时间戳

首页 > 解决方案 > 密码永远无效 - Django

python - 密码永远无效 - Django

问题描述

所以我正在尝试为 API 构建自定义登录功能,我正在尝试使用令牌来实现这一点,但我遇到了一些问题。它总是说密码无效,因此即使密码有效,密码有效条件也永远不会因为某种原因变为真,这是我的代码:

class UserTokenHandler(APIView):
    def get(self, request, format=None):
        username = request.GET['username']
        password = request.GET['password']
        user = User.objects.filter(username=username)
        if user.exists():
            if User.objects.get(username=username).password == password:
                chosen_token = ''
                for i in range(20):
                    lower_case = ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z']
                    numbers = ['1', '2', '3', '4', '5', '6', '7', '8', '9', '0']
                    upper_case = ['A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z']
                    random_choice = random.randint(1,3)
                    if random_choice == 1:
                        chosen_token += lower_case[random.randint(0, len(list) -1)]
                    elif random_choice == 2:
                        chosen_token += numbers[random.randint(0, len(list) -1)]
                    elif random_choice == 3:
                        chosen_token += upper_case[random.randint(0, len(list) -1)]
                token = UserLogin.objects.create(token=chosen_token, user=user)
                token.save()
                print(password)
                print(username)
                return Response({'Token': chosen_token})
            else:
                print(password)
                print(username)
                return Response({'Error':'Invalid Password'})

标签: pythondjangodjango-rest-framework

解决方案

您应该使用 check_password 方法来检查密码,因为密码是加密的

注意:密码等重要信息最好使用 POST 方法,因为 GET 方法会在 URL 中显示密码

class UserTokenHandler(APIView):
    def get(self, request, format=None):
        username = request.GET['username']
        password = request.GET['password']
        user = User.objects.filter(username=username)
        if user.exists():
            if User.objects.get(username=username).check_password(password):
                chosen_token = ''
                for i in range(20):
                    lower_case = ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z']
                    numbers = ['1', '2', '3', '4', '5', '6', '7', '8', '9', '0']
                    upper_case = ['A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z']
                    random_choice = random.randint(1,3)
                    if random_choice == 1:
                        chosen_token += lower_case[random.randint(0, len(list) -1)]
                    elif random_choice == 2:
                        chosen_token += numbers[random.randint(0, len(list) -1)]
                    elif random_choice == 3:
                        chosen_token += upper_case[random.randint(0, len(list) -1)]
                token = UserLogin.objects.create(token=chosen_token, user=user)
                token.save()
                print(password)
                print(username)
                return Response({'Token': chosen_token})
            else:
                print(password)
                print(username)
                return Response({'Error':'Invalid Password'})

推荐阅读