0 
# Custom User Model Code
from django.db import models
from django.contrib.auth.models import (
    BaseUserManager, AbstractBaseUser
)


class MyUserManager(BaseUserManager):
    def create_user(self, email, favorite_color, password=None):
        """
        Creates and saves a User with the given email, favorite color
         and password.
        """
        if not email:
            raise ValueError('Users must have an email address')

        user = self.model(
            email=self.normalize_email(email),
            favorite_color=favorite_color,
        )

        user.set_password(password)
        user.save(using=self._db)
        return user

    def create_superuser(self, email, favorite_color, password):
        """
        Creates and saves a superuser with the given email, date of
        birth and password.
        """
        user = self.create_user(
            email,
            password=password,
            favorite_color=favorite_color,
        )
        user.is_admin = True
        user.is_superuser = True
        user.save(using=self._db)
        return user


class MyUser(AbstractBaseUser):
    email = models.EmailField(
        verbose_name='email address',
        max_length=255,
        unique=True,
    )
    favorite_color = models.CharField(max_length=50)
    bio = models.TextField(null=True)
    is_active = models.BooleanField(default=True)
    is_admin = models.BooleanField(default=False)
    is_superuser = models.BooleanField(default=False)

    objects = MyUserManager()

    USERNAME_FIELD = 'email'
    REQUIRED_FIELDS = ['favorite_color']

    def __str__(self):
        return self.email

    def has_perm(self, perm, obj=None):
        "Does the user have a specific permission?"
        # Simplest possible answer: Yes, always
        return True

    def has_module_perms(self, app_label):
        "Does the user have permissions to view the app `app_label`?"
        # Simplest possible answer: Yes, always
        return True

    @property
    def is_staff(self):
        "Is the user a member of staff?"
        # Simplest possible answer: All admins are staff
        return self.is_admin



# Templates Code as I want to use my own template instead of using forms.py
<html>
    <head>
        <title>
            CustomUserModel
        </title>
    </head>
    <body>
        <form method="POST" action="register">
            {% csrf_token %}
            Email : <input type="email" name="email"> <br>
            Password : <input type="password" name="password"> <br>
            Favourite Colour : <input type="text" name='colour'><b>
            Bio : <textarea name='bio'></textarea>    <br>
            <button type="submit">SUBMIT</button>
        </form>
    </body>
</html>



# Views Code
def register(request):
    if request.method == 'POST':
        email = request.POST['email']
        passwd = request.POST['password']
        clr = request.POST['colour']
        bio = request.POST['bio']
        user = MyUser(email=email,password=passwd,favorite_color=clr,bio=bio)
        user.save()
        return redirect('/')

    return render(request,'home.html')

从前端注册用户时我面临的主要问题是密码以明文格式保存到数据库中,它没有得到散列,但是当我从 django 管理面板注册用户时,密码正在获取以适当的散列格式保存。为什么会这样?我需要在 views.py 中执行哪些更改才能将密码以正确的哈希格式存储在数据库中?

我不想使用 django 表单。请帮忙

4

2 回答 2

0

代替

user = MyUser(email=email,password=passwd,favorite_color=clr,bio=bio)

采用

user = MyUser().create_user(email=email,password=passwd,favorite_color=clr,bio=bio)

create_user()方法 中的user.set_password(password)对密码进行哈希处理并将其存储在数据库中。

于 2020-05-07T12:02:51.550 回答
0

您正在保存未散列的密码。

Django 用户有set_password()方法来处理散列。

def register(request):
    if request.method == 'POST':
        user = MyUser()
        user.set_password(request.POST['password'])
        user.email = request.POST['email']
        user.favorite_color = request.POST['colour']
        user.bio = request.POST['bio']
        user.save()

        return redirect('/')

     return render(request,'home.html')

注意:您在这里没有任何验证。你应该考虑写一些。

于 2020-05-07T12:03:39.813 回答