Python3.6/Django 2.1.4:"signing up with an already existing username/email breaks the CSRF_TOKEN"
Python 3.6 / Django 2.1.4 : "signing up with an already existing username/email breaks the CSRF_TOKEN"
我 运行 在 Django 中进行了一些测试,看看 form.errors
是否会在表单中引发所有类型的错误(确实如此)。
现在事情变得不对劲了:
如果我不止一次尝试使用现有 email/username 注册(只是检查效率),我会得到这个
Forbidden (403)
CSRF verification failed. Request aborted.
Help text : (all those conditions are met.)
我认为这些测试打破了 csrf_token
。
所以我不知道问题是否来自我的代码,或者 csrf_token
只是通过保护 username/email.
的所有者来完成它的工作
有没有人遇到过这样的问题?
注册查看
class SignUp(View):
def get(self, request):
form = MyModelCreation()
return render(
request,
'signup.html',
{'form': form}
)
def post(self, request):
form = MyModelCreation(request.POST)
if form.is_valid():
user = form.save(commit=False)
user.is_active = False # Create an inactive user
user.save()
# Send a confirmation Email
# Generate a token for the new user --tokens.py--
current_site = get_current_site(request)
mail_subject = 'Activate your profile account.'
message = render_to_string('account_activation_email.html', {
'user': user,
'domain': current_site.domain,
'uid': urlsafe_base64_encode(force_bytes(user.pk)).decode(),
'token': user_token.make_token(user),
})
receiver = form.cleaned_data.get('email')
email = EmailMessage(
mail_subject, message, to=[receiver]
)
email.send()
return redirect("account_activation_sent")
else:
return render_to_response(
'signup.html',
{"form": form},
RequestContext(request)
)
注册模板
{% extends 'base_test.html' %}
{% block title %}My Site | Sign Up{% endblock title %}
{% block content %}
<div class="padding">
<h2>Sign up : <small>*ALL FIELDS ARE REQUIRED</small></h2>
<form method="post" class="form">
{% csrf_token %}
{% for field in form %}
<p>
{{ field.label_tag }}<br>
{{ field }}
{% for error in field.errors %}
<p style="color: red">{{ error }}</p>
{% endfor %}
</p>
{% endfor %}
<button class="btn btn-primary btn-lg" type="submit">Sign up</button>
</form>
</div>
{% endblock %}
好吧,我通过切换回 render() 修复了它,我认为 render_to_response() 需要一些我不知道的额外数据。
return render(request, 'signup.html', {'form': form})
谢谢!
我 运行 在 Django 中进行了一些测试,看看 form.errors
是否会在表单中引发所有类型的错误(确实如此)。
现在事情变得不对劲了:
如果我不止一次尝试使用现有 email/username 注册(只是检查效率),我会得到这个
Forbidden (403)
CSRF verification failed. Request aborted.
Help text : (all those conditions are met.)
我认为这些测试打破了 csrf_token
。
所以我不知道问题是否来自我的代码,或者 csrf_token
只是通过保护 username/email.
有没有人遇到过这样的问题?
注册查看
class SignUp(View):
def get(self, request):
form = MyModelCreation()
return render(
request,
'signup.html',
{'form': form}
)
def post(self, request):
form = MyModelCreation(request.POST)
if form.is_valid():
user = form.save(commit=False)
user.is_active = False # Create an inactive user
user.save()
# Send a confirmation Email
# Generate a token for the new user --tokens.py--
current_site = get_current_site(request)
mail_subject = 'Activate your profile account.'
message = render_to_string('account_activation_email.html', {
'user': user,
'domain': current_site.domain,
'uid': urlsafe_base64_encode(force_bytes(user.pk)).decode(),
'token': user_token.make_token(user),
})
receiver = form.cleaned_data.get('email')
email = EmailMessage(
mail_subject, message, to=[receiver]
)
email.send()
return redirect("account_activation_sent")
else:
return render_to_response(
'signup.html',
{"form": form},
RequestContext(request)
)
注册模板
{% extends 'base_test.html' %}
{% block title %}My Site | Sign Up{% endblock title %}
{% block content %}
<div class="padding">
<h2>Sign up : <small>*ALL FIELDS ARE REQUIRED</small></h2>
<form method="post" class="form">
{% csrf_token %}
{% for field in form %}
<p>
{{ field.label_tag }}<br>
{{ field }}
{% for error in field.errors %}
<p style="color: red">{{ error }}</p>
{% endfor %}
</p>
{% endfor %}
<button class="btn btn-primary btn-lg" type="submit">Sign up</button>
</form>
</div>
{% endblock %}
好吧,我通过切换回 render() 修复了它,我认为 render_to_response() 需要一些我不知道的额外数据。
return render(request, 'signup.html', {'form': form})
谢谢!