目前,我在我的網站中添加了一種在注冊時進行電子郵件確認的方法。我看到的是,當用戶注冊但尚未點擊確認鏈接并嘗試登錄時,我無法區分錯誤的用戶/密碼和未確認的用戶。
這是我的登錄功能:
def loginUser(request):
if request.user.is_authenticated:
return redirect("decks:index")
if request.method == "POST":
form = AuthenticationForm(request, data=request.POST)
if form.is_valid():
username = form.cleaned_data.get('username')
password = form.cleaned_data.get('password')
user = authenticate(username=username, password=password)
if user is not None and user.is_active:
login(request, user)
return redirect("myApp:portal")
elif user is not None:
messages.error(request, "Email is not confirmed.")
else:
messages.error(request, "Invalid username or password.")
else:
messages.error(request, "Invalid username or password.")
form = AuthenticationForm()
return render(request, "myApp/login.html", context = {'login_form': form})
問題是在運行form.is_valid()函式authenticate時/home/nowork/.local/lib/python3.8/site-packages/django/contrib/auth ModelBackend執行:
def authenticate(self, request, username=None, password=None, **kwargs):
if username is None:
username = kwargs.get(UserModel.USERNAME_FIELD)
if username is None or password is None:
return
try:
user = UserModel._default_manager.get_by_natural_key(username)
except UserModel.DoesNotExist:
# Run the default password hasher once to reduce the timing
# difference between an existing and a nonexistent user (#20760).
UserModel().set_password(password)
else:
if user.check_password(password) and self.user_can_authenticate(user):
return user
因此,當標志為form.is_valid()時,永遠不會為真。所以我無法判斷用戶 密碼的組合是否不正確或用戶尚未確認。is_activeFalse
我不確定這樣做的正確方法是什么,我想這樣做:
User.objects.get(username=request.POST['username'])
用戶可以以某種方式利用它嗎?有沒有更好的方法來實作這一點?
使用 python3 和 Django 4.0
uj5u.com熱心網友回復:
你可以自己CustomLoginBackend做
from django.contrib.auth import get_user_model
class CustomLoginBackend(object):
def authenticate(self, request, username, password):
User = get_user_model()
try:
user = User.objects.using(db_name).get(username=username)
except User.DoesNotExist:
return None
else:
if user.check_password(password):
return user
return None
然后在你的views.py
def loginUser(request):
if request.user.is_authenticated:
return redirect("decks:index")
if request.method == "POST":
form = AuthenticationForm(request, data=request.POST)
if form.is_valid():
username = form.cleaned_data.get('username')
password = form.cleaned_data.get('password')
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active == True:
login(request, user)
return redirect("myApp:portal")
else:
messages.error(request, "Email is not confirmed.")
else:
messages.error(request, "Invalid username or password.")
else:
messages.error(request, "Invalid username or password.")
form = AuthenticationForm()
return render(request, "myApp/login.html", context = {'login_form': form})
最后別忘了添加AUTHENTICATION_BACKENDS你的settings.pyas
AUTHENTICATION_BACKENDS = ['path_to_your.CustomLoginBackend ',]
轉載請註明出處,本文鏈接:https://www.uj5u.com/shujuku/440199.html