Python Django中的AbstractUser未进行身份验证
Django版本3.2 我创建了一个抽象用户模型,用于存储银行客户的信息。我可以用用户名和密码注册客户。但它在登录时没有得到身份验证。 在管理页面中,密码保存为纯文本,这是不需要的。默认情况下,它应该以哈希形式保存在Django中。 请给出一些解决方法。我做错了什么 在settings.py中,我添加了一行:Python Django中的AbstractUser未进行身份验证,python,django,authentication,passwords,Python,Django,Authentication,Passwords,Django版本3.2 我创建了一个抽象用户模型,用于存储银行客户的信息。我可以用用户名和密码注册客户。但它在登录时没有得到身份验证。 在管理页面中,密码保存为纯文本,这是不需要的。默认情况下,它应该以哈希形式保存在Django中。 请给出一些解决方法。我做错了什么 在settings.py中,我添加了一行: AUTH\u USER\u MODEL='banking.Customer' models.py: ''' This stores all customers of this ba
AUTH\u USER\u MODEL='banking.Customer'
models.py:
'''
This stores all customers of this bank .
'''
class Customer(AbstractUser):
#username = models.CharField(max_length=128, unique=True)
#first_name = models.CharField(max_length=128)
#last_name = models.CharField(max_length=128)
#email = models.CharField(max_length=128)
phone = models.CharField(max_length=128)
#password = models.CharField(max_length=2048)
dateJoined = models.DateTimeField(auto_now_add=True)
# completed, pending, blocked, error
verificationStatus = models.CharField(max_length=128)
#USERNAME_FIELD = 'username'
#REQUIRED_FIELDS = []
def __str__(self):
return f"{self.username}, {self.first_name} {self.last_name}, {self.email}, {self.password}"
views.py:
def register(request):
if request.method == "POST":
# get the information from form
print("POST request :" + str(request.POST))
userName = request.POST["userName"]
firstName = request.POST["firstName"]
lastName = request.POST["lastName"]
email = request.POST["email"]
phone = request.POST["phone"]
password = request.POST["password"]
# insert it in DB, keep in mind that username should be unique
try:
customer = Customer(username=userName, first_name=firstName, last_name=lastName, email=email, phone=phone, password=password, verificationStatus="verified")
customer.save()
print("Database " + str(customer))
return HttpResponseRedirect(reverse('login'))
except:
# send register page agin with error message
context = {"message": userName + " userName is already taken ."}
return render(request, "banking/register.html", context)
else:
return render(request, "banking/register.html")
def login(request):
if request.method == "POST":
# get info from login form
username = request.POST["userName"]
password = request.POST["password"]
# check if user is valid
customer = None
try:
# check if userName exist in DB
print("check user")
customer = authenticate(request, username=username, password=password)
except:
customer = None
# save customer in session
if customer is not None:
login(request, customer)
return HttpResponseRedirect(reverse('mainPage'))
else:
# return to login page with error message
context = {"message": "Invalid credentials"}
return render(request, "banking/login.html", context)
else:
return render(request, "banking/login.html")
您可以使用models
\uuuuu init\uuuu
方法(构造函数)创建客户:
但这并不考虑密码需要<强>散列< /强>,并将密码保存为纯文本。这会导致您的用户无法登录,因为
身份验证
功能在密码被哈希化的前提下工作
您应该改为使用用户模型管理器的方法,UserManager,该方法将自动散列密码:
customer = Customer.objects.create_user(username=userName, first_name=firstName, last_name=lastName, email=email, phone=phone, password=password, verificationStatus="verified")
在Django中创建自定义用户类时,应该由Manager类处理密码加密和保存机制。 请参考给定的链接以更好地理解 在views.py的register()方法中,您必须将代码编辑为:
customer = Customer(username=userName, first_name=firstName, last_name=lastName, email=email, phone=phone, verificationStatus="verified")
customer.set_password(password)
customer.save()
在保存用户时,我们必须使用set_password()方法设置密码,因为它将使用适当的哈希/加密算法保存密码。我将更改为:
customer=customer(username=username,first_name=firstName,last_name=lastName,email=email,phone=phone,verificationStatus=“verified”)customer.set_密码(password)customer.save()
。但它没有登录。您能详细说明您收到了什么错误或日志消息吗?没有编程错误。预期的结果是,一旦用户注册,那么他应该能够登录。是的,密码在数据库中被散列保存为:孔雀,fn-ln,e@e.e,pbkdf2_sha256$260000$C3TAdhqgXn93V9reZ2ok10$BOPmOj2b7W8J/TCn2/FZdTyMevFoYibOmiTUxLBJIYk=````但不知何故,我认为这行代码在登录()中不起作用功能。令人惊讶的是,它现在正在工作。一直以来,我都没有将authenticate()作为从django.contrib.auth导入authenticate
。令人惊讶的是python甚至没有给我任何错误。它正在无声地引发异常,每次它都被我的except代码无声地捕获。谢谢你的答案很容易实现。所以我接受了。
customer = Customer(username=userName, first_name=firstName, last_name=lastName, email=email, phone=phone, verificationStatus="verified")
customer.set_password(password)
customer.save()