我也遇到了同样的问题,我的意思是人们总是知道原始密码...例如:使用函数进行加密并将原始密码返回到新变量中,当然人们只需打印该变量即可知道原始密码...
但是如果您使用例如表单(在发送电子邮件消息之前要求输入密码)来处理它,我认为这是可能的...这就是我想到的。
Django有一个处理密码的函数,它是make_password。
>>> from django.contrib.auth import hashers
>>> pwd = hashers.make_password('your-original-password')
>>> pwd
'pbkdf2_sha256$30000$74DtkZMARQHr$rC3CEdtDnDjRYE5U2ZRiWxuT+HQf3Aq1KTStpypZDV8='
>>>
将这个编码后的密码放入你的
settings.py文件中;
EMAIL_HOST_PASSWORD = 'pbkdf2_sha256$30000$74DtkZMARQHr$rC3CEdtDnDjRYE5U2ZRiWxuT+HQf3Aq1KTStpypZDV8='
然后,每次您需要发送电子邮件消息时,您都需要输入原始密码,此条件检查您的原始密码是否与
hashers.check_password(password, encoded)匹配。
以下脚本是一个示例;
1.
forms.py
from django import forms
class QuoteForm(forms.Form):
subject = forms.CharField(widget=forms.TextInput())
message = forms.CharField(widget=forms.Textarea())
password = forms.CharField(widget=forms.PasswordInput())
....
2. views.py
from django.shortcuts import render, redirect
from django.contrib.auth import hashers
from django.conf import settings
from yourapp.forms import QuoteForm
ENCODED_PASSWORD = settings.EMAIL_HOST_PASSWORD
def quote(request):
template_name = 'yourtemplate.html'
if request.method == 'POST':
form = QuoteForm(request.POST)
if form.is_valid():
subject = form.cleaned_data['subject']
message = form.cleaned_data['message']
password = form.cleaned_data['password']
is_matched = hashers.check_password(password, ENCODED_PASSWORD)
if is_matched:
settings.EMAIL_HOST_PASSWORD = password
send_mail(
subject, message, settings.EMAIL_HOST_USER,
['vendor1@email.com, vendor2@email.com, vendor3@email.com]
)
return redirect('/success/page/')
return redirect('/password-failed/page/')
else:
context = {'form': form, 'errors': form.errors}
return render(request, template_name, context)
else:
form = QuoteForm()
return render(request, template_name, {'form':form})
我不确定这个解决方案是否更好,因为对用户来说当然很困难。
