时间戳

首页 > 解决方案 > django rest 中所有用户的密码正在更改

django-rest-framework - django rest 中所有用户的密码正在更改

问题描述

我已经为密码更改制作了一个 API,但它正在更改所有用户的密码,而不仅仅是一个用户。

序列化器代码如下:

class ChangePasswordSerializer(serializers.ModelSerializer):
password1 = serializers.CharField(write_only=True, required=True, validators=[validate_password])
password2 = serializers.CharField(write_only=True, required=True)
old_password = serializers.CharField(write_only=True, required=True)

class Meta:
    model = User
    fields = ('old_password', 'password1', 'password2')

def validate(self, attrs):
    if attrs['password1'] != attrs['password2']:
        raise serializers.ValidationError({"password": "Password fields didn't match."})

    return attrs

def validate_old_password(self, value):
    user = self.context['request'].user
    if not user.check_password(value):
        raise serializers.ValidationError({"old_password": "Old password is not correct"})
    return value

def update(self, instance, validated_data):

    instance.set_password(validated_data['password1'])
    instance.save()
    return  instance

查看代码如下:

class ChangePasswordView(generics.UpdateAPIView):

queryset = User.objects.all()
permission_classes = (IsAuthenticated,)
serializer_class = ChangePasswordSerializer

这段代码有什么问题?

标签: django-rest-framework

解决方案

密码更改非常简单。Django 已经有一个表单来做这件事。试试下面的代码:

    @api_view(['PUT'])
    @permission_classes([IsAuthenticated])
    def change_password(request):
        form = PasswordChangeForm(request.user, request.data)
        if form.is_valid():
            form.save()
            serializer = UserSerializer(request.user)
            return Response(serializer.data)
        return Response(form.errors, status=status.HTTP_400_BAD_REQUEST)

阅读此页面以获取有关如何使用 DRF 构建用户身份验证方法的更多信息:https ://kushgoyal.com/creating-a-sceure-login-api-using-drf-token-auth/

网址将采用以下格式: url(r'change_password/', views.change_password)

推荐阅读