使用明文密码创建的Django用户 [英] Django users being created with cleartext passwords
本文介绍了使用明文密码创建的Django用户的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我在Django应用程序中遇到了一个问题,其中正在使用明文密码设置新创建的用户。
I hav ean issue in my django app where newly created users are being set up with cleartext passwords.
这是失败的测试。
def test_create_valid_user_success(self):
"""Test creating user with valid user is successful"""
payload = {
'email': 'test@email.com',
'password': 'testpass',
'name': 'Test Name'
}
res = self.client.post(CREATE_USER_URL, payload)
self.assertEqual(res.status_code, status.HTTP_201_CREATED)
user = get_user_model().objects.get(**res.data)
print(user.password) # Comes out as clear text == 'testpass'
self.assertTrue(user.check_password(payload['password']))
self.assertNotIn('password', res.data)
测试错误:
======================================================================
FAIL: test_create_valid_user_success (user.tests.test_user_api.PublicUserApiTests)
Test creating user with valid user is successful
----------------------------------------------------------------------
Traceback (most recent call last):
File "/app/user/tests/test_user_api.py", line 33, in test_create_valid_user_success
self.assertTrue(user.check_password(payload['password']))
AssertionError: False is not true
序列化器:
from django.contrib.auth import get_user_model
from rest_framework import serializers
class UserSerializer(serializers.ModelSerializer):
"""Serializer for users object"""
class Meta:
model = get_user_model()
fields = ('email', 'password', 'name')
extra_kwargs = {
'password': {
'write_only': True,
'min_length': 8
}
}
def create(self, validated_data):
"""Create a new user with encrypted password and return it"""
return get_user_model().objects.create_user(**validated_data)
型号:
class UserManager(BaseUserManager):
def create_user(self, email, password=None, **extra_fields):
"""Creates and saves a new user"""
if not email:
raise ValueError('Users must have an email address')
user = self.model(email=self.normalize_email(email), **extra_fields)
user.set_password(password)
user.save(using=self._db)
我在这里缺少什么来正确哈希用户密码
What am I missing here to properly hash users passwords on creation?
推荐答案
我不觉得自己很愚蠢。
当我在序列化器的 Meta
下创建 create
方法时,我忘记了缩进,所以我的创建
为p 元
而不是 UserSerializer
When I created the create
method under Meta
in my serializer I forgot about the indentation so my create
was part of Meta
not UserSerializer
正确的缩进:
class UserSerializer(serializers.ModelSerializer):
"""Serializer for users object"""
class Meta:
model = get_user_model()
fields = ('email', 'password', 'name')
extra_kwargs = {
'password': {
'write_only': True,
'min_length': 8
}
}
def create(self, validated_data):
"""Create a new user with encrypted password and return it"""
return get_user_model().objects.create_user(**validated_data)
这篇关于使用明文密码创建的Django用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文