python - 注册表单不起作用(CSRF 令牌丢失或不正确。) django
问题描述
我正在尝试在管理界面中将用户添加到用户组的注册表单,但由于某种原因,注册表单没有保存在数据库中,而是给了我这个错误 Forbidden (403) CSRF 验证失败。请求中止。失败原因:CSRF 令牌丢失或不正确。 有人可以告诉我我在这里缺少什么吗?
装饰器.py
from django.http import HttpResponse
from django.shortcuts import redirect
def unauthenticated_user(view_func):
def wrapper_func(request, *args, **kwargs):
if request.user.is_authenticated:
return redirect('index')
else:
return view_func(request, *args, **kwargs)
return wrapper_func
def allowed_users(allowed_roles=[]):
def decorator(view_func):
def wrapper_func(request, *args, **kwargs):
group = None
if request.user.groups.exists():
group = request.user.groups.all()[0].name
if group in allowed_roles:
return view_func(request, *args, **kwargs)
else:
return HttpResponse('You are not authorized to view this page')
return wrapper_func
return decorator
def admin_only(view_func):
def wrapper_function(request, *args, **kwargs):
group = None
if request.user.groups.exists():
group = request.user.groups.all()[0].name
if group == 'user':
return redirect('home')
if group == 'admin':
return view_func(request, *args, **kwargs)
return wrapper_function
视图.py
@unauthenticated_user
def sign_up(request):
data = CreateUserForm()
if request.method == 'POST':
data = CreateUserForm(request.POST or None)
if data.is_valid():
user = data.save()
username = data.cleaned_data.get('username')
group = Group.objects.get(name='user')
user.groups.add(group)
messages.success(request, 'Account was created for ' + username)
return redirect('login')
context = {'info':data,}
return render(request, 'signup.html', context)
@unauthenticated_user
def login_page(request):
if request.method == 'POST':
username = request.POST.get('username')
password =request.POST.get('password')
user = authenticate(request, username=username, password=password)
if user is not None:
login(request, user)
return redirect('index')
else:
messages.info(request, 'Username OR password is incorrect')
context = {}
return render(request, 'signin.html', context)
解决方案
只需添加
{% csrf_token %}
在您的 signup.html、login.html...
例如:
<form method="post">
{% csrf_token %}
// form here
</form>
推荐阅读
- .htaccess - 限制对 htaccess 中目录的访问
- javascript - NextJs 中的 Antd 自定义主题
- c++ - 编译器建议类的两个候选人
- python - 卡片元素之间的间隙
- qt - 如何在 TableView QtQuick.Controls 2.4 中实现 TableView QtQuick.Controls 1.4 的 Selectable future
- javascript - 从 ID 数组中查询 firestore 中的文档
- git - ssh 连接超时说明
- wordpress - 在帖子主页中显示自定义字段副标题(主题 Hueman)。-
- c - 如何在linux中一次加载一个ELF文件?
- python - 使用 websocket 的相互 SSL/TLS