Django:set_password不是哈希密码吗? [英] Django: set_password isn't hashing passwords?
问题描述
我在Django中制作了自定义的用户注册表单/视图,以便可以通过其他模型添加其他用户属性.我已经使用set_password将新创建的用户的密码设置为在表单中输入的密码,但是我发现保存的密码没有被散列.
I've made a custom User registration form/view in Django so that I can include an additional user attributes through a different model. I've used set_password to set the password of the newly created user to the password entered in the form, but I've found that the passwords that are saved aren't hashed.
表格:
class UserForm(forms.ModelForm):
password = forms.CharField(widget=forms.PasswordInput())
class Meta:
model = User
fields = ('username', 'email', 'password')
class StudentForm(forms.ModelForm):
class Meta:
model = Student
fields = ('theclass',)
widgets = {
'theclass': forms.CheckboxSelectMultiple(),
}
class TeacherForm(forms.ModelForm):
class Meta:
model = Teacher
fields = ('theclass',)
widgets = {
'theclass': forms.CheckboxSelectMultiple(),
}
视图:
def register_student(request):
context = RequestContext(request)
registered = False
if request.method == 'POST':
user_form = UserForm(data=request.POST)
student_form = StudentForm(data = request.POST)
if user_form.is_valid() and student_form.is_valid():
user = user_form.save()
user.set_password(user.password)
user.save
student = student_form.save(commit = False)
student.user = user
student.save()
registered = True
else:
user_form = UserForm()
student_form = StudentForm()
return render_to_response('classapp/register_student.html', {'user_form': user_form, 'student_form': student_form, 'registered': registered}, context)
def register_teacher(request):
context = RequestContext(request)
registered = False
if request.method == 'POST':
user_form = UserForm(data=request.POST)
teacher_form = TeacherForm(data = request.POST)
if user_form.is_valid() and teacher_form.is_valid():
user = user_form.save()
user.set_password(user.password)
user.save
teacher = teacher_form.save(commit = False)
teacher.user = user
teacher.save()
registered = True
else:
user_form = UserForm()
teacher_form = TeacherForm()
return render_to_response('classapp/register_teacher.html', {'user_form': user_form, 'teacher_form': teacher_form, 'registered': registered}, context)
当我通过此表单注册用户时,登录无效.我在Admin上检查了用户信息,发现密码字段显示为: 无效的密码格式或未知的哈希算法. 我还同步了数据库并打开了外壳程序,并手动检索了使用我的注册表单创建的用户对象,发现用户密码没有被散列,就像这样:
When I register a user through this form, the login is invalid. I checked the user information on Admin, and found that the password field said: Invalid password format or unknown hashing algorithm. I also synced the db and opened the shell and manually retrieved the user objects that were created using my registration form and found that the user password is not being hashed, like so:
>>> from django.contrib.auth.models import User
>>> user = User.objects.get(username = "username")
>>> user.password
u'password'
>>> user = User.objects.get(username = "superuser")
>>> user.password
u****hashed password****
使用Admin创建的用户的密码会被哈希处理,但我的自定义表格不会.文档说明set_password(raw_password)自动处理哈希处理.
Users created using Admin have their passwords hashed, but my custom form does not.The documentation says that set_password(raw_password) takes care of hashing automatically.
推荐答案
set_password仅创建哈希密码;它不会将值保存在数据中.调用save()进行实际保存.
set_password only creates a hashed password; it doesn't save the value in the data. Call save() to actually save it.
您认为应该是
user.save()
该行下方
user.set_password(user.password)
您没有写括号(括号).这就是为什么在哈希密码后未调用save方法的原因.
You didn't write the brackets (parentheses). That's why save method is not being called after you hash the password.
这篇关于Django:set_password不是哈希密码吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
