First the idea, think of a database account password encryption, but encryption method django document set_password looks like they are only for the default user model
That is,
from django.contrib.auth.models import User
The model is valid,
So you want to use in their own definition of the model, the search of the investigation found that the document is not on the encryption and two in the same flask of werkzegu
But there are some pits note
class User(models.Model): class Meta: db_table = 'user' name = models.CharField(max_length=20,null=True,unique=True) password = models.CharField(max_length=128) create_date = models.DateTimeField(auto_now_add=True) def __str__(self): return self.name def _set_password(self,password): self.password = make_password(password) def _check_password(self,password): return check_password(password,self.password)
Simple user model in which _set_password is my data needs to be saved will be a default password encryption without any changes
_check_password is a query to the user to verify, but this is the pit, and
Verify password in the flask is
def _check_password(self,password): return check_password(self.password,passowrd)
First the user query to use this method _check_password, directly fill in the plain text password entered by the user will be able to verify their
But the location and the flask django parameters of contrast, is the first clear text, encrypted, password easy to think that is wrong
# 源码 def check_password(password, encoded, setter=None, preferred='default'):
First clear text passwords, encrypted passwords , but I like this method is, in fact, flask and fill in just fine as a direct, immediate set up, do not control parameter position
Reminder function in view of this encryption will face this problem remember remember
1 def login(request): 2 if request.POST.method == 'POST': 3 name = request.POST.get('name') 4 password = request.POST.get('password') 5 user = User.objects.filter(name=name).first() 6 if user: 7 if user._check_password(password) 8 # 舍弃掉 from django.contrib.auth import authenticate 9 #Replaced by custom login authenticate after all, only the database query if the user exists, but if encrypted, password field inquiry also needs to be encrypted .. Well 10 # but also by its users with a login session to add fields 11 login (Request, the User ) 12 is return the redirect (revsrse ( ' User: Inde ' )) 13 is the else : 14 return the render (Request, ' the login.html ' , { " MSG " : " account passwords do not match " }) 15 the else : 16 return the render (Request , ' the login.html ' , { " MSG" : " Account passwords do not match " }) . 17 18 is . 19 return return the render (Request, ' the login.html ' )
Reference https://blog.csdn.net/qq_27437781/article/details/86002317