django - 使用包含标签登录每个页面：示例和疑问

Question

我在项目的每个页面上都需要一个登录表单，并且我正在使用包含标签来实现它。使用 django 文档和一些类似的示例，到目前为止，我已经编写了以下代码：

• 项目树：

  myProj
  ├── myProj
  │   └── settings.py
  ├── celeryPy2
  │   ├── forms.py
  │   ├── templatetags
  │   │   └── my_tags.py
  │   ├── urls.py
  │   └── views.py
  └── templates
      ├── base.html
      └── celeryPy2
          ├── login.html
          └── start.html
  

• 网址.py

  from django.contrib.auth.views import login, logout
  
  urlpatterns = patterns('celeryPy2.views',
      url(r'^$',    'start',   name='start'),
      url(r'^accounts/login/$', login,  name='login'),
      url(r'^accounts/logout/$', logout, {'next_page':'/celeryPy2'}, name='logout'),
  )
  

• 视图.py

  def start(request):
      return render_to_response('celeryPy2/start.html', {},
                                context_instance=RequestContext(request))
  

• 开始.html

  {% extends "base.html" %}
  {% block title %}celeryPy2 start page{% endblock title %}
  {% block content %}
  {% load my_tags %}
  {% login_form %}
  {% endblock content %}
  

• base.html

  <!DOCTYPE html>
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head><meta charset="utf-8" /><title>celeryPy2</title></head>
  <body>
      <div id="header">{% block header %}{% endblock %}</div>
      <div id="content">{% block content %}{% endblock %}</div>
      <footer id="footer">{% block footer %}{% endblock %}</footer>
  </body>
  </html>
  

• my_tags.py

  from django import template
  register = template.Library()
  
  from celeryPy2.forms import UserForm
  
  @register.inclusion_tag('celeryPy2/login.html', takes_context=True)
  def login_form(context):
      form = UserForm
      user = context['user']
      return {'form': form,'user': user}
  

• 表格.py

  class UserForm(ModelForm):
      class Meta:
          model = User
          fields = ('username','password')
  

• 登录.html

  {% if not user.is_authenticated %}
      <form  id="idLogInForm" method="post" action="{% url 'django.contrib.auth.views.login' %}?next=/celeryPy2" class="loginForm">{% csrf_token %}
          {{ form.as_p }}
          <button id="idLogInSubmit" name="idLogInSubmit" type="submit">Login</button>
      </form>
  {% else %}
      <form id="idLogOutForm" method="post" action="{% url 'django.contrib.auth.views.logout' %}">{% csrf_token %}
          <span id="welcomeUserId" class="welcomeUserClass">Welcome, <strong>{{ user.username }}</strong></span>
          <button id="idLogOutSubmit" name="idLogOutSubmit" type="submit">Logout</button>
      </form>
  {% endif %}
  

我有以下问题和疑问：

1. 这是实现它的正确方法还是我会遇到安全问题？
2. 当我插入错误的用户凭据时，我正确地得到了错误Please enter a correct username and password. Note that both fields may be case-sensitive.，并且浏览器 url 栏设置为/celeryPy2/accounts/login/?next=/celeryPy2. 但是，如果我尝试重新登录，它会尝试访问不存在的 url /accounts/profile/。为什么？我不得不说我的settings.py中没有LOGIN_URL或LOGIN_REDIRECT_URL。[已解决，见下文]
3. 为什么我得到的密码输入字段是明文而不是被掩码字符隐藏？[已解决，见下文]
4. 为什么我Required. 30 characters or fewer. Letters, numbers and @/./+/-/_ characters在用户名输入字段旁边得到标签？[已解决，见下文]

这是我发现有一个代码插件可以在每个页面中重用的方式，它与 django 内置功能尽可能兼容。这对我来说看起来有点棘手（涉及很多文件），可能还有一些需要改进的地方，但我发现这是完成任务的最简单方法。欢迎任何其他更好的想法！

Answer 1

我通过以下代码修改解决了第 2、3 和 4 点：

• 网址.py

  from django.contrib.auth.views import login, logout
  
  urlpatterns = patterns('celeryPy2.views',
      url(r'^$',    'start',   name='start'),
      url(r'^login/$', login, {'template_name':'celeryPy2/login.html'},  name='login'),
      url(r'^logout/$', logout, {'next_page':'/celeryPy2'}, name='logout'),
  )
  

• 表格.py

  from django.forms import CharField
  from django.forms import ModelForm, PasswordInput
  from django.contrib.auth.models import User
  
  class UserForm(ModelForm):
      username = CharField()
      class Meta:
          model = User
          fields = ('username','password')
          widgets = {'password': PasswordInput()}
  

• 登录.html

  {% if not user.is_authenticated %}
      <form  id="idLogInForm" method="post" action="{% url 'login' %}" class="loginForm">{% csrf_token %}
          {{ form.as_p }}
          <button id="idLogInSubmit" name="idLogInSubmit" type="submit">Login</button>
      </form>
  {% else %}
      <form id="idLogOutForm" method="post" action="{% url 'logout' %}">{% csrf_token %}
          <span id="welcomeUserId" class="welcomeUserClass">Welcome, <strong>{{ user.username }}</strong></span>
          <button id="idLogOutSubmit" name="idLogOutSubmit" type="submit">Logout</button>
      </form>
  {% endif %}
  

最后我添加LOGIN_REDIRECT_URL='/celeryPy2'到 myProj/settings.py 中。

第 1 点仍然是开放的：这个实现是一个好的实现还是可能导致安全问题？