[英]Cannot obtain user by using filter with username and password
I am using the following code 我正在使用以下代码
email = validated_data["login"]
password = validated_data["password"]
user_obj = User.objects.filter(Q(email__exact=email) & Q(password__exact=password))
I changed the password from admin however no user is returned. 我从管理员更改了密码,但是没有用户返回。 However if I remove the password check then I get a user object back.The object that I get back if I remove the Q(password__exact=password)
condition has _password field as None. 但是,如果我删除密码检查,则会得到一个用户对象。如果删除Q(password__exact=password)
条件,则返回的对象的_password字段为None。 This code has been working fine for a while but today it is not returning back the object. 这段代码已经运行了一段时间,但是今天它并没有返回该对象。 Am I missing something here ? 我在这里想念什么吗? I verified that I am receiving the correct username and password from the client.I also tried accessing the admin with that username and password (The account has staff status) and I was able to log in. So the password is correct but for some reason I cant obtain that user by filtering. 我确认我从客户端收到了正确的用户名和密码。我还尝试使用该用户名和密码(该帐户具有工作人员身份)访问管理员,并且能够登录。因此密码正确,但是由于某些原因我无法通过过滤获取该用户。 ? ? What might I be doing wrong ? 我可能做错了什么?
password
isn't stored in plain text, but as a hash (and a little more). password
不是以纯文本形式存储,而是以哈希(还有更多)存储。 Get the user by username and check the password: 通过用户名获取用户并检查密码:
# assumes there can be only one
user = User.objects.get(email=email)
# this checks the plaintext password against the stored hash
correct = user.check_password(password)
BTW, you don't need Q
objects for logical AND
. 顺便说一句,对于逻辑AND
,您不需要Q
对象。 filter(email__exact=email, password__exact=password)
would suffice, even though it doesn't make much sense, in this case. 在这种情况下,即使没有什么意义, filter(email__exact=email, password__exact=password)
也足够了。
这是因为Django不会将密码存储为经过哈希处理的简单文本,因此您无法执行password__exact,因为每次您返回相同的哈希password = validated_data["password"]
每次都不返回
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.