Django-如何保存我的散列密码

2024-06-28 16:16:58 发布

您现在位置:Python中文网/ 问答频道 /正文
833 3

我试图将我的散列密码保存在数据库中,但它一直保存我的明文密码

型号:

class StudentRegistration(models.Model):
    email = models.EmailField(max_length=50)
    first_name = models.CharField(max_length=20)
    last_name = models.CharField(max_length=20)
    password = models.CharField(max_length=100, default="", null=False)
    prom_code = models.CharField(max_length=8, default="", null=False)
    gender = (
    ("M","Male"),
    ("F","Female"),
    )
    gender = models.CharField(max_length=1, choices=gender, default="M",    null=False)
    prom_name = models.CharField(max_length=20, default="N/A")
    prom_year = models.IntegerField(max_length=4, default=1900)
    school = models.CharField(max_length=50, default="N/A")



    def save(self):
         try:
            Myobj = Space.objects.get(prom_code = self.prom_code)
            self.prom_name = Myobj.prom_name
            self.prom_year = Myobj.prom_year
            self.school = Myobj.school_name

            super(StudentRegistration, self).save()

        except Space.DoesNotExist:
            print("Error")

视图:

def register_user(request):
    args = {}
    if request.method == 'POST':
        form = MyRegistrationForm(request.POST)     # create form object
        if form.is_valid():
            clearPassNoHash = form.cleaned_data['password']
            form.password = make_password(clearPassNoHash, None, 'md5')
            form.save()
            form = MyRegistrationForm()
            print ('se salvo')
        else:
            print ('Error en el form')
    else:
        form = MyRegistrationForm()


    args['form'] = form #MyRegistrationForm()

    return render(request, 'register/register.html', args)

我已经打印了散列结果,所以我知道它是散列的,但没有保存。

我是不是用错了make_密码?或者有更好的方法来保护我的密码吗?

——————————————————————————————————————————————————————————————————————

在settings.py中记住:

#The Hasher you are using
PASSWORD_HASHERS = (
    'django.contrib.auth.hashers.MD5PasswordHasher',
)

型号.py:

#Import and add the AbstractBaseUser in your model

class StudentRegistration(AbstractBaseUser, models.Model):

视图.py:

if form.is_valid():
    user = form.save(commit=False)
    clearPassNoHash = form.cleaned_data['password']
    varhash = make_password(clearPassNoHash, None, 'md5')
    user.set_password(varhash)
    user.save()

Tags: nameselfformfalsedefault密码modelssave
2条回答
网友
1楼 · 编辑于 2024-06-28 16:16:58

使用文档中的Django set_密码

https://docs.djangoproject.com/en/1.9/ref/contrib/auth/

您还需要使用form.save(commit=False)从表单中获取模型对象

if form.is_valid():
    # get model object data from form here
    user = form.save(commit=False)

    # Cleaned(normalized) data
    username = form.cleaned_data['username']
    password = form.cleaned_data['password']

    #  Use set_password here
    user.set_password(password)
    user.save()
网友
2楼 · 编辑于 2024-06-28 16:16:58

先保存对象,不提交给DB,然后在最后保存之前更新密码。确保你的进口都是正确的。

def register_user(request):
        if request.method == 'POST':
            form = MyRegistrationForm(request.POST)     # create form object
            if form.is_valid():
                new_object = form.save(commit=False)
                new_object.password = make_password(form.cleaned_data['password'])
                new_object.save()
                messages.success(request, "Form saved.")
                return redirect("somewhere")
            else:
                messages.error(request, "There was a problem with the form.")
        else:
            form = MyRegistrationForm()

        return render(request, 'register/register.html', { 'form': form })

相关问题 更多 >

    编程相关推荐