为什么 django 接受两个不同的密码?完全没有错误
Why django is accepting two diiferent passwords? Giving no error at all
为什么此代码同时接受密码和 confirm_password 字段?没有错误
这是第一个 models.py 文件:(缩进在这里不是问题)
from django.db import models
from django.contrib.auth.models import AbstractBaseUser
from .managers import UserManager
from django.utils.translation import ugettext_lazy as _
# Create your models here.
ROLES = (
('Customer', 'Customer'), ('Vendor', 'Vendor')
)
class User(AbstractBaseUser):
email = models.EmailField(verbose_name='Email Address', max_length=255, unique=True)
first_name = models.CharField(max_length=255)
last_name = models.CharField(max_length=255)
active = models.BooleanField(default=True)
staff = models.BooleanField(default=False)
admin = models.BooleanField(default=False)
role = models.CharField(max_length=15, choices=ROLES)
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = ['first_name', 'last_name']
objects = UserManager()
def __str__(self):
return self.email
def get_name(self):
return self.first_name + ' ' + self.last_name
def get_role(self):
return self.role
def has_perm(self, perm, obj=None):
return True
def has_module_perms(self, app_label):
return True
@property
def is_staff(self):
return self.staff
@property
def is_admin(self):
return self.admin
@property
def is_active(self):
return self.active
接下来是用户模型的管理器:
在这里我只是接受数据和创建帐户而已。
from django.contrib.auth.models import BaseUserManager
from django.db import models
from django.utils.translation import ugettext_lazy as _
class UserManager(BaseUserManager):
use_in_migrations = True
def _create_user(self, email, password, **extra_fields):
if not email:
raise ValueError('User must have an Email Address')
user = self.model(email=self.normalize_email(email), **extra_fields)
user.set_password(password)
user.save(using=self._db)
return user
def create_user(self, email, password, **extra_fields):
extra_fields.setdefault('staff', False)
extra_fields.setdefault('admin', False)
return self._create_user(email, password, **extra_fields)
def create_superuser(self, email, password, **extra_fields):
extra_fields.setdefault('staff', True)
extra_fields.setdefault('admin', True)
if extra_fields.get('staff') is not True:
raise ValueError('Superuser must have "staff" = True')
if extra_fields.get('admin') is not True:
raise ValueError('Superuser must have "admin" = True')
return self._create_user(email, password, **extra_fields)
在这里,我想创建用于创建用户帐户的模型表单
这是 forms.py 文件:
from django import forms
from django.contrib.auth.forms import ReadOnlyPasswordHashField
from .models import User
class RegistrationForm(forms.ModelForm):
password = forms.CharField(widget=forms.PasswordInput)
password2 = forms.CharField(label='Confirm Password', widget=forms.PasswordInput)
class Meta:
model = User
fields = ('email', 'first_name', 'last_name', 'role', 'password', 'password2')
def clean_email(self):
email = self.cleaned_data.get('email')
qs = User.objects.filter(email=email)
if qs.exists():
raise forms.ValidationError('Email is already taken, try another email')
return email
def clean_password2(self):
password = self.cleaned_data.get('password')
password2 = self.cleaned_data.get('password2')
if password and password2 and password != password2:
raise forms.ValidationError('Passwords did not match, try again')
return password
class UserAdminCreationForm(forms.ModelForm):
password = forms.CharField(widget=forms.PasswordInput)
password2 = forms.CharField(label='Confirm Password', widget=forms.PasswordInput)
def clean_password2(self):
password = self.cleaned_data.get('password')
password2 = self.cleaned_data.get('password2')
if password and password2 and password != password2:
raise forms.ValidationError('Passwords did not match, try again')
return password
def save(self, commit=True):
user = super(UserAdminCreationForm, self).save(commit=False)
user.set_password(self.cleaned_data['password'])
if commit:
user.save()
return user
class UserAdminChangeForm(forms.ModelForm):
password = ReadOnlyPasswordHashField()
class Meta:
model = User
fields = ('email', 'first_name', 'last_name', 'role', 'password', 'admin', 'staff')
def clean_password(self):
return self.initial['password']
最后是视图文件:
from django.shortcuts import render, redirect
from .models import User
from .forms import RegistrationForm
from django.contrib import messages
from .models import User
from django.contrib.auth import authenticate, login, logout
from django.contrib.auth.decorators import login_required
import logging
logger = logging.getLogger(__name__)
