我喜欢在注册表上测试 django 内置验证器。所以我添加了这个...
settings.py
AUTH_PASSWORD_VALIDATORS = [
{
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
'OPTIONS': {
'min_length': 9,
}
},
{
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
},
]
forms.py
from django.contrib.auth.models import User
from django import forms
import django.contrib.auth.password_validation as validators
class UserRegistrationForm(forms.ModelForm):
password = forms.CharField(label='Password',
widget=forms.PasswordInput)
password2 = forms.CharField(label='Repeat password',
widget=forms.PasswordInput)
class Meta:
model = User
fields = ('username', 'first_name', 'email')
# --- check duplicate
def clean_password2(self):
cd = self.cleaned_data
if cd['password'] != cd['password2']:
raise forms.ValidationError('Passwords don\'t match.')
return cd['password2']
# --- django built-in validator
def pass_validate(self):
password = self.cleaned_data('password')
try:
validators(password, self.instance)
except forms.ValidationError as error:
self.add_error('password', error)
return password
views.py
<...>
def register(request):
if request.method == 'POST':
user_form = UserRegistrationForm(request.POST)
if user_form.is_valid():
# Create a new user object but avoid saving it yet
new_user = user_form.save(commit=False)
# Set the chosen password
new_user.set_password(
user_form.cleaned_data['password'])
# Save the User object
new_user.save()
return render(request,
'account/register_done.html',
{'new_user': new_user})
else:
user_form = UserRegistrationForm()
return render(request,
'account/register.html',
{'user_form': user_form})
<...>
- 不幸的是,我仍然可以使用“123”等密码注册为用户。所以min_length不起作用。
- 在阅读论坛上的一些文章后,forms.py 中的
pass_validate函数是一种添加 django 内置验证器的方法。 - 好处是服务器可以正常运行并且没有显示错误。
所以我的问题是“如何以正确的方式应用内置密码验证器”?我需要一个特殊的 validators.py 吗?但我猜我在 forms.py 中的函数是错误的。
最佳答案
与其他模型验证一样,密码验证需要显式调用。您可以通过直接调用validate_password来触发密码验证。
from django.contrib.auth.models import User
from django import forms
from django.contrib.auth.password_validation import validate_password
class UserRegistrationForm(forms.ModelForm):
password = forms.CharField(label='Password',
widget=forms.PasswordInput)
password2 = forms.CharField(label='Repeat password',
widget=forms.PasswordInput)
class Meta:
model = User
fields = ('username', 'first_name', 'email')
# --- django built-in validator
def clean_password(self):
password = self.cleaned_data['password']
validate_password(password)
return password
# --- check duplicate
def clean_password2(self):
cd = self.cleaned_data
if cd['password'] != cd['password2']:
raise forms.ValidationError('Passwords don\'t match.')
return cd['password2']
如果您不想使用所有默认值,则可以传递 validate_password 个单独的验证器。请参阅帮助(validate_password)。
关于Django:如何应用内置密码验证器?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57631391/