我在Django中启用了用户auth模块,但是当我使用时,UserCreationForm他只询问用户名和两个密码/密码确认字段.我还想要电子邮件和全名字段,并设置为必填字段.
我这样做了:
from django.contrib.auth.forms import UserCreationForm
from django import forms
from django.contrib.auth.models import User
class RegisterForm(UserCreationForm):
email = forms.EmailField(label = "Email")
fullname = forms.CharField(label = "Full name")
class Meta:
model = User
fields = ("username", "fullname", "email", )
现在表单显示新字段但不保存在数据库中.
我该怎么办?
当用户未登录时,我正在尝试为经过身份验证的用户输入站点区域,我应该?next=从设置重定向到我的登录站点,这里是我的LOGIN_REDIRECT_URL.但不是/users/login在我的地址栏中/accounts/login显示.我应该改变什么来获得正确的网址?
设置:
AUTH_PROFILE_MODULE = 'accounts.UserProfile'
LOGIN_REDIRECT_URL = '/user/profile/'
项目的网址:
import accounts.urls as regUrls
urlpatterns = patterns("",
(...)
(r'^user/', include(regUrls)),
)
accounts application urls.py:
urlpatterns = patterns('',
url(r'^profile/$', profile_edit , name='user_profile'),
url(r'^friends_list/$', friends_list),
(r'', include('accounts.auth_urls')),
)
和帐户auth_urls.py(这只是contrib.auth的网址):
from django.conf.urls.defaults import *
from django.views.generic.simple import direct_to_template
from django.contrib.auth import views as auth_views
urlpatterns = patterns('',
url(r'^login/$',
auth_views.login,
{'template_name': 'user/login_logout_register/login.html'},
name='auth_login'),
url(r'^logout/$',
auth_views.logout,
{'template_name': 'user/login_logout_register/logout.html'},
name='auth_logout'),
url(r'^password/change/$',
auth_views.password_change,
{'template_name': 'user/login_logout_register/password_change_form.html'},
name='auth_password_change'),
url(r'^password/change/done/$',
auth_views.password_change_done,
{'template_name': 'user/login_logout_register/password_change_done.html'},
name='auth_password_change_done'),
url(r'^password/reset/$', …我使用Sessions Middleware和Auth Middleware运行Django 1.3:
# settings.py
SESSION_ENGINE = django.contrib.sessions.backends.db # Persist sessions to DB
SESSION_COOKIE_AGE = 1209600 # Cookies last 2 weeks
每次用户从其他位置(不同的计算机/浏览器)登录时,Session()都会创建一个新的并使用唯一的方式保存session_id.这可能导致同一用户的多个数据库条目.他们的登录在该节点上持续存在,直到cookie被删除或会话到期为止.
当用户更改其密码时,我想从数据库中删除该用户的所有未到期会话.密码更改后,他们被迫重新登录.这是出于安全目的,例如,如果您的计算机被盗,或者您不小心将自己登录在公共终端上.
我想知道优化它的最佳方法.这是我如何做到的:
# sessions_helpers.py
from django.contrib.sessions.models import Session
import datetime
def all_unexpired_sessions_for_user(user):
user_sessions = []
all_sessions = Session.objects.filter(expire_date__gte=datetime.datetime.now())
for session in all_sessions:
session_data = session.get_decoded()
if user.pk == session_data.get('_auth_user_id'):
user_sessions.append(session)
return user_sessions
def delete_all_unexpired_sessions_for_user(user, session_to_omit=None):
for session in all_unexpired_sessions_for_user(user):
if session is not session_to_omit:
session.delete()
一个非常简化的视图:
# views.py
from django.http import HttpResponse …python django django-authentication session-cookies django-sessions
我正在使用Django user_passes_test装饰器来检查用户权限.
@user_passes_test(lambda u: has_add_permission(u, "project"))
def create_project(request):
......
我正在调用一个回调函数has_add_permission,它接受两个参数User和一个String.我想传递请求对象是否可能?另外,任何人都可以告诉我,我们如何直接访问装饰器内的User对象.
我正在使用Django '1.5c1'.我在settings.py中有这一行:
AUTH_USER_MODEL = 'fileupload.galaxyuser'
这是我的Galaxyuser模特:
class GalaxyUser(models.Model):
id = models.IntegerField(primary_key=True)
create_time = models.DateTimeField(null=True, blank=True)
update_time = models.DateTimeField(null=True, blank=True)
email = models.CharField(max_length=765)
password = models.CharField(max_length=120)
external = models.IntegerField(null=True, blank=True)
deleted = models.IntegerField(null=True, blank=True)
purged = models.IntegerField(null=True, blank=True)
username = models.CharField(max_length=765, blank=True)
form_values_id = models.IntegerField(null=True, blank=True)
disk_usage = models.DecimalField(null=True, max_digits=16, decimal_places=0, blank=True)
class Meta:
db_table = u'galaxy_user'
我想从Galaxyuser模型进行身份验证.但是,当我登录时,我收到此错误:
AttributeError: 'Manager' object has no attribute 'get_by_natural_key'
我究竟做错了什么?
