我有同样的问题,我的意思是人们现在总是使用原始密码......一个例子;使用函数进行加密并将原始密码返回给新变量,当然人们只需打印该变量即可知道原始密码...
但是如果你用例如处理它;表单(要求在发送电子邮件之前输入密码),我认为有可能......这就是我的想法。
Django有一个处理密码的函数,它是make_password
>>> from django.contrib.auth import hashers
>>> pwd = hashers.make_password('your-original-password')
>>> pwd
'pbkdf2_sha256$30000$74DtkZMARQHr$rC3CEdtDnDjRYE5U2ZRiWxuT+HQf3Aq1KTStpypZDV8='
>>>
将此编码密码放入您的settings.py;
EMAIL_HOST_PASSWORD = 'pbkdf2_sha256$30000$74DtkZMARQHr$rC3CEdtDnDjRYE5U2ZRiWxuT+HQf3Aq1KTStpypZDV8='
然后,每次您需要发送电子邮件时,您都需要输入您拥有的原始密码,这个条件是使用hashers.check_password(password, encoded)检查您的原始密码
下面的这个脚本是一个例子;
1. forms.py
from django import forms
class QuoteForm(forms.Form):
subject = forms.CharField(widget=forms.TextInput())
message = forms.CharField(widget=forms.Textarea())
password = forms.CharField(widget=forms.PasswordInput())
....
2。 views.py
from django.shortcuts import render, redirect
from django.contrib.auth import hashers
from django.conf import settings
from yourapp.forms import QuoteForm
ENCODED_PASSWORD = settings.EMAIL_HOST_PASSWORD
def quote(request):
template_name = 'yourtemplate.html'
if request.method == 'POST':
form = QuoteForm(request.POST)
if form.is_valid():
subject = form.cleaned_data['subject']
message = form.cleaned_data['message']
# in this section is important,
# so the password only known by it owner.
password = form.cleaned_data['password']
is_matched = hashers.check_password(password, ENCODED_PASSWORD)
if is_matched:
# change default encoded password from the settings,
# with original password from field of `password`.
settings.EMAIL_HOST_PASSWORD = password
send_mail(
subject, message, settings.EMAIL_HOST_USER,
['vendor1@email.com, vendor2@email.com, vendor3@email.com]
)
return redirect('/success/page/')
return redirect('/password-failed/page/')
else:
context = {'form': form, 'errors': form.errors}
return render(request, template_name, context)
else:
form = QuoteForm()
return render(request, template_name, {'form':form})
我不确定这个解决方案是否更好,因为这对用户来说当然很难。