0

我在项目的每个页面上都需要一个登录表单,并且我正在使用包含标签来实现它。使用 django 文档和一些类似的示例,到目前为止,我已经编写了以下代码:

  • 项目树:

    myProj
    ├── myProj
    │   └── settings.py
    ├── celeryPy2
    │   ├── forms.py
    │   ├── templatetags
    │   │   └── my_tags.py
    │   ├── urls.py
    │   └── views.py
    └── templates
        ├── base.html
        └── celeryPy2
            ├── login.html
            └── start.html
    
  • 网址.py

    from django.contrib.auth.views import login, logout
    
    urlpatterns = patterns('celeryPy2.views',
        url(r'^$',    'start',   name='start'),
        url(r'^accounts/login/$', login,  name='login'),
        url(r'^accounts/logout/$', logout, {'next_page':'/celeryPy2'}, name='logout'),
    )
    
  • 视图.py

    def start(request):
        return render_to_response('celeryPy2/start.html', {},
                                  context_instance=RequestContext(request))
    
  • 开始.html

    {% extends "base.html" %}
    {% block title %}celeryPy2 start page{% endblock title %}
    {% block content %}
    {% load my_tags %}
    {% login_form %}
    {% endblock content %}
    
  • base.html

    <!DOCTYPE html>
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head><meta charset="utf-8" /><title>celeryPy2</title></head>
    <body>
        <div id="header">{% block header %}{% endblock %}</div>
        <div id="content">{% block content %}{% endblock %}</div>
        <footer id="footer">{% block footer %}{% endblock %}</footer>
    </body>
    </html>
    
  • my_tags.py

    from django import template
    register = template.Library()
    
    from celeryPy2.forms import UserForm
    
    @register.inclusion_tag('celeryPy2/login.html', takes_context=True)
    def login_form(context):
        form = UserForm
        user = context['user']
        return {'form': form,'user': user}
    
  • 表格.py

    class UserForm(ModelForm):
        class Meta:
            model = User
            fields = ('username','password')
    
  • 登录.html

    {% if not user.is_authenticated %}
        <form  id="idLogInForm" method="post" action="{% url 'django.contrib.auth.views.login' %}?next=/celeryPy2" class="loginForm">{% csrf_token %}
            {{ form.as_p }}
            <button id="idLogInSubmit" name="idLogInSubmit" type="submit">Login</button>
        </form>
    {% else %}
        <form id="idLogOutForm" method="post" action="{% url 'django.contrib.auth.views.logout' %}">{% csrf_token %}
            <span id="welcomeUserId" class="welcomeUserClass">Welcome, <strong>{{ user.username }}</strong></span>
            <button id="idLogOutSubmit" name="idLogOutSubmit" type="submit">Logout</button>
        </form>
    {% endif %}
    

我有以下问题和疑问:

  1. 这是实现它的正确方法还是我会遇到安全问题?
  2. 当我插入错误的用户凭据时,我正确地得到了错误Please enter a correct username and password. Note that both fields may be case-sensitive.,并且浏览器 url 栏设置为/celeryPy2/accounts/login/?next=/celeryPy2. 但是,如果我尝试重新登录,它会尝试访问不存在的 url /accounts/profile/。为什么?我不得不说我的settings.py中没有LOGIN_URLLOGIN_REDIRECT_URL[已解决,见下文]
  3. 为什么我得到的密码输入字段是明文而不是被掩码字符隐藏?[已解决,见下文]
  4. 为什么我Required. 30 characters or fewer. Letters, numbers and @/./+/-/_ characters在用户名输入字段旁边得到标签?[已解决,见下文]

这是我发现有一个代码插件可以在每个页面中重用的方式,它与 django 内置功能尽可能兼容。这对我来说看起来有点棘手(涉及很多文件),可能还有一些需要改进的地方,但我发现这是完成任务的最简单方法。欢迎任何其他更好的想法!

4

1 回答 1

0

我通过以下代码修改解决了第 2、3 和 4 点:

  • 网址.py

    from django.contrib.auth.views import login, logout
    
    urlpatterns = patterns('celeryPy2.views',
        url(r'^$',    'start',   name='start'),
        url(r'^login/$', login, {'template_name':'celeryPy2/login.html'},  name='login'),
        url(r'^logout/$', logout, {'next_page':'/celeryPy2'}, name='logout'),
    )
    
  • 表格.py

    from django.forms import CharField
    from django.forms import ModelForm, PasswordInput
    from django.contrib.auth.models import User
    
    class UserForm(ModelForm):
        username = CharField()
        class Meta:
            model = User
            fields = ('username','password')
            widgets = {'password': PasswordInput()}
    
  • 登录.html

    {% if not user.is_authenticated %}
        <form  id="idLogInForm" method="post" action="{% url 'login' %}" class="loginForm">{% csrf_token %}
            {{ form.as_p }}
            <button id="idLogInSubmit" name="idLogInSubmit" type="submit">Login</button>
        </form>
    {% else %}
        <form id="idLogOutForm" method="post" action="{% url 'logout' %}">{% csrf_token %}
            <span id="welcomeUserId" class="welcomeUserClass">Welcome, <strong>{{ user.username }}</strong></span>
            <button id="idLogOutSubmit" name="idLogOutSubmit" type="submit">Logout</button>
        </form>
    {% endif %}
    

最后我添加LOGIN_REDIRECT_URL='/celeryPy2'到 myProj/settings.py 中。

第 1 点仍然是开放的:这个实现是一个好的实现还是可能导致安全问题?

于 2013-04-16T10:42:37.890 回答