Django：無法使用普通身份驗證登錄

Question

我正在使用Django的正常開發服務器，我正在構建一個簡單的應用程序。 用戶應該能夠登錄並更改他的電子郵件和密碼。 為了更好地理解django系統，我決定自己編寫視圖，只使用contrib.auth庫。 現在來問題：

一旦用戶登錄並更改了密碼，他就無法再次登錄，除非他之前登錄標准的django管理頁面。

這是我的代碼：

views.py

def login(request):
print("test")
if request.method == 'POST':
    form = LoginForm(request.POST)
    if form.is_valid():
        username = form.cleaned_data['username']
        password = form.cleaned_data['password']
        user = authenticate(username=username, password=password)
        if user is not None:
            return HttpResponseRedirect('/accountManagement/home')
        else:
            form = LoginForm()
    else:
        HttpResponse("form is not valid")
else:
    form = LoginForm()
return render(request, 'accountManagement/login.html', {'form': form})

def home(request):
print(request.user.username)
if request.user.is_authenticated:
    passwordForm = ChangePasswordForm()
    emailForm = ChangeEmailForm()
    return render(request, 'accountManagement/home.html', {'passwordForm': passwordForm, 'emailForm': emailForm})
else:
    return HttpResponseRedirect("/accountManagement/")


def change_password(request):
if request.user.is_authenticated:
    if request.method == 'POST':
        passwordForm = ChangePasswordForm(request.POST)
        if passwordForm.is_valid():
            oldPassword = passwordForm.cleaned_data['oldPassword']
            newPassword = passwordForm.cleaned_data['newPassword']
            newPasswordConfirmation = passwordForm.cleaned_data['newPasswordConfirmation']
            if (newPassword == newPasswordConfirmation) and (request.user.check_password(oldPassword)):
                request.user.set_password(newPassword)
                request.user.save()
                return HttpResponseRedirect("/accountManagement/logout")

            else:
                return HttpResponse("password change failed")
        else:
            return HttpResponse("password form not valid")
    else:
        return HttpResponse("request != POST")
else:
    return HttpResponse("user ist not authenticated")

url.py：

urlpatterns = [
url(r'^$', views.login, name='login'),
url(r'^home', views.home, name='home'),
url(r'^changeEmail', views.change_email, name='changeEmail'),
url(r'^changePassword', views.change_password, name='changePassword'),
url(r'^logout', views.logout_view, name='logout'),
]

形式：

class LoginForm(forms.Form):
    username = forms.CharField(label='Username', max_length=20)
    password = forms.CharField(label='Password', max_length=20)


class ChangeEmailForm(forms.Form):
    newEmail = forms.CharField(label='New Email', max_length=50)


class ChangePasswordForm(forms.Form):
    oldPassword = forms.CharField(label='Old Password', max_length=20)
    newPassword = forms.CharField(label='New Password', max_length=20)
    newPasswordConfirmation = forms.CharField(label='Confirm new Password', max_length=20)

謝謝你的幫助，真的無法想出這個。

Answer 1

更改密碼會破壞用戶身份驗證狀態，因此您需要再次使用新密碼對其進行身份驗證：

from django.contrib.auth import login

def change_password(request):
if request.user.is_authenticated:
    if request.method == 'POST':
        passwordForm = ChangePasswordForm(request.POST)
        if passwordForm.is_valid():
            oldPassword = passwordForm.cleaned_data['oldPassword']
            newPassword = passwordForm.cleaned_data['newPassword']
            newPasswordConfirmation = 
                passwordForm.cleaned_data['newPasswordConfirmation']
            if (newPassword == newPasswordConfirmation)\
                    and (request.user.check_password(oldPassword)):
                request.user.set_password(newPassword)
                request.user.save()
                # Re-authentication ===============================
                # =================================================
                user = authenticate(username=request.user.username,
                                    password=NewPassword)
                login(request, user)

                # Why redirect to logout?!
                return HttpResponseRedirect("/accountManagement/logout")

            else:
                return HttpResponse("password change failed")
        else:
            return HttpResponse("password form not valid")
    else:
        return HttpResponse("request != POST")
else:
    return HttpResponse("user ist not authenticated")

另外，我建議您使用CBV（基於類的視圖）而不是FBV（基於函數的視圖）。

在任何情況下，您都可以在視圖中使用裝飾器@login_required和@require_http_methods來刪除is_authenticated和method！='POST'邏輯。

from django.views.decorators.http import require_http_methods
from django.contrib.auth.decorators import login_required


@require_http_methods(["POST", ])
@login_required(redirect_field_name='my_redirect_field')
def change_password(request):
    passwordForm = ChangePasswordForm(request.POST)
    if passwordForm.is_valid():
        oldPassword = passwordForm.cleaned_data['oldPassword']
        newPassword = passwordForm.cleaned_data['newPassword']
        newPasswordConfirmation = 
            passwordForm.cleaned_data['newPasswordConfirmation']
        if (newPassword == newPasswordConfirmation)\
                and (request.user.check_password(oldPassword)):
            request.user.set_password(newPassword)
            request.user.save()
            # Re-authentication ===============================
            # =================================================
            user = authenticate(username=request.user.username,
                                password=NewPassword)
            login(request, user)

            # Why redirect to logout?!
            return HttpResponseRedirect("/accountManagement/logout")

        else:
            return HttpResponse("password change failed")
    else:
        return HttpResponse("password form not valid")