authenticate(request, username=username, password =pswd) returns None 自定义用户模型

authenticate(request, username=username, password =pswd) returns None for custom user model

authenticate() 函数正在为 mySQL 数据库中的注册用户返回 none。 我正在使用自定义用户验证,其中注册过程完美无缺。 我正在使用 Django 3.0 的价值 Account.objects.get(username = "uname").password == request.POST['password']True

这是我的 models.py

class AccountManager(BaseUserManager):
    #pass USERNAME_FIELD, REQUIRED_FIELDS 
    def create_user(self, email, username, password=None):
        if not email:
            raise ValueError( "Email Id not entered")

        if not username: 
            raise ValueError("User Name not entered")

        user = self.create_user(
            email = self.normalize_email(email),
            username = username,
        )

        user.set_password(password)    
        user.save(using=self._db)
        return user

    def create_superuser(self, email, username, password):
        user = self.create_user(
            email = self.normalize_email(email),
            password = password,
            username = username,
        )

        user.is_admin = True
        user.is_staff = True
        user.is_superuser = True
        user.save(using = self._db)
        return user


# Create your models here.
class Account(AbstractBaseUser):
    username     = models.CharField(max_length = 50, unique= True)
    email        = models.EmailField(verbose_name = "email", max_length = 50, unique=True)
    #few other fields...

    USERNAME_FIELD = "username"
    REQUIRED_FIELDS = ['email']

    objects = AccountManager()
    # any object from Account.object will return __str__ 
    def __str__(self):
        return self.username

    #give permitions to custom user object
    def has_perm(self, perm, obj=None):    
        return self.is_admin

    def has_module_perms(self, app_label):
        return True

views.py


def register(request):
    context = {}
    if request.POST:
        form = RegistrationForm(request.POST)
        if form.is_valid():
            form.save()
            name = form.cleaned_data.get("username")
            raw_password= form.cleaned_data.get('password1')

            account = authenticate(username = name, password = raw_password)
            login(request, account)
            print(str(account))
            return redirect('../dashboard/')
        else: 
            context['registration_form'] = form
    else:
        form = RegistrationForm()
        context['registration_form'] = form
    return render(request, 'register.html')

def login(request):
        context = {}
        if request.method == "POST":
            form = AuthenticationForm(request.POST)

            if form.is_valid:#returns True
                name = request.POST["username"]
                pswd = request.POST["password"]
                user = authenticate(request, username = name, password = pswd)
                print("user = " + str(user)) #always returns None

                if user:
                    print("valid user " + str(user))
                    login(request, user)
                    print("user is " + str(request.user.is_authenticated))
                    return  redirect("../dashboard/") 
        form = AuthenticationForm()
        context['login_form'] = form
        return render(request, 'login.html', context)

settings.py

AUTH_USER_MODEL = "authenticate.Account"
AUTHENTICATION_BACKENDS = (
    #'authenticate.Accounts.'
    'django.contrib.auth.backends.ModelBackend',
)

你能看看错误是什么吗?

请原谅我的礼节,因为这是我在 Whosebug 中的第一个问题 也请考虑我几周前才开始使用 django

The value of Account.objects.get(username='uname').password == request.POST['password'] is True.

这不是个好主意。通常密码是散列。事实上,这就是 AbstractBaseUser 基础 class 实现 set_password(..) method [Django-doc] 的原因。这将散列密码,并将散列密码存储在数据库中。

authenticate(..) 方法也将首先对给定的密码进行哈希处理,然后检查该哈希处理后的密码是否与数据库中存储的密码相对应。

有关详细信息,请参阅 Password management in Django section