时间戳

首页 > 解决方案 > 检查密码总是返回 false django

django - 检查密码总是返回 false django

问题描述

我使用 django 并将用户密码存储为使用 make_password 创建的哈希值。当我运行 check_password 时,我总是得到一个错误的返回,我不知道如何解决这个问题。

任何帮助将非常感激。

我的用户注册如下所示:

def user_reg_view(request):
    form = UserForm(request.POST or None)
    if form.is_valid():
        password = hashers.make_password(form.cleaned_data.get('password'))
        fname = form.cleaned_data.get('first_name')
        lname = form.cleaned_data.get('last_name')
        email = form.cleaned_data.get('email')
        company_id = form.cleaned_data.get('company')
        User.objects.create_user(
            email = email,
            password=password,
            first_name = fname,
            last_name = lname,
            username = email,
            company_id = company_id)
        form = UserForm()
    var = {'form': form}
    return render(request, 'user_registry.html', var)

我失败的登录功能部分看起来像这样(假设用户存在并且输入的密码始终相同):

def login_view(request):
    form = LoginForm(request.POST or None)
    if form.is_valid():

        username = form.cleaned_data.get('username')
        user = User.objects.get(username=username)
        password = form.cleaned_data.get('password')
        encoded_password =  user.password
        print(hashers.make_password(password) == user.password)
        #returns false
        print(hashers.check_password(password=password, encoded=hashers.make_password(password), setter=None))
        #returns true
        print(hashers.check_password(password=password, encoded=encoded_password))
        # returns false

我不明白第一次打印与第二次打印有何不同,当然每次生成的密码哈希对于相同的字符串都不同,但 check_password 不应该能够处理吗?

如果错误可能出现在传递的寄存器表单值中,这里也是该函数的一个片段:

class UserForm(forms.ModelForm):
    company = forms.CharField(max_length=50, label='', widget=forms.TextInput(attrs={'placeholder': 'your company'}))
    first_name = forms.CharField(max_length=30, label='', widget=forms.TextInput(attrs={'placeholder': 'first name'}))
    last_name = forms.CharField(max_length=30, label='', widget=forms.TextInput(attrs={'placeholder': 'last name'}))
    email = forms.CharField(max_length=40, label='', widget=forms.TextInput(attrs={'placeholder': 'email'}))
    password1 = forms.CharField(
        strip=False,
        widget=forms.PasswordInput(attrs={'autocomplete': 'new-password'}),
        validators=[validate_password],
        label='password')
    password2 = forms.CharField(
        label= 'please confirm password',
        widget=forms.PasswordInput(attrs={'autocomplete': 'new-password'}),
        strip=False
    )

    class Meta:
        model = User
        fields = ['first_name', 'last_name', 'email']
        
    def clean_password2(self):
        password1 = self.cleaned_data.get("password1")
        password2 = self.cleaned_data.get("password2")
        if password1 and password2 and password1 != password2:
            raise forms.ValidationError('password_mismatch')
        return password2

标签: djangoauthenticationpassword-hash

解决方案

我相信 Django 会在您调用时再次对您提供的值进行哈希处理create_user(),您可以查看此答案,其中说您可以先使用密码create(),然后save()按原样使用密码,而无需对您提供的值进行哈希处理。

推荐阅读