编辑: Traceback:
Traceback:
File "/usr/local/lib/python2.6/dist-packages/django/core/handlers/base.py" in get_response
115. response = callback(request, *callback_args, …python django django-managers django-authentication django-1.5
我们的Django部署每晚都会检查哪些活动用户仍然可以在LDAP目录中找到.如果找不到它们,我们将它们设置为不活动状态.如果他们下次尝试登录,则会失败.这是我们的代码,它执行此操作:
def synchronize_users_with_ad(sender, **kwargs):
"""Signal listener which synchronises all active users without a usable
password against the LDAP directory. If a user cannot be
found anymore, he or she is set to “inactive”.
"""
ldap_connection = LDAPConnection()
for user in User.objects.filter(is_active=True):
if not user.has_usable_password() and not existing_in_ldap(user):
user.is_active = user.is_staff = user.is_superuser = False
user.save()
user.groups.clear()
user.user_permissions.clear()
maintain.connect(synchronize_users_with_ad)
但如果他们仍然登录,则此会话仍然有效.我们怎样才能立即使它们无效?会话中间件的所有设置都是默认值.
我通过电子邮件登录的自定义用户模型:
class MyUser(AbstractBaseUser):
id = models.AutoField(primary_key=True) # AutoField?
is_superuser = models.IntegerField(default=False)
username = models.CharField(unique=True,max_length=30)
first_name = models.CharField(max_length=30, default='')
last_name = models.CharField(max_length=30, default='')
email = models.EmailField(unique=True,max_length=75)
is_staff = models.IntegerField(default=False)
is_active = models.IntegerField(default=False)
date_joined = models.DateTimeField(default=None)
# Use default usermanager
objects = UserManager()
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = ['username']
class Meta:
db_table = 'auth_user'
为此,我能够成功创建一个超级用户.但是,当我尝试使用电子邮件和密码登录时,我收到此错误:
'MyUser' object has no attribute 'has_module_perms'
知道我做错了什么吗?
我想知道为什么这个代码部分打印出以下内容:
print "request.user.has_perm('bug_tracking.is_developer'): " + str(request.user.has_perm('bug_tracking.is_developer'))
print request.user.get_all_permissions()
request.user.has_perm('bug_tracking.is_developer'): True
set([])
如果所有权限列表都为空,我希望request.user.has_perm('bug_tracking.is_developer')返回false!
我想检查用户是否有权使用某些URL.我正在使用通用视图.
这里的文档说login_required可以作为可选参数传递,但我不确定.这样的事情可能是:(r'^$', 'archive_index', link_info_dict, 'coltrane_link_archive_index', login_required=True,),
我有这个,我希望能够在URL中使用login_required装饰器.可能吗?我该怎么做?
from django.conf.urls.defaults import *
from coltrane.models import Link
link_info_dict = {
'queryset': Link.live.all(),
'date_field': 'pub_date',
}
urlpatterns = patterns('django.views.generic.date_based',
(r'^$', 'archive_index', link_info_dict, 'coltrane_link_archive_index'),
(r'^(?P<year>\d{4})/$', 'archive_year', link_info_dict, 'coltrane_link_archive_year'),
(r'^(?P<year>\d{4})/(?P<month>\w{3})/$', 'archive_month', link_info_dict, 'coltrane_link_archive_month'),
(r'^(?P<year>\d{4})/(?P<month>\w{3})/(?P<day>\d{2})/$', 'archive_day', link_info_dict, 'coltrane_link_archive_day'),
(r'^(?P<year>\d{4})/(?P<month>\w{3})/(?P<day>\d{2})/(?P<slug>[-\w]+)/$', 'object_detail', link_info_dict, 'coltrane_link_detail'),
例如,我如何保护此页面(没有视图添加login_Required装饰器)?
(r'^$', 'django.views.generic.simple.direct_to_template', {
'template': 'home.html'
}, ),
我没有使用django的auth模块,而是使用了我自己的模块而且已经后悔了很多.
为了纠正这种情况,我正在尝试将数据从我的用户模型迁移到django.auth.models.User.
我创建了一个数据迁移,如下所示:
def forwards(self, orm):
"""Migrate user information from mooi User model to auth User model."""
OldUser = orm['mooi.User']
User = orm['auth.User']
Profile = orm['mooi.Profile']
oldUsers = OldUser.objects.all()
for oldUser in oldUsers:
newUser = User.objects.create_user(username=oldUser.id, email=oldUser.email, password=oldUser.password)
# ...more irrelevant code follows...
当我运行迁移时,我收到此错误(追溯):
#...irrelevant traceback precedes...
File "[projdir]/mooi/migrations/0005_from_mooi_users_create_auth_users_with_profiles.py", line 18, in forwards
newUser = User.objects.create_user(username=oldUser.id, email=oldUser.email, password=oldUser.password)
File "[virtual_env_dir]lib/python2.6/site-packages/south/orm.py", line 397, in __getattr__
return getattr(self.real, name)
AttributeError: 'Manager' object has no attribute 'create_user'
经过进一步调查,我发现Manager所提到的是时间south.orm.NoDryRunManager,这解释了错误.
现在,我甚至需要的原因 …
django ×9
python ×5
django-1.5 ×1
django-south ×1
django-users ×1
django-views ×1
migration ×1
redirect ×1