未加星标

Customizing Django's password_change view

字体大小 | |
[开发(python) 所属分类 开发(python) | 发布者 店小二05 | 时间 2016 | 作者 红领巾 ] 0人收藏点击收藏

If you have a site where users have the traditional username / password combination, you've got to provide some way to let users change their password. Luckily, this is fairly easy to do with Django. The auth app comes with a password_change view that does what you'd probably expect.

It's also fairly easy to set up. You add a line similar to the following to your root URLConf:

url(r'^accounts/', include('django.contrib.auth.urls')),

You also have to set up some additional templates (e.g. registration/password_change_form.html ), but once you've done that, users can change their password using a form that looks something like this:

Old password:

New password:

New password confirmation:

Easy! Until...

What if I can't remember my old password?

Or worse, yet, what if your users don't have a usable password? If you're using something like the excellent django-social-auth , which lets users log in using OAuth or OpenID (i.e. via Facebook, Twitter, Google, or some other source) you may run into this case.

So, how can I omit the Old Password requirement in the change password form? We're in luck. The password_change view accepts a password_change_form parameter that allows you to specify what form is used. The auth app also contains a form that doesn't require entering the Old password (it's used in the admin app!). It's called, AdminPasswordChangeForm . So, all we have to do is update our root URLConf yet again:

from django.contrib.auth.forms import AdminPasswordChangeForm
ulrpatterns = patterns('',
# ...
url(r'^accounts/password_change/$', # hijack password_change's url
'django.contrib.auth.views.password_change',
{'password_change_form': AdminPasswordChangeForm},
name="password_change"),
url(r'^accounts/', include('django.contrib.auth.urls')),

Remember that the url function allows you to specify keword parameters for views, and that's exactly what we've done with this: {'password_change_form': AdminPasswordChangeForm} . That customizes the form that gets used in the password_change view.

Now, when our users try to change their password, the form looks something like this:

New password: New password confirmation:

Disclaimer: This does remove one additional step that a potential attacker would need to overcome in order to steal an account. So, make sure you understand why you'd implement this before you do so.

Cheers!

本文开发(python)相关术语:python基础教程 python多线程 web开发工程师 软件开发工程师 软件开发流程

主题: DjangoFacebookTwitter
分页:12
转载请注明
本文标题:Customizing Django's password_change view
本站链接:http://www.codesec.net/view/482415.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 开发(python) | 评论(0) | 阅读(34)