Settings里设置Django自带加密:settings.py里增加如下代码
PASSWORD_HASHERS = [
'django.contrib.auth.hashers.PBKDF2PasswordHasher',
'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
'django.contrib.auth.hashers.Argon2PasswordHasher',
'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
'django.contrib.auth.hashers.BCryptPasswordHasher',
'django.contrib.auth.hashers.SHA1PasswordHasher',
'django.contrib.auth.hashers.MD5PasswordHasher',
'django.contrib.auth.hashers.UnsaltedSHA1PasswordHasher',
'django.contrib.auth.hashers.UnsaltedMD5PasswordHasher',
'django.contrib.auth.hashers.CryptPasswordHasher',
](所有的非对称加密算法在用户注册里都有,所有的方法都可以自定义,我的demo是直接使用,并没有自定义)
用户注册:views.py
def add_users(request):
if request.method == "GET":
return render(request, 'usersadd.html')
elif request.method == "POST":
users_names = request.POST.get("users_names")
users_pass = request.POST.get("users_pass")
# Django自带加密算法,有优先级排列
# encrypt = make_password(users_pass, None, 'pbkdf2_sha256')
# encrypt = make_password(users_pass, None, 'pbkdf2_sha1')
# 需要安装argon2-cffi库,安装方法:python -m pip install django[argon2]
# encrypt = make_password(users_pass, None, 'argon2')
# 需要安装bcrypt库,安装方法:python -m pip install django[bcrypt]
# encrypt = make_password(users_pass, None, 'bcrypt_sha256')
# 需要安装bcrypt库
# encrypt = make_password(users_pass, None, 'bcrypt')
# encrypt = make_password(users_pass, None, 'sha1')
# encrypt = make_password(users_pass, None, 'md5')
# encrypt = make_password(users_pass, None, 'unsalted_sha1')
# encrypt = make_password(users_pass, None, 'unsalted_md5')
# 需要安装crypt库
# encrypt = make_password(users_pass, None, 'crypt')
# 这里使用pbkdf2_sha256非对称加密算法
sha256_encrypt = make_password(users_pass, None, 'pbkdf2_sha256')
# 这里使用pbkdf2_sha1非对称加密算法
sha1_encrypt = make_password(users_pass, None, 'pbkdf2_sha1')
try:
if users_names != '' and users_pass != '':
save = Users.objects.create(users_names=users_names, users_pass=sha256_encrypt, sha1=sha1_encrypt,
users_token='')
return redirect(reverse("users:get_users", kwargs={'usersid': 1}))
except Exception as ex:
return redirect(reverse("users:add_users"))用户登录:
urls.py
urlpatterns = [
path('getlogin/', views.get_login, name='get_login'),
path('gowelcome/', views.go_welcome, name='go_welcome'),
path('loggingout/', views.logging_out, name='logging_out'),
]views.py
# 实现把token保存到数据表里(就像Session一样)、Django自带加密进行解密(也就是登录验证)、添加Cookies
def get_login(request):
if request.method == "GET":
return render(request, 'login.html')
elif request.method == "POST":
users_names = request.POST.get("users_names")
users_pass = request.POST.get("users_pass")
getall = Users.objects.filter(users_names=users_names)
# .exists()如果用户存在token的生成、保存和两个不同的非对称加密
if getall.exists():
# .first()唯一的一条数据
users = getall.first()
ip = request.META.get("REMOTE_ADDR")
token = generate_token(ip, users_names)
users.users_token = token
users.save()
# 这里使用pbkdf2_sha256非对称解密
sha256_decode = check_password(users_pass, users.users_pass)
# 这里使用pbkdf2_sha1非对称解密
sha1_decode = check_password(users_pass, users.sha1)
if sha256_decode == True and sha1_decode == True:
response = redirect(reverse("login:go_welcome"))
add_cookei = response.set_cookie("token", token)
return response
return redirect(reverse("login:get_login"))
# 实现ToKen生成,以当前时间+登录用户名+Django自带加密pbkdf2_sha256方式
def generate_token(ip, users_names):
c_time = time.ctime()
r = users_names
sha256_encrypt = make_password((ip + c_time + r), None, 'pbkdf2_sha256')
return sha256_encrypt
# 实现通过获取Cookies方式判断是否合法,如果强行进入直接返回登录页面。
def go_welcome(request):
# 获取登录的cookies
token = request.COOKIES.get('token')
try:
users = Users.objects.get(users_token=token)
context = {'data': users}
except Exception as e:
# 出现先异常返回登录页面
return redirect(reverse("login:get_login"))
# 登录成功之后显示登录名字
return render(request, 'welcome.html', context)
# 实现退出并且通过cookies注销Token
def logging_out(request):
# token = request.COOKIES.get('token')
#在删除cookie之前强行跳转页面
response = redirect(reverse("login:get_login"))
response.delete_cookie('token')
return response