时间戳

首页 > 解决方案 > 如何验证 forms.py 中的旧用户密码 - Django

django - 如何验证 forms.py 中的旧用户密码 - Django

问题描述

我有一个页面,用户可以在其中更改其帐户密码。我制作了一个密码验证表单,但我不知道如何检查“old_password”字段中的密码是否是真正的旧密码。

class ChangePasswordForm(forms.ModelForm):
    password_old = forms.CharField(label="", widget=forms.PasswordInput(attrs={'placeholder': 'Type current password'}))
    password1 = forms.CharField(label="", widget=forms.PasswordInput(attrs={'placeholder': 'Type a new password'}))
    password2 = forms.CharField(label="", widget=forms.PasswordInput(attrs={'placeholder': 'Confirm password'}))

    class Meta:
        model = Users
        fields = ('password_old', 'password1', 'password2',)

    def clean_password1(self):
        password1 = self.cleaned_data.get('password1')
        try:
            validate_password(password1, self.instance)
        except forms.ValidationError as error:
            self.add_error('password1', error)
        return password1

    def clean_password2(self):
        password1 = self.cleaned_data.get("password1")
        password2 = self.cleaned_data.get("password2")
        if password1 and password2 and password1 != password2:
            raise forms.ValidationError("Passwords didn't match")
        return password2

标签: djangoformsauthenticationpassword-confirmation

解决方案

如果模型正确Users实现了AbstractBaseUser模型,则可以使用.check_password(…)方法 [Django-doc]

class ChangePasswordForm(forms.ModelForm):
    password_old = forms.CharField(
        label='',
        widget=forms.PasswordInput(attrs={'placeholder':'Type current password'})
    )
    password1 = forms.CharField(
        label='',
        widget=forms.PasswordInput(attrs={'placeholder':'Type a new password'})
    )
    password2 = forms.CharField(
        label='',
        widget=forms.PasswordInput(attrs={'placeholder':'Confirm password'})
    )
    
    class Meta:
        model = Users
        fields = ('password',)
    
    def clean_password_old(self):
        password_old = self.cleaned_data.get('password_old')
        if not self.instance.check_password(password_old):
            self.add_error('password_old', 'Password did not match')
        return password_old
    
    def clean_password2(self):
        password1 = self.cleaned_data.get('password')
        password2 = self.cleaned_data.get('password2')
        if password1 and password2 and password1 != password2:
            raise forms.ValidationError("Passwords didn't match")
        return password2

    def save(*args, **kwargs):
        result = super().save(*args, **kwargs)
        self.instance.set_password(self.instance.password)
        return result

推荐阅读