我正在尝试使用令牌身份验证,但由于我的创建用户序列化程序未对密码进行哈希处理,因此它不起作用。我可以使用超级用户登录,因为它有哈希密码。使用rest_auth和rest_framework.authtoken。 user.set_password 命令应该对密码进行哈希处理,那么之前的代码有问题吗?
class CreateUserSerializer(serializers.HyperlinkedModelSerializer):
username = serializers.CharField()
password = serializers.CharField(write_only = True, style = {'input_type': 'password'})
class Meta:
model = get_user_model()
fields = (
'id','username', 'password',
'email', 'first_name', 'last_name'
)
write_only_fields = ('password')
read_only_fields = ('is_staff', 'is_superuser', 'is_active')
def create(self, validated_data):
password = validated_data.pop('password')
user = super().create(validated_data)
user.set_password(validated_data['password'])
user.save()
return user
class CreateUserAPIView(CreateAPIView):
"""
Create a new user.
"""
serializer_class = CreateUserSerializer
permission_classes = [AllowAny]
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data = request.data)
serializer.is_valid(raise_exception = True)
self.perform_create(serializer)
headers = self.get_success_headers(serializer.data)
# Create a token that will be used for future auth
token = Token.objects.create(user = serializer.instance)
token_data = {"token": token.key}
return Response(
{**serializer.data, **token_data},
status = status.HTTP_201_CREATED,
headers = headers
)
AUTH_PASSWORD_VALIDATORS = [
{
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
},
]
REST_FRAMEWORK = {
'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
'PAGE_SIZE': 20,
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.TokenAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
)
}
class UserSerializer(serializers.HyperlinkedModelSerializer):
class Meta:
model = User
fields = (
'url', 'username', 'email', 'groups', 'workflow_step',
'first_name', 'last_name',
'birthdate',
'address_street1', 'address_street2', 'address_city',
'address_state', 'address_postal_code', 'address_country', 'phone'
)
class User(AbstractUser):
# Application process
workflow_step = models.CharField(max_length=100, default='', blank=True)
is_verified = models.BooleanField(default=False)
# Basic information
# first_name (in django.contrib.auth.models.User)
# last_name (in django.contrib.auth.models.User)
# email (in django.contrib.auth.models.User)
# Advanced Information
birthdate = models.DateField(blank=True, null=True)
address_street1 = models.CharField(max_length=100, blank=True)
address_street2 = models.CharField(max_length=100, default='', blank=True)
address_city = models.CharField(max_length=100, blank=True)
address_state = models.CharField(max_length=50, blank=True)
address_postal_code = models.CharField(max_length=30, blank=True)
address_country = models.CharField(max_length=100, blank=True)
phone = models.CharField(max_length=30, blank=True)
这可能为时已晚,但对于遇到此问题的任何人来说。您需要将
create
函数直接放在序列化器类中,在您的情况下,您将它放在 Meta
子类中
您需要做的第二件事是使用
def create(self, validated_data):
password = validated_data.pop('password')
user = super().create(validated_data)
user.set_password(password)
user.save()
return user
祝你好运
这对我有用..试试这个
class UserSerializer(serializers.ModelSerializer):
# <Your other UserSerializer stuff here>
def create(self, validated_data):
password = validated_data.pop('password', None)
instance = self.Meta.model(**validated_data)
if password is not None:
instance.set_password(password)
instance.save()
return instance
在
CreateUserSerializer.create
中,你正在这样做:
password = validated_data.pop('password')
...
user.set_password(validated_data['password'])
当您拨打
set_password
时,password
键已从 validated_data
中移除。您可能想将 set_password
行改为:
user.set_password(password)
您可以按散列顺序使用
make_passowrd
函数:
class CreateUserSerializer(serializers.HyperlinkedModelSerializer):
username = serializers.CharField()
password = serializers.CharField(write_only = True, style = {'input_type': 'password'})
class Meta:
model = get_user_model()
fields = (
'id','username', 'password',
'email', 'first_name', 'last_name'
)
write_only_fields = ('password')
read_only_fields = ('is_staff', 'is_superuser', 'is_active')
def create(self, validated_data):
password = validated_data.pop('password')
user = super().create(validated_data)
user.set_password( make_password(validated_data['password']))
user.save()
return user
您将在散列之前删除“密码”密钥。 你需要改变
user.set_password(validated_data['password'])
这个到
user.set_password(password)
当您从经过验证的数据中弹出该数据并将其存储到密码变量时。
使用 valid_data 字典在序列化器中保存哈希密码不起作用,即使使用 make_password 方法,它也会以纯文本形式保存密码。
我通过更改视图类本身中提交的密码值并使用 make_password 方法在保存序列化器之前对密码进行哈希处理来完成此操作...请参阅下面的代码:
class PostAccountView(generics.ListCreateAPIView):
# Comment the below parser to use this view via Postman, make sure parameters are added as form_data under body section in postman
# parser_classes = [FormParser]
queryset = Registration_Model.objects.all()
serializer_class = PostAccountSerializer
def post(self, request, format=None):
serializer = PostAccountSerializer(data=request.data)
if serializer.is_valid():
serializer.validated_data["password"] = make_password(serializer.validated_data["password"])
serializer.validated_data["confirm_password"] = make_password(serializer.validated_data["confirm_password"])
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)