用户密码在通过Django管理面板创建时未进行哈希处理。

huangapple go评论53阅读模式
英文:

User password is not hashed when creating through Django admin panel

问题

我已继承用户类以进行自定义身份验证。但是,这种方式没有对密码进行哈希处理,密码以明文形式存储在MySQL数据库中。我已通过管理面板创建了员工,但无法以员工身份登录。此外,我还通过DRF和Djoser创建了身份验证API端点,但无法使用通过Django管理面板创建的用户配置文件进行登录。

这是我的代码。

models.py

from django.contrib.auth.models import AbstractUser

class User(AbstractUser):
    pass

admin.py

from .models import User

class UserAdmin(admin.ModelAdmin):
    pass
admin.site.register(User, UserAdmin)

我在Stack Overflow上看到旧的回复建议将父类更改为 django.contrib.auth.admin.UserAdmin。但当我尝试这样做时,添加用户模板表单只有3个字段:用户名、密码和密码确认。

admin.py

from django.contrib.auth.admin import UserAdmin as DefaultUserAdmin
from .models import User

class UserAdmin(DefaultUserAdmin):
    pass

admin.site.register(User, UserAdmin)

我该如何解决这个问题。

英文:

I have inherited the user class to make custom authentication. I do not get password hashing this way. It just stores as plain text in MySQL database. I have created staff through admin panel and unable to login as staff. Furthermore I have also created auth API endpoints using DRF and Djoser and am unable to login with the user profiles created through Django admin panel.

Here is my code.

models.py

from django.contrib.auth.models import AbstractUser

class User(AbstractUser):
    pass

admin.py

from .models import User

class UserAdmin(admin.ModelAdmin):
    pass
admin.site.register(User, UserAdmin)

I have seen old replies in Stack Overflow suggesting changing the parent class to django.contrib.auth.admin.UserAdmin . When I try this the add user template form only has 3 fields. Username, Password and Password Confirmation.

admin.py

from django.contrib.auth.admin import UserAdmin as DefaultUserAdmin
from .models import User

class UserAdmin(DefaultUserAdmin):
    pass

admin.site.register(User, UserAdmin)

How do I solve this problem.

答案1

得分: 1

我写了一个自定义的UserAdmin,所以我猜我可以在这方面帮助你一点

试试这个:

@admin.register(User)
class UserAdmin(UserAdmin):
    """为没有email字段的自定义用户模型定义管理员模型"""

    fieldsets = (
        (None, {'fields': ('email', 'password')}),
        (_('个人信息'), {'fields': ('first_name', 'last_name')}),
        (_('权限'), {'fields': ('is_active', 'is_staff', 'is_superuser')}),
    )
    add_fieldsets = (
        (None, {
            'classes': ('wide',),
            'fields': ('email', 'password1', 'password2'),
        }),
    )
    list_display = ('email', 'is_staff')
    search_fields = ('email',)
    ordering = ('email',)

而且我认为你的models.py中也存在问题,因为你没有UserManager。

UserManager在创建用户时使用,所以我猜问题可能出在那里。

英文:

I wrote a custom UserAdmin as well so i guess i can help you a little bit with that

try this one:

@admin.register(User)
class UserAdmin(UserAdmin):
    """Define admin model for custom User model with no email field."""

    fieldsets = (
        (None, {'fields': ('email', 'password')}),
        (_('Personal info'), {'fields': ('first_name', 'last_name')}),
        (_('Permissions'), {'fields': ('is_active', 'is_staff', 'is_superuser')}),
    )
    add_fieldsets = (
        (None, {
            'classes': ('wide',),
            'fields': ('email', 'password1', 'password2'),
        }),
    )
    list_display = ('email', 'is_staff')
    search_fields = ('email',)
    ordering = ('email',)

And i also think that there`s problems in your models.py bcs you dont have userManager

UserManager uses when you`re creating user so i guess problem in that

huangapple
  • 本文由 发表于 2023年2月16日 04:30:34
  • 转载请务必保留本文链接:https://go.coder-hub.com/75465161.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定