# Create your views here.
def register(request):
form = RegistrationForm()
if request.method == 'POST':
form = RegistrationForm(request.POST)
if form.is_valid():
email = form.cleaned_data['email']
first_name = form.cleaned_data['first_name']
last_name = form.cleaned_data['last_name']
password = form.cleaned_data['password']
role = form.cleaned_data['role']
user = User.objects.create_user(
email=email,
password=password,
first_name=first_name,
last_name=last_name,
role=role,
)
logger.info('New account created by {0} {1} with email:{2} as {3}'.format(
first_name, last_name, email, role
))
messages.success(request, 'Hi, ' + first_name + ', your account is created successfully!')
return redirect('/')
context = {'form': form,}
return render(request, 'user/register.html', context)
def user_login(request):
if request.method == 'POST':
email = request.POST.get('email')
password = request.POST.get('password')
user = authenticate(request, email=email, password=password)
if user is not None:
login(request, user)
return redirect('user:home')
else:
messages.warning(request, 'Email or Password is incorrect, try again')
context = {}
return render(request, 'user/login.html', context)
def user_logout(request):
logout(request)
return redirect('user:login')
@login_required(login_url='user:login')
def home(request):
users = User.objects.all()
context = {'users': users}
return render(request, 'user/home.html', context)
我在您的注册表中看不到 password2 字段。很可能没有 password2 并且根据您编写的代码,如果提供了两个密码,将检查“密码是否相等”条件。由于 password2 不存在,因此以下“if 条件”始终为 false。因此不会引发验证错误,每次都会返回密码。
if password and password2 and password != password2:
raise forms.ValidationError('Passwords did not match, try again')
return password
为什么此代码同时接受密码和 confirm_password 字段?没有错误 这是第一个 models.py 文件:(缩进在这里不是问题)
from django.db import models
from django.contrib.auth.models import AbstractBaseUser
from .managers import UserManager
from django.utils.translation import ugettext_lazy as _
# Create your models here.
ROLES = (
('Customer', 'Customer'), ('Vendor', 'Vendor')
)
class User(AbstractBaseUser):
email = models.EmailField(verbose_name='Email Address', max_length=255, unique=True)
first_name = models.CharField(max_length=255)
last_name = models.CharField(max_length=255)
active = models.BooleanField(default=True)
staff = models.BooleanField(default=False)
admin = models.BooleanField(default=False)
role = models.CharField(max_length=15, choices=ROLES)
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = ['first_name', 'last_name']
objects = UserManager()
def __str__(self):
return self.email
def get_name(self):
return self.first_name + ' ' + self.last_name
def get_role(self):
return self.role
def has_perm(self, perm, obj=None):
return True
def has_module_perms(self, app_label):
return True
@property
def is_staff(self):
return self.staff
@property
def is_admin(self):
return self.admin
@property
def is_active(self):
return self.active
接下来是用户模型的管理器: 在这里我只是接受数据和创建帐户而已。
from django.contrib.auth.models import BaseUserManager
from django.db import models
from django.utils.translation import ugettext_lazy as _
class UserManager(BaseUserManager):
use_in_migrations = True
def _create_user(self, email, password, **extra_fields):
if not email:
raise ValueError('User must have an Email Address')
user = self.model(email=self.normalize_email(email), **extra_fields)
user.set_password(password)
user.save(using=self._db)
return user
def create_user(self, email, password, **extra_fields):
extra_fields.setdefault('staff', False)
extra_fields.setdefault('admin', False)
return self._create_user(email, password, **extra_fields)
def create_superuser(self, email, password, **extra_fields):
extra_fields.setdefault('staff', True)
extra_fields.setdefault('admin', True)
if extra_fields.get('staff') is not True:
raise ValueError('Superuser must have "staff" = True')
if extra_fields.get('admin') is not True:
