堆栈内存溢出
  简体   繁体   English

无法通过使用带有用户名和密码的过滤器来获取用户

[英]Cannot obtain user by using filter with username and password

 原文  2018-09-27 06:18:56       django/ django-models/ django-admin/ django-users

问题描述

I am using the following code 我正在使用以下代码 

email = validated_data["login"]
password = validated_data["password"]
user_obj = User.objects.filter(Q(email__exact=email) & Q(password__exact=password))

I changed the password from admin however no user is returned. 我从管理员更改了密码,但是没有用户返回。 However if I remove the password check then I get a user object back.The object that I get back if I remove the Q(password__exact=password) condition has _password field as None. 但是,如果我删除密码检查,则会得到一个用户对象。如果删除Q(password__exact=password)条件,则返回的对象的_password字段为None。 This code has been working fine for a while but today it is not returning back the object. 这段代码已经运行了一段时间,但是今天它并没有返回该对象。 Am I missing something here ? 我在这里想念什么吗? I verified that I am receiving the correct username and password from the client.I also tried accessing the admin with that username and password (The account has staff status) and I was able to log in. So the password is correct but for some reason I cant obtain that user by filtering. 我确认我从客户端收到了正确的用户名和密码。我还尝试使用该用户名和密码(该帐户具有工作人员身份)访问管理员,并且能够登录。因此密码正确,但是由于某些原因我无法通过过滤获取该用户。 ? What might I be doing wrong ? 我可能做错了什么?

2 个解决方案

解决方案1
 1 已采纳  2018-09-27 06:28:59

password isn't stored in plain text, but as a hash (and a little more). password不是以纯文本形式存储,而是以哈希(还有更多)存储。 Get the user by username and check the password: 通过用户名获取用户并检查密码: 

# assumes there can be only one
user = User.objects.get(email=email) 
# this checks the plaintext password against the stored hash 
correct = user.check_password(password)

BTW, you don't need Q objects for logical AND . 顺便说一句,对于逻辑AND ,您不需要Q对象。 filter(email__exact=email, password__exact=password) would suffice, even though it doesn't make much sense, in this case. 在这种情况下,即使没有什么意义, filter(email__exact=email, password__exact=password)也足够了。

解决方案2
 0  2018-09-27 06:27:18

这是因为Django不会将密码存储为经过哈希处理的简单文本,因此您无法执行password__exact,因为每次您返回相同的哈希password = validated_data["password"]每次都不返回

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 无法将关键字“用户”解析为字段。 选项包括:文档,ID,密码,用户名,username_id - Cannot resolve keyword 'user' into field. Choices are: document, id, password, username, username_id 通过使用过滤器或相关对象引用来获取当前用户数据是否更快? - Is it faster to obtain current user data by using a filter or related object reference? “user = authenticate(request,username = username,password = password)”user is none - “user = authenticate(request, username=username, password=password)” user is none 无法使用用户名/密码登录令牌端点:drf 令牌身份验证和自定义用户 model、Django - Cannot log in to token endpoint with username/password: drf token auth and custom user model, Django 使用电子邮件而不是用户名获取身份验证令牌 - Obtain auth token using email instead of username Django 错误的用户名,自定义用户密码 model - Django wrong username, password for custom user model OperationalError:致命:用户“ UserName”的密码身份验证失败 - OperationalError: FATAL: password authentication failed for user “UserName” 使用用户实例生成访问令牌(不是用户名、密码和 grant_type) - Generate access token using user instance (not username, password and grant_type) 忘记了psql密码:sql:严重:用户“ username”的密码验证失败 - Forgotten psql Password: sql: FATAL: password authentication failed for user “username” 更改用户密码和用户名后用户未保持登录状态 - user not staying logged in after changes to user password and username
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM