logo标签列表

Django - 使用 AUTH_PASSWORD_VALIDATORS 进行密码验证

pythondjango
4

我有一个定制的User模型,只包含两个必填字段:emailpassword

我还有一个定制的UserCreationForm,提示用户输入他们的email一个password

不幸的是,该表单除了min_length之外没有验证密码。

如何在settings.AUTH_PASSWORD_VALIDATORS中启用密码验证器?该对象是分布式列表,而不是验证器,所以我不确定如何使用它们。

class UserCreationForm(forms.ModelForm):
    password1 = forms.CharField(
        widget=forms.PasswordInput(attrs=form_attrs.password),
        min_length=8,
        strip=True,
    )

    class Meta:
        model = User
        fields = ('email',)
        widgets = {
            'email': forms.EmailInput(attrs=form_attrs.email),
        }

    def save(self, commit=True):
        user = super().save(commit=False)
        user.set_password(self.cleaned_data.get('password1'))
        if commit:
            user.save()
        return user
2个回答
11

正如另一个回答者所提到的那样,Django使用django.contrib.auth.password_validation.validate_password方法来验证密码。您可以创建一个clean_password1方法并将其添加到其中,就像这样:

class UserCreationForm(forms.ModelForm):
    password1 = forms.CharField(
        widget=forms.PasswordInput(attrs=form_attrs.password),
        min_length=8,
        strip=True,
    )

    class Meta:
        model = User
        fields = ('email',)
        widgets = {
            'email': forms.EmailInput(attrs=form_attrs.email),
        }

    def clean_password1(self):
        password1 = self.cleaned_data.get('password1')
        try:
            password_validation.validate_password(password1, self.instance)
        except forms.ValidationError as error:

            # Method inherited from BaseForm
            self.add_error('password1', error)
        return password1
1
Django内置表单的应用方式是:
def get_password_validators(validator_config):
    validators = []
    for validator in validator_config:
        try:
            klass = import_string(validator['NAME'])
        except ImportError:
            msg = "The module in NAME could not be imported: %s. Check your AUTH_PASSWORD_VALIDATORS setting."
            raise ImproperlyConfigured(msg % validator['NAME'])
        validators.append(klass(**validator.get('OPTIONS', {})))

    return validators

在此之后,表单的验证将手动完成。
这意味着您可以从django.contrib.auth导入password_validation并使用。
@functools.lru_cache(maxsize=None)
def get_default_password_validators():
    return get_password_validators(settings.AUTH_PASSWORD_VALIDATORS)

这个函数用于获取验证器并放置在你的表单内部。
class UserCreationForm(forms.ModelForm):
    password1 = forms.CharField(
        widget=forms.PasswordInput(attrs=form_attrs.password),
        min_length=8,
        strip=True,
    )
    def clean_password1(self):
        # Validate user password
        # self.cleaned_data['password1'] has the password put into the field
        # if the validation fails
        # raise forms.ValidationError with the args and kwargs of your 
        # validators' error messages.

你可以查看内置的注册表单,了解它是如何实现的。
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接