django 更改电子邮件地址 - 确认密码
django change email address - confirm password
我有一个表单允许用户更改他们的电子邮件地址。该表单还提示用户输入当前密码作为表单的一部分。
表单确实更改了电子邮件地址,但用户可以输入任何密码值,并且电子邮件地址已更改。
由于某种原因,在更改电子邮件之前没有检查和确认密码。
我不知道我做了什么。
这是我的表单代码:
class EmailChangeForm(forms.Form):
error_messages = {
'email_mismatch': _("The two e-mail address fields do not match."),
'email_inuse': _("This e-mail address cannot be used. Please select a different e-mail address."),
'password_incorrect': _("Incorrect password."),
}
current_password = forms.CharField(
label=_("Current Password"),
widget=forms.PasswordInput,
required=True
)
new_email1 = forms.EmailField(
label=_("New E-mail Address"),
max_length=254,
required=True
)
new_email2 = forms.EmailField(
label=_("Confirm New E-mail Address"),
max_length=254,
required=True
)
def __init__(self, user, *args, **kwargs):
self.user = user
super(EmailChangeForm, self).__init__(*args, **kwargs)
def clean_current_password(self):
"""
Validates that the password field is correct.
"""
current_password = self.cleaned_data["current_password"]
if not self.user.check_password(current_password):
raise forms.ValidationError(self.error_messages['password_incorrect'], code='password_incorrect',)
return current_password
def clean_new_email1(self):
"""
Prevents an e-mail address that is already registered from being registered by a different user.
"""
email1 = self.cleaned_data.get('new_email1')
if User.objects.filter(email=email1).count() > 0:
raise forms.ValidationError(self.error_messages['email_inuse'], code='email_inuse',)
return email1
def clean_new_email2(self):
"""
Validates that the confirm e-mail address's match.
"""
email1 = self.cleaned_data.get('new_email1')
email2 = self.cleaned_data.get('new_email2')
if email1 and email2:
if email1 != email2:
raise forms.ValidationError(self.error_messages['email_mismatch'], code='email_mismatch',)
return email2
def save(self, commit=True):
self.user.email = self.cleaned_data['new_email1']
if commit:
self.user.save()
return self.user
这是我的 views.py 代码:
@login_required
def email_change(request):
language_versions = get_language_versions(user=request.user)
if request.method == 'GET':
form = EmailChangeForm(user=request.user)
elif request.method == 'POST':
form = EmailChangeForm(user=request.user, data=request.POST)
if form.is_valid():
form.save()
messages.success(request, _('successfully updated.'))
return redirect('email_change')
return render(request, 'user_settings/email_change.html', {
'display_default_language': display_default_language(request.user),
'form': form,
'languages': LANGUAGES,
'language_versions': language_versions,
'language_versions_num': len(language_versions),
})
您的 clean_password()
方法应称为 clean_current_password()
。
我有一个表单允许用户更改他们的电子邮件地址。该表单还提示用户输入当前密码作为表单的一部分。
表单确实更改了电子邮件地址,但用户可以输入任何密码值,并且电子邮件地址已更改。
由于某种原因,在更改电子邮件之前没有检查和确认密码。
我不知道我做了什么。
这是我的表单代码:
class EmailChangeForm(forms.Form):
error_messages = {
'email_mismatch': _("The two e-mail address fields do not match."),
'email_inuse': _("This e-mail address cannot be used. Please select a different e-mail address."),
'password_incorrect': _("Incorrect password."),
}
current_password = forms.CharField(
label=_("Current Password"),
widget=forms.PasswordInput,
required=True
)
new_email1 = forms.EmailField(
label=_("New E-mail Address"),
max_length=254,
required=True
)
new_email2 = forms.EmailField(
label=_("Confirm New E-mail Address"),
max_length=254,
required=True
)
def __init__(self, user, *args, **kwargs):
self.user = user
super(EmailChangeForm, self).__init__(*args, **kwargs)
def clean_current_password(self):
"""
Validates that the password field is correct.
"""
current_password = self.cleaned_data["current_password"]
if not self.user.check_password(current_password):
raise forms.ValidationError(self.error_messages['password_incorrect'], code='password_incorrect',)
return current_password
def clean_new_email1(self):
"""
Prevents an e-mail address that is already registered from being registered by a different user.
"""
email1 = self.cleaned_data.get('new_email1')
if User.objects.filter(email=email1).count() > 0:
raise forms.ValidationError(self.error_messages['email_inuse'], code='email_inuse',)
return email1
def clean_new_email2(self):
"""
Validates that the confirm e-mail address's match.
"""
email1 = self.cleaned_data.get('new_email1')
email2 = self.cleaned_data.get('new_email2')
if email1 and email2:
if email1 != email2:
raise forms.ValidationError(self.error_messages['email_mismatch'], code='email_mismatch',)
return email2
def save(self, commit=True):
self.user.email = self.cleaned_data['new_email1']
if commit:
self.user.save()
return self.user
这是我的 views.py 代码:
@login_required
def email_change(request):
language_versions = get_language_versions(user=request.user)
if request.method == 'GET':
form = EmailChangeForm(user=request.user)
elif request.method == 'POST':
form = EmailChangeForm(user=request.user, data=request.POST)
if form.is_valid():
form.save()
messages.success(request, _('successfully updated.'))
return redirect('email_change')
return render(request, 'user_settings/email_change.html', {
'display_default_language': display_default_language(request.user),
'form': form,
'languages': LANGUAGES,
'language_versions': language_versions,
'language_versions_num': len(language_versions),
})
您的 clean_password()
方法应称为 clean_current_password()
。