首页 文章

在Userlogin期间,Django Authenticate使用正确的用户名和密码返回None

提问于
浏览
2

我的用户登录有一些身份验证过程的问题 . 我正在使用django 1.9和python 3.6

this is my code repository

user = authenticate(用户名=用户名,密码=密码)

将用户返回为none

这就是我的 Accounts/views.py 寻找登录的方式

def register(request):
registered = False
if request.method == 'POST':
    reg_form = RegistrationForm(data=request.POST)
    profile_form = UserProfileForm(data=request.POST)
    if reg_form.is_valid() and profile_form.is_valid():
        user = reg_form.save()
        # print('before set password = ', user.password)
        user.set_password(user.password)
        # print('after set password = ', user.password)
        user.save()
        print(user.password)
        profile = profile_form.save(commit=False)
        profile.user = user
        profile.email = user.email
        profile.first_name = user.first_name
        profile.last_name = user.last_name
        if 'profile_pic' in request.FILES:
            profile.profile_pic = request.FILES['profile_pic']
            print('uploading pic .....')
        profile.save()
        args = {'reg_form': reg_form, 'profile_form': profile_form, 'registered': True}
        head_list.update(args)
        return render(request, 'registration.html', head_list)

    else:
        print(reg_form.errors, profile_form.errors)
        args = {'reg_form': reg_form.errors, 'profile_form': profile_form.errors, 'registered': False}
        head_list.update(args)
        return render(request, 'registration.html', head_list, args)
else:
    reg_form = RegistrationForm()
    profile_form = UserProfileForm()
    args = {'reg_form': reg_form, 'profile_form': profile_form, 'registered': False}
    head_list.update(args)
    print(head_list)
    return render(request, 'registration.html', head_list)


def login_view(request):
params = {}
params.update(csrf(request))
if request.method == 'POST':
    form = LoginForm(request.POST)
    if form.is_valid():
        username = form.cleaned_data.get('username')
        password = form.cleaned_data.get('password')
        # First get the username and password supplied
        # username = request.POST.get('username', '')
        # password = request.POST.get('password', '')
        # Django's built-in authentication function:
        print(username, password)
        user = authenticate(username=username, password=password)
        print('after aunthenticate', user)
    # If we have a user
        if user:
            # Check it the account is active
            if user.is_active:
                # Log the user in.
                login(request, username)
                # Send the user back to some page.
                # In this case their homepage.
                # return HttpResponseRedirect(reverse('/user_login/'))
                return render_to_response('user_login.html', RequestContext(request, {}))
            else:
                # If account is not active:
                return HttpResponse("Your account is not active.")
        else:
            print("Someone tried to login and failed.")
            print("They used username: {} and password: {}".format(username, password))
            return HttpResponse("Invalid login details supplied.")

else:
    form = LoginForm()
    args = {'form': form}
    head_list.update(args)
    # Nothing has been provided for username or password.
    return render(request, 'login.html', head_list)

login.html页面如下所示

{% block content %}
    <section class="container">
    <h1>LiquorApp Login Console</h1>
        <div class="login">
            <h1>Login to WebApp</h1>
            <form method="post" action="/user_login/">
                {% csrf_token %}
                {{ form.as_p }}
                {% comment %}Username: <input type="text" name="username" value="" size="50" />
                
{% endcomment %}
                {% comment %}<p><input type="text" name="username" value="" id="username" placeholder="username"></p>
                <p><input id ="password" type="password" name="password" value="" placeholder="password"></p>
                <p class="remember_me">{% endcomment %}
                  <label>
                    <input type="checkbox" name="remember_me" id="remember_me">
                    Remember me on this computer
                  </label>
                </p>
                <p class="submit"><input type="submit" name="commit" value="Login"></p>
            </form>
        </div>
    </section>
{% endblock %}

请建议我在哪里做错了我的身份验证模块没有返回任何内容 .

我还在settings.py文件中添加了以下内容

AUTHENTICATION_BACKENDS =('django.contrib.auth.backends.ModelBackend',)

django python-3.x login django-templates django-login

4 回答

  • 1

    Django 2.1身份验证返回 users 进行任何身份验证,仅当 user.is_active=TRUE 并且您需要先保存 form.save(commit=False) 的响应然后设置自定义变量

    if form.is_valid():
    user= form.save(commit=False)
    user.active=True
    user.staff=False
    user.admin=False
    user.save()
    messages.success(request, 'Account created successfully')
    回复于
  • 0

    在Django 1.11中调用 authenticate(username=user.username, password=password, request=request) 之前确保 user.is_active is True .

    它在Django 1.8中运行良好,但在之前和当前LTS之间的某个地方,它们在 ModelBackend 类中添加了 user.is_active 的额外检查:

    class ModelBackend(object):
    """
    Authenticates against settings.AUTH_USER_MODEL.
    """

    def authenticate(self, request, username=None, password=None, **kwargs):
        if username is None:
            username = kwargs.get(UserModel.USERNAME_FIELD)
        try:
            user = UserModel._default_manager.get_by_natural_key(username)
        except UserModel.DoesNotExist:
            # Run the default password hasher once to reduce the timing
            # difference between an existing and a non-existing user (#20760).
            UserModel().set_password(password)
        else:
            if user.check_password(password) and self.user_can_authenticate(user):
                return user

    def user_can_authenticate(self, user):
        """
        Reject users with is_active=False. Custom user models that don't have
        that attribute are allowed.
        """
        is_active = getattr(user, 'is_active', None)
        return is_active or is_active is None

    至于使用Django内置身份验证视图的建议,它们对于自定义非标准身份验证并不方便 .

    回复于
  • 0

    您需要为User类定义check_password

    def check_password(self, raw_password):
    if self.password == raw_password:
        return True
    else:
        return False

    因为如果你检查django.contrib.auth.models下的源代码,check_password()raise和NotImplemented错误 .

    回复于
  • 1

    去掉

    user.set_password(user.password)

    来自Accounts.views.register

    回复于

相关问题