web2py检查表单中的密码 [英] web2py check password in form
问题描述
我正在尝试在web2py中创建一个更改密码表单.我正在使用db.auth_user表.我想创建一个具有字段['current_password','new_password','repeat_password']
I am trying to create a change password form in web2py. I am using db.auth_user table. I want to create a form with fields ['current_password', 'new_password', 'repeat_password']
如果密码输入不正确,表格应向用户发出警告.
Form should give a warning to user if the password is not entered correctly.
我的代码是:
request.vars.current_password = request.vars.current_password if request.vars.current_password else 'xxx'
user_password_form = SQLFORM.factory(Field('current_password', 'password',
requires=IS_EQUAL_TO(db(db.auth_user.id == auth.user_id).select('password').first().password)(
str(db.auth_user.password.validate(request.vars.current_password)[0]))),
Field('new_password', 'password'),
Field('repeat_password', 'password',
requires=IS_EQUAL_TO(request.vars.new_password,
'Passwords do not match')))
我已经测试了以下代码的验证性,如果密码输入正确,它将设置a = 1.但是在表单验证中,我无法弄清楚如何实现
I have tested the validation for the following code and it sets a=1 if password is entered correctly. But on the form validation I couldn't figure it out how to implement it
if request.vars.current_password:
if db.auth_user.password.validate(request.vars.current_password)[0] == db(
db.auth_user.id == auth.user_id).select('password').first().password:
a=1
有什么想法可以实现密码验证吗?
Any ideas how password validation can be achieved?
推荐答案
web2py Auth系统包括一个内置的密码更改操作.如果您在default.py
控制器中使用默认的user
操作,则可以通过/myapp/default/user/change_password访问此表单.
The web2py Auth system includes a built-in password change action. If you are using the default user
action in the default.py
controller, you access this form via /myapp/default/user/change_password.
如果您只想为此目的创建一个单独的控制器动作,则只需执行以下操作:
If you prefer to create a separate controller action just for this purpose, you can simply do:
def change_password():
return dict(form=auth.change_password())
并在关联的视图中:
{{=form}}
关于您的自定义代码,您不能单独使用IS_EQUAL_TO
验证器,因为它使用的表达式必须等于用表单提交的值(您不能像这样使用已转换的值来调用验证器,因为将返回一个元组,但是requires
属性必须是带有字段和值的可调用对象.
Regarding your custom code, you cannot use the IS_EQUAL_TO
validator alone, as it takes an expression that must be equal to the value submitted with the form (you cannot call the validator with a transformed value as you have, as that will return a tuple, but the requires
attribute must be a callable object that takes a field and a value).
相反,您可以在列表中使用CRYPT
验证器,然后使用IS_EQUAL_TO
验证器-第一个验证器会将提交的密码转换为哈希,然后第二个验证器将与存储的密码哈希进行相等性测试
Instead, you could use the CRYPT
validator followed by the IS_EQUAL_TO
validator in a list -- the first validator will transform the submitted password to a hash, and the second will then test for equality with the stored password hash.
或者,您可以使用:
def check_password(password):
new_hash = db.auth_user.password.validate(password)[0]
return new_hash == auth.user.password
form = SQLFORM.factory(Field('current_password', 'password')
requires=IS_EXPR(check_password)),
...)
IS_EXPR
验证器可以采用将为其传递值的函数,并且该函数应返回True
或False
(请注意,此用法未记录在册-本书仅显示了替代用法,其中您将Python代码作为字符串提供,该字符串将为exec'ed
.
The IS_EXPR
validator can take a function that will be passed the value, and the function should return True
or False
(note, this usage is not documented -- the book only shows the alternative usage, where you provide Python code as a string, which will be exec'ed
).
这篇关于web2py检查表单中的密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!