_form = UserForm()
teacher_form = TeacherForm()
return render_to_response('classapp/register_teacher.html', {'user_form': user_form, 'teacher_form': teacher_form, 'registered': registered}, context)
当我通过此表单注册用户时,登录无效。我在admin上查看了用户信息,发现密码栏是这样写的: 密码格式无效或哈希算法未知。 我还同步了数据库并打开了 shell 并手动检索了使用我的注册表创建的用户对象,发现用户密码没有被散列,如下所示:
>>> from django.contrib.auth.models import User
>>> user = User.objects.get(username = "username")
>>> user.password
u'password'
>>> user = User.objects.get(username = "superuser")
>>> user.password
u****hashed password****
使用 Admin 创建的用户会对其密码进行哈希处理,但我的自定义表单会 not.The 文档说 set_password(raw_password) 会自动处理哈希处理。
set_password 仅创建散列密码;它不会将值保存在数据库中。调用save()实际保存。
在你看来,应该是
user.save()
线下
user.set_password(user.password)
你没有写括号(圆括号)。这就是为什么在您对密码进行哈希处理后 save 方法没有被调用的原因。
user.set_password(user.password)
user.save()
答案更新 2021 年 7 月 25 日
set_password 方法适用于 django 版本 3.2
自定义 singup django 3.2
确保变量不传递空值。对于开发,您可以在传递给 set_password 方法之前进行打印。
def user_register(request):
if (request.method == 'POST'):
username = request.POST.get('username')
password = request.POST.get('password')
print(password, type(password))
#make sure the password not passed null
user = User.objects.create_user(
email=email,
name=username,
password=password,
)
user.set_password(password)
user.save()
你如何使用 django 进行测试 shell。
python manage.py shell
此处列出 django shell 命令
from .models import user_type, User
user = User.objects.create_user(email="ll55@gmail.com",password="uU123456",name="le5")
user.set_password("uU123456")
user.save()
u = User.objects.get(name="as6")
u.name
u.password