db.commit 更改密码（数据库未更新）

Question

我想使用 db.session.commit() 更改数据库中的用户密码

我正在获得用于表单验证的适当闪存。但是在下次登录时，数据库更改不会通过/我无法使用新创建的密码登录。旧密码是下次登录时需要使用的密码。

from Portfolio import db, login_manager
from Portfolio import bcrypt
from flask_login import UserMixin


@login_manager.user_loader
def load_user(user_id):
    return User.query.get(int(user_id))


class User(db.Model, UserMixin):
    id = db.Column(db.Integer(), primary_key=True)
    username = db.Column(db.String(length=30), nullable=False, unique=True)
    password_hash = db.Column(db.String(length=60), nullable=False)

    @property
    def password(self):
        return self.password

    @password.setter
    def password(self, plain_text_password):
        self.password_hash = bcrypt.generate_password_hash(plain_text_password)

    def check_password_correction(self, attempted_password):
        return bcrypt.check_password_hash(self.password_hash, attempted_password)

from flask import Flask
from flask_sqlalchemy import SQLAlchemy
from flask_bcrypt import Bcrypt
from flask_login import LoginManager

app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///database.db'
app.config['SECRET_KEY'] = 'c133ce687016b5000d7b56cc81e0d974c9f1b0730836b4997765c34c7f417c56'
db = SQLAlchemy(app)
bcrypt = Bcrypt(app)
login_manager = LoginManager(app)
login_manager.login_view = "login_page"
login_manager.login_message_category = "info"

from Portfolio import routes

class ResetForm(FlaskForm):
    def validate_reset(self, reset_to_check):
        password = User.query.filter_by(password_hash=reset_to_check.data).first()
        if password:
            raise ValidationError('Please input a proper password')
    resetpass = PasswordField(label='Reset Password',
                              validators=[Regexp('^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{12,}$'),
                                          Length(min=12), DataRequired()])
    confreset = PasswordField(label='Confirm Changed Password:', validators=[EqualTo('resetpass'), DataRequired()])
    newsubmit = SubmitField(label='Submit New Password')

@app.route('/reset', methods=['GET', 'POST'])
@login_required
def reset():
    form = ResetForm()
    if form.validate_on_submit():
        user = User.username
        reset_password = User(password=form.resetpass.data)
        user.password = reset_password
        db.session.commit()
        logout_user()
        flash('Password has been changed. Please login.')
        return redirect(url_for('login_page'))
    return render_template('reset.html', form=form, date=format_date, time=format_time)

Answer 1

您确定验证步骤通过了吗？

在这里，您将传入的数据（可能未散列）与 db 中的散列密码进行了比较。

        password = User.query.filter_by(password_hash=reset_to_check.data).first()
        if password:
            raise ValidationError('Please input a proper password')

我假设它总是None，所以没有加薪。

第二件事，您将新的User 实例（为什么要创建新用户？）分配给reset_password 变量，然后将reset_password 下的User 实例分配给user.reset_password 属性。这对我来说很尴尬和错误。您应该重置current_user 的密码：

from flask_login import current_user, logout_user

@app.route('/reset', methods=['GET', 'POST'])
@login_required
def reset():
    form = ResetForm()
    if form.validate_on_submit():
        user = current_user
        user.password = resetpass.data
        db.session.commit()
        logout_user()
        flash('Password has been changed. Please login.')
        return redirect(url_for('login_page'))
    return render_template('reset.html', form=form, date=format_date, time=format_time)