Django - 如何保存我的哈希密碼

Question

我正在嘗試在我的數據庫中保存我的哈希密碼，但它一直保存我的明文密碼

楷模：

class StudentRegistration(models.Model):
    email = models.EmailField(max_length=50)
    first_name = models.CharField(max_length=20)
    last_name = models.CharField(max_length=20)
    password = models.CharField(max_length=100, default="", null=False)
    prom_code = models.CharField(max_length=8, default="", null=False)
    gender = (
    ("M","Male"),
    ("F","Female"),
    )
    gender = models.CharField(max_length=1, choices=gender, default="M",    null=False)
    prom_name = models.CharField(max_length=20, default="N/A")
    prom_year = models.IntegerField(max_length=4, default=1900)
    school = models.CharField(max_length=50, default="N/A")



    def save(self):
         try:
            Myobj = Space.objects.get(prom_code = self.prom_code)
            self.prom_name = Myobj.prom_name
            self.prom_year = Myobj.prom_year
            self.school = Myobj.school_name

            super(StudentRegistration, self).save()

        except Space.DoesNotExist:
            print("Error")

瀏覽次數：

def register_user(request):
    args = {}
    if request.method == 'POST':
        form = MyRegistrationForm(request.POST)     # create form object
        if form.is_valid():
            clearPassNoHash = form.cleaned_data['password']
            form.password = make_password(clearPassNoHash, None, 'md5')
            form.save()
            form = MyRegistrationForm()
            print ('se salvo')
        else:
            print ('Error en el form')
    else:
        form = MyRegistrationForm()


    args['form'] = form #MyRegistrationForm()

    return render(request, 'register/register.html', args)

我已經打印出散列結果，所以我知道它是哈希但不能保存。

我使用make_password錯了嗎？ 還是有更好的方法來保護我的密碼？

-------------------------- 更新:(解決方案） ------------------ ----------

記住在settings.py中：

#The Hasher you are using
PASSWORD_HASHERS = (
    'django.contrib.auth.hashers.MD5PasswordHasher',
)

Models.py：

#Import and add the AbstractBaseUser in your model

class StudentRegistration(AbstractBaseUser, models.Model):

Views.py：

if form.is_valid():
    user = form.save(commit=False)
    clearPassNoHash = form.cleaned_data['password']
    varhash = make_password(clearPassNoHash, None, 'md5')
    user.set_password(varhash)
    user.save()

Answer 1

在文檔中使用Django set_password

https://docs.djangoproject.com/en/1.9/ref/contrib/auth/

您還需要使用form.save從表單中獲取模型對象（commit = False）

if form.is_valid():
    # get model object data from form here
    user = form.save(commit=False)

    # Cleaned(normalized) data
    username = form.cleaned_data['username']
    password = form.cleaned_data['password']

    #  Use set_password here
    user.set_password(password)
    user.save()

Answer 2

首先保存對象，而不提交到DB，然后在最終保存之前更新密碼。 確保您的導入都正確無誤。

def register_user(request):
        if request.method == 'POST':
            form = MyRegistrationForm(request.POST)     # create form object
            if form.is_valid():
                new_object = form.save(commit=False)
                new_object.password = make_password(form.cleaned_data['password'])
                new_object.save()
                messages.success(request, "Form saved.")
                return redirect("somewhere")
            else:
                messages.error(request, "There was a problem with the form.")
        else:
            form = MyRegistrationForm()

        return render(request, 'register/register.html', { 'form': form })