Найти - Пользователи
Полная версия: как сохранять пароли AbstractBaseUser ?
Начало » Django » как сохранять пароли AbstractBaseUser ?
1
ajib6ept
Пробую сделать авторизацию по email/пароль
определил модель, добавил в настройки “AUTH_USER_MODEL”

 from django.contrib.auth.base_user import AbstractBaseUser, BaseUserManager
from django.contrib.auth.models import PermissionsMixin
from django.db import models
class UserManager(BaseUserManager):
    def _create_user(self, email, password, **extra_fields):
        email = self.normalize_email(email)
        user = self.model(email=email, **extra_fields)
        user.set_password(password)
        user.save(using=self._db)
        return user
    def create_user(self, email, password, **extra_fields):
        extra_fields['is_superuser'] = False
        extra_fields['is_staff'] = False
        return self._create_user(email, password, **extra_fields)
    def create_superuser(self, email, password, **extra_fields):
        extra_fields['is_superuser'] = True
        extra_fields['is_staff'] = True
        return self._create_user(email, password, **extra_fields)
class EventUser(AbstractBaseUser, PermissionsMixin):
    email = models.EmailField(unique=True)
    full_name = models.CharField(max_length=100, blank=True, null=True)
    is_staff = models.BooleanField(default=False)
    data_joined = models.DateTimeField(auto_now_add=True)
    USERNAME_FIELD = 'email'
    REQUIRED_FIELDS = []
    objects = UserManager()
    def __str__(self):
        return self.email

создал суперпользователя через createsuperuser (rootmail@mail.com, 12345Qwe)
 >>> root_email = 'rootmail@mail.com'
>>> root_pwd = '12345Qwe'
>>> from django.contrib.auth import authenticate
>>> authenticate(email=root_email, password=root_pwd)
<EventUser: rootmail@mail.com>

авторизация проходит, если создаю через shell пользователя, почему-то некорректно устанавливается пароль
 >>> root_email = 'rootmail@mail.com'
>>> root_pwd = '12345Qwe'
>>> from django.contrib.auth import authenticate
>>> authenticate(email=root_email, password=root_pwd)
<EventUser: rootmail@mail.com>
>>> from event.models import EventUser
>>> e = EventUser.objects.create(email='user1@user.com', password=root_pwd)
>>> e
<EventUser: user1@user.com>
>>> e.save()
>>> authenticate(email='user1@user.com', password=root_pwd)
>>> myuser = EventUser.objects.get(email='user1@user.com')
>>> myuser
<EventUser: user1@user.com>
>>> myuser.password
'12345Qwe'
>>> myuser.set_password(root_pwd)
>>> myuser.save()
>>> authenticate(email='user1@user.com', password=root_pwd)
<EventUser: user1@user.com>
>>> myuser.password
'pbkdf2_sha256$100000$3XBDHeoONwkq$2vaho3I2TJs6J9JnE6Ej2L/llfSF+qTJtNQ4TkwIXV8='

Как правильно сохранять пароль?

 (env) ➜  socnet pip freeze
Django==2.0.2
pkg-resources==0.0.0
pytz==2018.3
FishHook
ajib6ept
никто никогда не сохраняет в БД пароль, хранят соленый хеш пароля.
ajib6ept
Да. все. сообразил, спасибо.
Я через форму получаю пароль и также хранил его. а надо через
 user.set_password(self.cleaned_data["password1"])
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Powered by DjangoBB