即使密碼正確，check_password始終返回false？

Question

我正在使用Django 1.5。我是一個自定義的用戶模型是這樣的：

class User(AbstractBaseUser): 
    #id = models.IntegerField(primary_key=True) 
    #identifier = models.CharField(max_length=40, unique=True, db_index=True) 
    username = models.CharField(max_length=90, unique=True, db_index=True) 
    create_time = models.DateTimeField(null=True, blank=True) 
    update_time = models.DateTimeField(null=True, blank=True) 
    email = models.CharField(max_length=225) 
    #password = models.CharField(max_length=120) 
    external = models.IntegerField(null=True, blank=True) 
    deleted = models.IntegerField(null=True, blank=True) 
    purged = models.IntegerField(null=True, blank=True) 
    form_values_id = models.IntegerField(null=True, blank=True) 
    disk_usage = models.DecimalField(null=True, max_digits=16, decimal_places=0, blank=True) 
    objects = UserManager() 
    USERNAME_FIELD = 'email' 
    class Meta: 
     db_table = u'galaxy_user' 

我有一個自定義的驗證：

class AuthBackend: 

def authenticate(self, username=None, password=None): 
    if '@' in username: 
     kwargs = {'email': username} 
    else: 
     kwargs = {'username': username} 
    try: 
     user = User.objects.get(**kwargs) 
     if user.check_password(password): 
      return user 
    except User.DoesNotExist: 
     return None 

def get_user(self, user_id): 
    try: 
     return User.objects.get(pk=user_id) 
    except User.DoesNotExist: 
     return None 

即使輸入正確的用戶名和密碼check_password（）總是返回false，所以我無法登錄後。我想，在終端也：

user.check_password(password) 

總是返回False.

#views.py: 

def login_backend(request): 
    if request.method == 'POST': 
     username = request.POST['username'] 
     password = request.POST['password'] 
     user = authenticate(username=username, password=password) 
     state = "Username or Password Incorrect!" 
     if user is not None: 
      login(request, user) 
      return HttpResponseRedirect('/overview/') 
     else: 
      return render_to_response('login_backend.html', {'state':state}, context_instance=RequestContext(request)) 
    else: 
     return render_to_response('login_backend.html', context_instance=RequestContext(request)) 

Answer 1

的問題是，當你創建你的CustomUser，爲您節省在開方式的密碼（不散列）。你能給我你的RegistrationForm代碼嗎？

在我的情況：

# forms/register.py 
class RegistrationForm(forms.ModelForm): 
    """ 
    Form for registering a new account. 
    """ 
    class Meta: 
     model = CustomUser 
     fields = ['username', 'password', 'email'] 

註冊處理程序：

# views.py 
def register(request): 
    """ 
    User registration view. 
    """ 
    if request.method == 'POST': 
     form = RegistrationForm(data=request.POST) 
     if form.is_valid(): 
      user = form.save() # Save your password as a simple String 
      return redirect('/') 
    else: 
     form = RegistrationForm() 
    return render(request, 'news/register.html', {'form': form}) 

所以，當你嘗試登錄：

if user.check_password(password): 
    return user 

check_password總是返回False。

---

解決方案： 要設置的密碼正確，你應該重新save（）方法中RegistrationForm：

# forms/register.py 
class RegistrationForm(forms.ModelForm): 
    """ 
    Form for registering a new account. 
    """ 
    class Meta: 
     model = CustomUser 
     fields = ['username', 'password', 'email'] 

    def save(self, commit=True): 
     user = super(RegistrationForm, self).save(commit=False) 
     user.set_password(user.password) # set password properly before commit 
     if commit: 
      user.save() 
     return user 

或者簡單地改變處理程序：

def register(request): 
    """ 
    User registration view. 
    """ 
    if request.method == 'POST': 
     form = RegistrationForm(data=request.POST) 
     if form.is_valid(): 
      user = form.save(commit=False) 
      user.set_password(request.POST["password"]) 
      user.save() 
      return redirect('/') 
    else: 
     form = RegistrationForm() 
    return render(request, 'news/register.html', {'form': form}) 

請參閱http://www.blackglasses.me/2013/09/17/custom-django-user-model/

和http://www.blackglasses.me/2013/10/08/custom-django-user-model-part-2/