如何在django中更新用户密码

Question

我尝试在 Django 中更新用户密码时遇到问题。

def password(request):
 if request.method=="POST":
    password =request.user.password
    username=request.user.username
    c_password=request.POST["current_password"]
    new_password=request.POST["new_password"]
    r_new_password=request.POST["retype_new_password"]
    if password==c_password:
        if new_password==r_new_password:
            user =User.objects.get(username=username)
            user.set_password(new_password)
            user.save()
            messages.info(request,"Successfully saved")
        else:
            messages.info(request,"PASSWORD DOES NOT MATCH")
    else:
        messages.info(request,"PASSWORD INCORRECT")
    
 return render(request,"security.html")

当我填写当前密码时，出现错误 密码不正确。但是，当我填写 pbkdf2_sha256$320000$Cb4s4nwqKwirdgo50ZdjLH$aeuSP3X+dSZXsv0XJB0XxkpwfsmU+PedMX9Jl50Zark= ，我的密码变得正确并且用户密码是可更新的。我的问题是我想将当前密码字段填写为正常的当前密码而不会出现错误。

Answer 1

参考 Documentation Django 不在用户模型上存储原始（纯文本）密码
使用 authenticate 函数而不是使用 if password==c_password:.

from django.contrib.auth import authenticate
def password(request):
 if request.method=="POST":
    password =request.user.password
    username=request.user.username
    c_password=request.POST["current_password"]
    new_password=request.POST["new_password"]
    r_new_password=request.POST["retype_new_password"]
    user = authenticate(username=username, password=c_password)
    if user is not None:
        if new_password==r_new_password:
            user =User.objects.get(username=username)
            user.set_password(new_password)
            user.save()
            messages.info(request,"Successfully saved")
        else:
            messages.info(request,"PASSWORD DOES NOT MATCH")
    else:
        messages.info(request,"PASSWORD INCORRECT")
    
 return render(request,"security.html")

Answer 2

您使用 authenticate(…) ^[Django-doc] 来验证密码：这将检索哈希算法和盐，并检查哈希值是否匹配，因此您可以使用：

def password(request):
    if request.method == 'POST':
        c_password = request.POST['current_password']
        new_password = request.POST['new_password']
        r_new_password = request.POST['retype_new_password']
        user = authenticate(username=request.user.username, password=c_password)
        if user is not None:
            if new_password == r_new_password:
                user.set_password(new_password)
                user.save()
                messages.info(request, 'Successfully saved')
            else:
                messages.info(request, 'PASSWORDS DOE NOT MATCH')
        else:
            messages.info(request, 'PASSWORD INCORRECT')
    return render(request, 'security.html')

但是有一个 PasswordChangeView ^[Django-doc] 来更改密码：这已经实现了逻辑并使用了一个表单。您可以注入不同的模板，例如：

path(
    'password/change/',
    <strong>PasswordChangeView.as_view(</strong>template_name='security.html'<strong>)</strong>,
    name='password_change'
)

Note: In case of a successful POST request, you should make a redirect ^[Django-doc] to implement the Post/Redirect/Get pattern ^[wiki]. This avoids that you make the same POST request when the user refreshes the browser.

Note: You can limit views to a view to authenticated users with the @login_required decorator ^[Django-doc].

Note: It is better to use a Form ^[Django-doc] than to perform manual validation and cleaning of the data. A Form will not only simplify rendering a form in HTML, but it also makes it more convenient to validate the input, and clean the data to a more convenient type.

如何在django中更新用户密码

How to update User password in django

authentication

django

user-input

django-models

django-views