raise ValueError('Superuser must have "admin" = True')
return self._create_user(email, password, **extra_fields)
在这里,我想创建用于创建用户帐户的模型表单 这是 forms.py 文件:
from django import forms
from django.contrib.auth.forms import ReadOnlyPasswordHashField
from .models import User
class RegistrationForm(forms.ModelForm):
password = forms.CharField(widget=forms.PasswordInput)
password2 = forms.CharField(label='Confirm Password', widget=forms.PasswordInput)
class Meta:
model = User
fields = ('email', 'first_name', 'last_name', 'role', 'password', 'password2')
def clean_email(self):
email = self.cleaned_data.get('email')
qs = User.objects.filter(email=email)
if qs.exists():
raise forms.ValidationError('Email is already taken, try another email')
return email
def clean_password2(self):
password = self.cleaned_data.get('password')
password2 = self.cleaned_data.get('password2')
if password and password2 and password != password2:
raise forms.ValidationError('Passwords did not match, try again')
return password
class UserAdminCreationForm(forms.ModelForm):
password = forms.CharField(widget=forms.PasswordInput)
password2 = forms.CharField(label='Confirm Password', widget=forms.PasswordInput)
def clean_password2(self):
password = self.cleaned_data.get('password')
password2 = self.cleaned_data.get('password2')
if password and password2 and password != password2:
raise forms.ValidationError('Passwords did not match, try again')
return password
def save(self, commit=True):
user = super(UserAdminCreationForm, self).save(commit=False)
user.set_password(self.cleaned_data['password'])
if commit:
user.save()
return user
class UserAdminChangeForm(forms.ModelForm):
password = ReadOnlyPasswordHashField()
class Meta:
model = User
fields = ('email', 'first_name', 'last_name', 'role', 'password', 'admin', 'staff')
def clean_password(self):
return self.initial['password']
最后是视图文件:
from django.shortcuts import render, redirect
from .models import User
from .forms import RegistrationForm
from django.contrib import messages
from .models import User
from django.contrib.auth import authenticate, login, logout
from django.contrib.auth.decorators import login_required
import logging
logger = logging.getLogger(__name__)
# Create your views here.
def register(request):
form = RegistrationForm()
if request.method == 'POST':
form = RegistrationForm(request.POST)
if form.is_valid():
email = form.cleaned_data['email']
first_name = form.cleaned_data['first_name']
last_name = form.cleaned_data['last_name']
password = form.cleaned_data['password']
role = form.cleaned_data['role']
user = User.objects.create_user(
email=email,
password=password,
first_name=first_name,
last_name=last_name,
role=role,
)
logger.info('New account created by {0} {1} with email:{2} as {3}'.format(
first_name, last_name, email, role
))
messages.success(request, 'Hi, ' + first_name + ', your account is created successfully!')
return redirect('/')
context = {'form': form,}
return render(request, 'user/register.html', context)
def user_login(request):
if request.method == 'POST':
email = request.POST.get('email')
password = request.POST.get('password')
user = authenticate(request, email=email, password=password)
if user is not None:
login(request, user)
return redirect('user:home')
else:
messages.warning(request, 'Email or Password is incorrect, try again')
context = {}
return render(request, 'user/login.html', context)
def user_logout(request):
logout(request)
return redirect('user:login')
@login_required(login_url='user:login')
def home(request):
users = User.objects.all()
context = {'users': users}
return render(request, 'user/home.html', context)
我在您的注册表中看不到 password2 字段。很可能没有 password2 并且根据您编写的代码,如果提供了两个密码,将检查“密码是否相等”条件。由于 password2 不存在,因此以下“if 条件”始终为 false。因此不会引发验证错误,每次都会返回密码。
if password and password2 and password != password2:
raise forms.ValidationError('Passwords did not match, try again')
return password