web2py检查表单中的密码 [英] web2py check password in form

问题描述

我正在尝试在web2py中创建一个更改密码表单.我正在使用db.auth_user表.我想创建一个具有字段['current_password'，'new_password'，'repeat_password']

I am trying to create a change password form in web2py. I am using db.auth_user table. I want to create a form with fields ['current_password', 'new_password', 'repeat_password']

如果密码输入不正确，表格应向用户发出警告.

Form should give a warning to user if the password is not entered correctly.

我的代码是:

request.vars.current_password = request.vars.current_password if request.vars.current_password else 'xxx'

user_password_form = SQLFORM.factory(Field('current_password', 'password', 
                                           requires=IS_EQUAL_TO(db(db.auth_user.id == auth.user_id).select('password').first().password)(
                                                                str(db.auth_user.password.validate(request.vars.current_password)[0]))),
                                     Field('new_password', 'password'),
                                     Field('repeat_password', 'password',
                                           requires=IS_EQUAL_TO(request.vars.new_password,
                                                                'Passwords do not match')))

我已经测试了以下代码的验证性，如果密码输入正确，它将设置a = 1.但是在表单验证中，我无法弄清楚如何实现

I have tested the validation for the following code and it sets a=1 if password is entered correctly. But on the form validation I couldn't figure it out how to implement it

if request.vars.current_password:
        if db.auth_user.password.validate(request.vars.current_password)[0] == db(
                        db.auth_user.id == auth.user_id).select('password').first().password:
            a=1

有什么想法可以实现密码验证吗?

Any ideas how password validation can be achieved?

推荐答案

web2py Auth系统包括一个内置的密码更改操作.如果您在default.py控制器中使用默认的user操作，则可以通过/myapp/default/user/change_password访问此表单.

The web2py Auth system includes a built-in password change action. If you are using the default user action in the default.py controller, you access this form via /myapp/default/user/change_password.

如果您只想为此目的创建一个单独的控制器动作，则只需执行以下操作:

If you prefer to create a separate controller action just for this purpose, you can simply do:

def change_password():
    return dict(form=auth.change_password())

并在关联的视图中:

{{=form}}

关于您的自定义代码，您不能单独使用IS_EQUAL_TO验证器，因为它使用的表达式必须等于用表单提交的值(您不能像这样使用已转换的值来调用验证器，因为将返回一个元组，但是requires属性必须是带有字段和值的可调用对象.

Regarding your custom code, you cannot use the IS_EQUAL_TO validator alone, as it takes an expression that must be equal to the value submitted with the form (you cannot call the validator with a transformed value as you have, as that will return a tuple, but the requires attribute must be a callable object that takes a field and a value).

相反，您可以在列表中使用CRYPT验证器，然后使用IS_EQUAL_TO验证器-第一个验证器会将提交的密码转换为哈希，然后第二个验证器将与存储的密码哈希进行相等性测试

Instead, you could use the CRYPT validator followed by the IS_EQUAL_TO validator in a list -- the first validator will transform the submitted password to a hash, and the second will then test for equality with the stored password hash.

或者，您可以使用:

def check_password(password):
    new_hash = db.auth_user.password.validate(password)[0]
    return new_hash == auth.user.password

form = SQLFORM.factory(Field('current_password', 'password')
                             requires=IS_EXPR(check_password)),
                       ...)

IS_EXPR验证器可以采用将为其传递值的函数，并且该函数应返回True或False(请注意，此用法未记录在册-本书仅显示了替代用法，其中您将Python代码作为字符串提供，该字符串将为exec'ed.

The IS_EXPR validator can take a function that will be passed the value, and the function should return True or False (note, this usage is not documented -- the book only shows the alternative usage, where you provide Python code as a string, which will be exec'ed).

这篇关于web2py检查表单中的密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！