Django 身份验证失败,出现 403,没有详细消息
我有一些非常简单的东西,我把它放在一起。我有一个像这样的小表格:
<form id="loginForm" action>
<input name="email_address" type="text" placeholder="Email">
<input name="password" type="password">
<a id="loginButton">Login</a>
</form>
我的 JavaScript 执行以下操作:
$("#loginButton").click(function(){
$.post("/login/",$("#loginForm").serialize(), function(data) {
console.log("login.");
});
});
我编写了一个自定义 Django 身份验证后端:
from my.custom.project.models import User
class MyBackend:
def authenticate(self, email_address=None, password=None):
print "Trying to auth"
try:
return User.objects.get(email_address=email_address, password=password)
except User.DoesNotExist:
return None
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
我在我的 settings.py 中配置了这个,如下所示:
AUTHENTICATION_BACKENDS = (
"my.custom.project.auth.MyBackend",
)
在我的实际视图中 < code>/login/ 路径,这就是我所拥有的:
from django.contrib import auth
def login(request):
print "Trying to auth..."
email_address = request.POST['email_address']
password = request.POST['password']
user = auth.authenticate(email_address=email_address, password=password)
if user != None:
auth.login(request, user)
direct_to_template(request, "my/login/template.json")
这是我的 URL 映射:
from django.conf.urls.defaults import *
from django.contrib import admin
from django.contrib.staticfiles.urls import staticfiles_urlpatterns
admin.autodiscover()
urlpatterns = staticfiles_urlpatterns
urlpatterns += patterns('',
(r'^admin/', include(admin.site.urls)),
(r'^admin/doc', include('django.contrib.admindocs.urls')),
)
urlpatterns += patterns('my.project.views',
(r'^$', 'root'),
(r'^login/?$', 'login'),
(r'^logout/?$', 'logout'),
)
任何人都可以看到我在这里做错了什么吗?我在 Django 服务器输出中得到的只是:
[16/Sep/2011 20:17:47] "POST /login/ HTTP/1.1" 403 2326
我在服用疯狂的药吗?我忽略了什么?
I have something pretty simple which I've thrown together. I have a little form like this:
<form id="loginForm" action>
<input name="email_address" type="text" placeholder="Email">
<input name="password" type="password">
<a id="loginButton">Login</a>
</form>
My JavaScript does the following:
$("#loginButton").click(function(){
$.post("/login/",$("#loginForm").serialize(), function(data) {
console.log("login.");
});
});
I've written a custom Django authentication backend:
from my.custom.project.models import User
class MyBackend:
def authenticate(self, email_address=None, password=None):
print "Trying to auth"
try:
return User.objects.get(email_address=email_address, password=password)
except User.DoesNotExist:
return None
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
I have this configured in my settings.py like so:
AUTHENTICATION_BACKENDS = (
"my.custom.project.auth.MyBackend",
)
In my actual view for the /login/ path, here's what I have:
from django.contrib import auth
def login(request):
print "Trying to auth..."
email_address = request.POST['email_address']
password = request.POST['password']
user = auth.authenticate(email_address=email_address, password=password)
if user != None:
auth.login(request, user)
direct_to_template(request, "my/login/template.json")
Here's my URL map:
from django.conf.urls.defaults import *
from django.contrib import admin
from django.contrib.staticfiles.urls import staticfiles_urlpatterns
admin.autodiscover()
urlpatterns = staticfiles_urlpatterns
urlpatterns += patterns('',
(r'^admin/', include(admin.site.urls)),
(r'^admin/doc', include('django.contrib.admindocs.urls')),
)
urlpatterns += patterns('my.project.views',
(r'^
Can anyone see what I'm doing wrong here? All I get in the Django server output is:
[16/Sep/2011 20:17:47] "POST /login/ HTTP/1.1" 403 2326
Am I taking crazy pills? What did I overlook?
, 'root'),
(r'^login/?
Can anyone see what I'm doing wrong here? All I get in the Django server output is:
Am I taking crazy pills? What did I overlook?
, 'login'),
(r'^logout/?
Can anyone see what I'm doing wrong here? All I get in the Django server output is:
Am I taking crazy pills? What did I overlook?
, 'logout'),
)
Can anyone see what I'm doing wrong here? All I get in the Django server output is:
Am I taking crazy pills? What did I overlook?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
好吧,你要做的一件事就是
重新定义登录
,然后再次调用另一件事,这将不再可达(被你自己的登录函数覆盖)。
但不确定这是否导致了错误。
Well, one thing you do is
and then redefine login
and then call the other one again, which is not reachable anymore (overwritten by your own login function).
Not sure though if that’s causing the error though.
此外,该行:
暗示用户记录按原样以明文形式存储密码。然而,事实上,它存储了密码的加盐哈希,因此您可能需要自己实现所有这些功能。
Also, the line:
implies that the User record stores the password as-is, in plaintext. Whereas, in fact, it stores a salted hash of the password, so you might need to implement all that functionality yourself.
这都是因为 Django 内置的 CSRF 系统:https://docs。 djangoproject.com/en/dev/ref/contrib/csrf/
It was all because of Django's built-in CSRF system: https://docs.djangoproject.com/en/dev/ref/contrib/csrf/