1

如果您能给我任何线索,我将不胜感激!由于我没有这方面的经验,可能我误解了smth。

我正在使用honeypot,更具体地说honeypot.middleware.HoneypotMiddlewareHONEYPOT_FIELD_NAME在我的 API ( settings.py ) 中。

就目前而言,我正在使用基本实现登录、更改密码、django.contrib.auth. 在登录时,我做了一个小的自定义,所以我将它添加到 url ( authentication_form=CustomAuthenticationForm) 中。

所以我不知道我错过了什么,因为登录页面有效(它也是一个表单),但是密码更改,重置密码返回400 Bad Request。蜜罐错误 (honey_pot_fieldname)。请求中止

django:2.1.2
django-honeypot:0.7.0

[使用代码更新]

设置.py

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
....
    'honeypot',
    ]

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'honeypot.middleware.HoneypotMiddleware',
]

HONEYPOT_FIELD_NAME = config('HONEYPOT_FIELD_NAME')

表格.py

from django.contrib.auth.forms import AuthenticationForm

class CustomAuthenticationForm(AuthenticationForm):
    error_messages = {
        'invalid_login': _(
            "Please enter a correct %(username)s and password. Note that both "
            "fields may be case-sensitive."
        ),
        'inactive': _("This account is inactive."),
        'suspended': _("Your account has been temporarily suspended. For more information,\
                   please contact us."),
    }

    def clean(self)
    def confirm_login_allowed(self, user)

网址.py

from django.contrib.auth import views as auth_view

urlpatterns = [
....

    # ---- BASIC USER AUTHENTICATION (DJANGO)
    path('api/login/', auth_view.LoginView.as_view(authentication_form=CustomAuthenticationForm), name='login'),
    path('api/logout/', auth_view.LogoutView.as_view(), name='logout'),

    # ---- PASSWORD CHANGE, RESET
    path('api/password_change/', auth_view.PasswordChangeView.as_view(), name='password_change'),
    path('api/password_change_done/', auth_view.PasswordChangeDoneView.as_view(),
         name='password_change_done'),
....
]

[模板]

模板/注册/login.html

{% extends 'base.html' %}
{% load i18n widget_tweaks %}

{% block head %}
    {% load bootstrap3 %}

    {{ form.media }}
{% endblock %}

{% block content %}
    <div class="col-sm-4 col-sm-offset-4" style="margin-top:20px;">
        <h1 class="display-4 text-center" >User login</h1>
        <legend></legend>
        <form method="post">
            {% csrf_token %}
            {% bootstrap_form form layout='inline' %}
            {% buttons %}
                <button type="submit" class="btn btn-primary center-block" style="margin-top: 20px">Log in</button>
            {% endbuttons %}
        </form>
    </div>
{% endblock %}

模板/注册/password_change_form.html

{% extends 'base.html' %}
{% load i18n widget_tweaks %}
{% block head %}
    {% load bootstrap3 %}

    {{ form.media }} 
{% endblock %}

{% block content %}
    <div class="col-sm-4 col-sm-offset-4" style="margin-top:20px;">
        <h1 class="display-4 text-center" >{{ title }}</h1>
        <legend></legend>
        <form method="post">
            {% csrf_token %}
            {% bootstrap_form form layout='inline' %}
            {% buttons %}
                <button type="submit" class="btn btn-primary center-block" style="margin-top: 20px">Change password</button>
            {% endbuttons %}
        </form>
    </div>
{% endblock %}

提前致谢!

4

1 回答 1

1

[更新解决方案]

终于我实现了!我只需要在模板change_password_form.html的顶部添加该行

{% load honeypot %}

并在包含标签的表单中:

{% render_honeypot_field "field_name" %}

为了实现这一点,这篇文章 django-honeypot帮助了我

希望这对其他人有帮助。

于 2019-09-24T13:12:35.913 回答