Django：检查用户输入的旧密码是否有效

Question

我可以检查new_password1和new_password2，但是我无法检查用户输入的旧密码是否正确。因为它没有给我 django 模板上的旧密码 ValidationError。请建议我可以在 forms.py 上使用的条件

这是forms.py

class ChangePasswordForm(forms.Form):
old_password = forms.CharField(
    widget=forms.PasswordInput(
        attrs={'class': 'form-control', 'placeholder':  'Password'}))

new_password1 = forms.CharField(
    widget=forms.PasswordInput(
        attrs={'class': 'form-control', 'placeholder':  'Password'}))

new_password2 = forms.CharField(
    widget=forms.PasswordInput(
        attrs={'class': 'form-control', 'placeholder':  'Password'}))      

def set_user(self, user):
    self.user = user
    
def clean(self):
   
    old_password = self.cleaned_data.get('old_password')
    valpwd = self.cleaned_data.get('new_password1')
    valrpwd = self.cleaned_data.get('new_password2')

    if not old_password:
        raise forms.ValidationError({
            'old_password':"You must enter your old password."})
    
    elif valpwd != valrpwd:
        raise forms.ValidationError({
            'new_password1': 'Password Not Matched'})
    return self.cleaned_data

这是views.py

class PasswordsChangeView(FormView):
template_name = 'dashboard/password/password_change.html'
form_class = ChangePasswordForm
success_url = reverse_lazy('dashboard:admin_login')

def get_form(self):
    form = super().get_form()
    form.set_user(self.request.user)
    return form

这是 change_password.html

 <form method="POST">
        {% csrf_token %}
         <div class="input-group mb-3">
          <h6>Old Password</h6>{{form.old_password}}
          <div class="input-group-append">
            <div class="input-group-text">
               <span class="fas fa-lock"></span>
            </div>
          </div>
        </div>
        <span style="color:red">{{ form.old_password.errors }}</span>
        <div class="input-group mb-3">
          <h6>New Password</h6> {{form.new_password1}}
          <div class="input-group-append">
            <div class="input-group-text">
              <span class="fas fa-lock"></span>
            </div>
          </div>
        </div>
        <div class="input-group mb-3">
          <h6>Re-Type Password</h6>
          {{form.new_password2}}
          <div class="input-group-append">
            <div class="input-group-text">
              <span class="fas fa-lock"></span>
            </div>
          </div>
         
            <span style="color:red">{{ form.new_password1.errors }}</span>
          
        </div> 
          {% comment %} {{ form.as_p }}  {% endcomment %}
          <button class="btn btn-secondary" type="submit">Change Password</button>

      </form>

Answer 1

django 中有一个 build_in check_password 方法。您必须对用户实例使用 check_password() 方法。

会是这样的：

if user.check_password(old_password):
  # you logic
else:
  # old password is not correct

希望它对你有用。

Answer 2

您可以使用check_password()。例如，在您的views.py：

from django.contrib.auth.hashers import check_password
from django.contrib.auth import update_session_auth_hash
from django.contrib import messages

if check_password(current_password, request.user.password):
    new_password = form.cleaned_data['...']
    confirm_password = form.cleaned_data['...']
    
    if new_password == confirm_password:
        # write your code here
        update_session_auth_hash(request, request.user) # <-- This code will keep session when user change password
    else:
        messages.add_message(request, messages.ERROR, 'Password confirmation doesnt match password.')
else: 
    messages.add_message(request, messages.ERROR, 'Invalid password.')

django.contrib.auth.hashers 模块也有一个make_password() 帮助你散列你的密码。