表单验证？

发布于 2024-12-13 16:17:38 字数 828 浏览 0 评论 0原文

我应该在表单中编写身份验证逻辑来处理用户登录吗？

例如，如果帐户尚未激活，我想向用户显示消息。为此，我目前正在做这样的事情（我知道很糟糕）：

def login(request):
    email = request.POST.get('email')
    password = request.POST.get('password')

    user = auth.authenticate(email=email, password=password)

    if user is not None:
        if user.is_active:
            auth.login(request, user)
            # etc
        else:
            # send "not activated message"
    else:
        # send "not found message"

它比实现中的丑陋得多，但在我学习表单 API 之前，我将在 Django 的表单处理方面的最初尝试中节省互联网。

无论如何，重要的是能够告诉用户，如果他们尝试登录，他们的帐户尚未激活，这样他们至少可以知道下一步该做什么。表单 API 似乎在这里最有意义：我可以执行简单的电子邮件地址和密码验证，然后在表单上的 clean() 方法中执行实际的帐户激活逻辑验证，并向他们发送消息，如果有问题。

这样做有什么缺点吗？

PS：我知道 Django 附带了一个登录视图和整个九码，但是我有特定的项目需求，我需要在身份验证等方面进行相当多的调整，所以请不要建议“使用包含的视图” ，“这次我不能。

原文

Should I write authentication logic in my forms for handling user login?

For example, I'd like to display messages to the user if an account hasn't been activated yet. For that, I'm currently doing something like this (terrible, I know):

def login(request):
    email = request.POST.get('email')
    password = request.POST.get('password')

    user = auth.authenticate(email=email, password=password)

    if user is not None:
        if user.is_active:
            auth.login(request, user)
            # etc
        else:
            # send "not activated message"
    else:
        # send "not found message"

It's a lot uglier than that in implementation, but I'll save the internet from my initial attempt at form processing at Django before I learned the forms API.

In any case, it's important to be able to tell users that their accounts aren't active yet if they try to log in, that way they can at least know what to do next. The forms API seems to make the most sense here: I could perform simple email address and password validation, then perform actual account activation logic validation in the clean() method on my form and send them a message if there's an issue.

Are there any downsides to doing this?

PS: I know that Django ships with a login view and the whole nine yards, but I have specific project needs in which I need to tweak things quite a bit with authentication etc., so please don't suggest to "use the included view," I can't this time.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

凉城已无爱 2024-12-20 16:17:38

正如您所写，您可以创建一个登录表单，在其中添加 clean 方法：

class LoginForm(forms.Form):
    email = ...
    password = ...

    def clean(self):
        user = User.objects.filter(email=self.email)
        if not user.exists():
            raise forms.ValidationError("User does not exists")
        if not user.is_active:
            raise forms.ValidationError("This account is not active")

这是处理此问题的好方法。

Like you wrote you can create a login form in which you can add clean method:

class LoginForm(forms.Form):
    email = ...
    password = ...

    def clean(self):
        user = User.objects.filter(email=self.email)
        if not user.exists():
            raise forms.ValidationError("User does not exists")
        if not user.is_active:
            raise forms.ValidationError("This account is not active")

It is a good way for handling this issue.

回复收藏 0 原文

~没有更多了~