Django更新密碼不起作用

Question

我創建了一個頁面，允許用戶編輯他們的個人資料信息。

每當用戶更改密碼時，它都不會更新數據庫並且會破壞密碼。

edit_user.html

<form style="display:inline"class="form-signin" action="/edit_user/" method="post" enctype="multipart/form-data"> 
    {% csrf_token %} 
    {{ form.as_p }} 
    <button type="submit" class="btn btn-info"> Save Changes</button> 
</form> 

forms.py

class UserProfileForm(forms.Form): 
    email = forms.EmailField(label='Email', widget=forms.TextInput(attrs={'class' : 'form-control'})) 
    firstname = forms.CharField(label='First Name', max_length=15, widget=forms.TextInput(attrs={'class' : 'form-control'})) 
    lastname = forms.CharField(label='Last Name', max_length=15, widget=forms.TextInput(attrs={'class' : 'form-control'})) 
    #zip = forms.IntegerField(validators=[MinValueValidator(0),MaxValueValidator(99999)], label="Zipcode", widget=forms.TextInput(attrs={'class' : 'form-control'})) 
    oldPassword = forms.CharField(required=False, label='Current Password', widget=forms.PasswordInput(attrs={'class' : 'form-control'})) 
    password1 = forms.CharField(required=False, label="New Password", widget=forms.PasswordInput(attrs={'class' : 'form-control'})) 
    password2 = forms.CharField(required=False, label="Confirm New Password", widget=forms.PasswordInput(attrs={'class' : 'form-control'})) 

    def clean_password(self): 
     if 'password1' in self.cleaned_data and 'password2' in self.cleaned_data: 
      if self.cleaned_data['password1'] != self.cleaned_data['password2']: 
       raise forms.ValidationError(_("The two password fields did not match.")) 
     return self.cleaned_data 

views.py

@login_required 
def edit_user(request): 
    if '_auth_user_id' in request.session: 
     u = User.objects.get(id=request.session['_auth_user_id']) 

     if request.method == 'POST': 
      form = UserProfileForm(request.POST) 
      form.fields["email"].initial = u.email 
      form.fields["firstname"].initial = u.first_name 
      form.fields["lastname"].initial = u.last_name 

      if form.is_valid(): 
       fname = form.cleaned_data['firstname'] 
       lname = form.cleaned_data['lastname'] 
       email = form.cleaned_data['email'] 
       oldPassword = form.cleaned_data['oldPassword'] 
       pword = form.cleaned_data['password1'] 

       # if oldPassword != u.password: 
       #  #"The current password does not match with your old password!" 
       #  return render(request, 'edit_user.html', { 'form': form}) 

       User.objects.filter(id=u.id).update(first_name = fname, last_name = lname, email = email, password = pword) 
       return HttpResponseRedirect('/edit_user/') 

     else: 
      form = UserProfileForm() 
      form.fields["email"].initial = u.email 
      form.fields["firstname"].initial = u.first_name 
      form.fields["lastname"].initial = u.last_name 

     variables = RequestContext(request, {'form': form}) 
     return render(request, 'edit_user.html', variables,) 

當我走在管理設置，並檢查用戶的密碼，它會顯示這個：

Password: 
Invalid password format or unknown hashing algorithm. 

Raw passwords are not stored, so there is no way to see this user's password, but you can change the password using this form. 

任何幫助將是偉大的！

謝謝。

Answer 1

這是django保護您不會意外地以純文本格式存儲密碼。

要設置用戶密碼，請致電：

user.set_password(new_password) 

這將在correct (hashed) format密碼存儲。

值得注意的是，django已經有a pre-built view for changing passwords。

---

作爲一個側面說明，你應該知道，這不是必需的...

if '_auth_user_id' in request.session: 
    u = User.objects.get(id=request.session['_auth_user_id']) 

...因爲你可以得到用戶直接關閉請求：

u = request.user 
if u.is_authenticated(): 
    ...