如何解决Django自定义用户登录错误:CSRF验证失败。 请求中止
[英]How to solve django custom user Login error: CSRF verification failed. Request aborted
问题描述
I have a django custom user login form, When user login the below error shows please help 
我有一个django自定义用户登录表单,当用户登录时出现以下错误,请提供帮助
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF token missing or incorrect.
The below Error shows in terminal 终端中显示以下错误
UserWarning: A {% csrf_token %} was used in a t
emplate, but the context did not provide the value. This is usually caused by not using RequestContext.
"A {% csrf_token %} was used in a template, but the context "
[08/May/2018 23:44:13] "GET /login/ HTTP/1.1" 200 7798
here is my view 这是我的看法
@csrf_protect def user_login(request): context = RequestContext(request) if request.POST: username = request.POST.get('username') password = request.POST.get('username') user = authenticate(username=username, password=password) if user is not None: if user.is_active: login(request, user) return render_to_response('app/index.html', context_instance=RequestContext(request)) else: return HttpResponse("You're account is disabled.") else: return render_to_response('app/login.html', context_instance=RequestContext(request)) else: return render_to_response('app/login.html', {}, context)
here is my login html code 这是我的登录html代码
<form class="form-horizontal" name="LoginForm" action="/login/" method="post"> {% csrf_token %} {% if next %} <input type="hidden" name="next" value="{{ next }}" /> {% endif %}
How to do it? 怎么做? When user successfully login the User_Profile template show , buth the URL remain http://127.0.0.1:8000/login/ I want to change the url to http://127.0.0.1:8000/students_profile 当用户成功登录User_Profile模板show时,URL仍为http://127.0.0.1:8000/login/我想将URL更改为http://127.0.0.1:8000/students_profile
here is URL 这是URL
url(r'^students_profile/', views.IndexView.as_view(), name='students_profile'),
Here is login form 这是登录表格
<form class="form-horizontal" name="LoginForm" action="." method="post"> {% csrf_token %} {% if next %} <input type="hidden" name="next" value="{{ next }}" /> {% endif %}
2 个解决方案
解决方案1
0 2018-05-08 18:57:01
Hey Please check your views.py I haven't seen your code but i guess you may have rendered without RequestContext that's why above error is showing. 嘿,请检查您的views.py我没有看到您的代码,但我想您可能没有RequestContext便已渲染,这就是上面的错误正在显示的原因。 So you better use 所以你最好用
render(request, 'template_name', {params});
From docs render() is the same as a call to render_to_response() with a context_instance argument that forces the use of a RequestContext. 从文档开始,render()与带有context_instance参数的render_to_response()调用相同,该参数强制使用RequestContext。
解决方案2
0 已采纳 2018-05-08 19:14:54
Your template is already protected by {% csrf_token %} no need to have the decorator in your view: Also, rather than using render_to_response, you can use render from django.shortcuts 您的模板已经受到{% csrf_token %}保护,无需在视图中使用装饰器:此外,可以使用django.shortcuts render来django.shortcuts使用render_to_response。
I reduce your codes a little bit, it's better to use 我会减少一些代码,最好使用
from django.contrib import messages
def user_login(request):
if request.POST:
username = request.POST.get('username')
password = request.POST.get('password')
user = authenticate(username=username, password=password)
if user:
if user.is_active:
login(request, user)
return render(request,'app/index.html',{})
# the else statement
return HttpResponse("You're account is disabled.")
# the else statement
messages.add_message(request,messages.WARNING,'Credentials invalid')
return render(request,'app/login.html', {})
in templates retrieve the message like this: 在模板中检索如下消息:
{% if messages %}
<ul class="messages">
{% for message in messages %}
<li{% if message.tags %} class="{{ message.tags }}"{% endif %}>{{ message }}</li>
{% endfor %}
</ul>
{% endif %}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.