python 更改电子邮件时禁止 Django 403

python Django 403 forbidden when changing email

我想使用标准 Django 方法更改用户电子邮件,但在更改电子邮件之前,来自表单和数据库的密码必须匹配。我收到 403 错误 CSRF token missing or incorrect. 这是我的 form:

class ChangeMailForm(forms.Form):
    password = forms.CharField(label = (u'Podaj hasło'), widget=forms.PasswordInput(render_value=False))
    email = forms.EmailField(label = (u'Podaj nowy adres email'))

    def clean_email(self):
        mail = self.cleaned_data['email']
        if User.objects.filter(email=email).exists():
            raise ValidationError("Taki email jest w bazie")
        return mail

我的view:

def ChangeEmail(request):
    if not request.user.is_authenticated():
        return HttpResponseRedirect('/')
    if request.method == 'POST':
        form = ChangeMailForm(request.POST)
        if form.is_valid():
            usr = request.user
            u = User.objects.filter(username=usr)
            if not User.objects.filter(username=usr).check_password(form.cleaned_data['password']):
                return HttpResponseRedirect('/')
            mail = form.cleaned_data['email']
            u.new_email(mail)
            u.save()
        else:
            return render_to_response('changeemail.html', {'form':form},context_instance=RequestContext(request))
    else:
        form = ChangeMailForm()
        return render_to_response('changeemail.html', {'form':form}, context_instance=RequestContext(request))

和我的一部分 template:

<form action="" method="post">
    {% csrf_token %}
    {% if form.errors %}<p id="correct">Popraw następujące pola:</p>{% endif %}
    <table id="change">
        <tr>
            <td {% if form.password.errors %} class="error" {% endif %}>Podaj hasło:</td>
            <td>{{ form.password }}</td>
        </tr>
        <tr>
            <td {% if form.email.errors %} class="error" {% endif %}>Podaj nowy adres:</td>
            <td>{{ form.email }}</td>
        </tr>
    </table>
    <div id="sub">
    <input type="submit"  value="Wykonaj" alt="login" id="submit" />

任何帮助将不胜感激。

编辑:在放置@csrf_exempt装饰器

后添加回溯
Request Method: POST
Request URL: http://127.0.0.1:8000/changeemail/

Django Version: 1.7.1
Python Version: 2.7.8
Installed Applications:
('django.contrib.admin',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'django.contrib.humanize',
 'dailyresults',
 'trainingresults',
 'athlete',
 'easy_pdf')
Installed Middleware:
('django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware')


Traceback:
File "D:\Programy\Python27\lib\site-packages\django-1.7.1-py2.7.egg\django\core\handlers\base.py" in get_response
  111.                     response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "D:\Programy\Python27\lib\site-packages\django-1.7.1-py2.7.egg\django\views\decorators\csrf.py" in wrapped_view
  57.         return view_func(*args, **kwargs)
File "D:\Inz\trening\athlete\views.py" in ChangeEmail
  93.             if not User    .objects.filter(username=usr).check_password(form.cleaned_data['password']):

异常类型:/changeemail/ 的 AttributeError 异常值:'QuerySet' 对象没有属性 'check_password'

您需要更改此行:

u = User.objects.filter(username=usr)
if not User.objects.filter(username=usr).check_password(...):

对此:

u = User.objects.filter(username=usr).first()
if u and u.check_password(...):
    ...

为什么它会在第一种方法中抛出错误,因为 ulist 中的查询集,它本身没有 check_password 方法。但是您可以使用 queryset().first() 或切片 u[0] 访问 User 对象 并获得 User 对象(当然您需要验证是否存在,否则将是 []).

并且请确保 csrf_token 确实存在于您的请求中,您可以使用 logging 并检查:

import logging
...
#your view
logging.info('request MEAT for csrf: %s', request.META.get('CSRF_COOKIE'))

看看它是否存在。

您也可以尝试清除浏览器缓存,或使用其他浏览器(新会话或私人会话)进行测试,看看是否仍然出现错误。

已更新

当需要更新email字段时,使用普通模型save方法即可:

# above code... and being verified ...
u.email = form.cleaned_data['email']
u.save()

就是这样。