<div id="article_content" class="article_content csdn-tracking-statistics" style="overflow: hidden;" data-mod="popu_519" data-dsm="post">
<div id="article_content" class="article_content csdn-tracking-statistics" style="overflow: hidden;" data-mod="popu_519" data-dsm="post">
'myproject.hashers.MyMD5PasswordHasher','django.contrib.auth.hashers.MD5PasswordHasher','django.contrib.auth.hashers.PBKDF2PasswordHasher','django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher','django.contrib.auth.hashers.BCryptSHA256PasswordHasher','django.contrib.auth.hashers.BCryptPasswordHasher','django.contrib.auth.hashers.SHA1PasswordHasher','django.contrib.auth.hashers.CryptPasswordHasher',)</pre>
django会默认使用第一条加密方式。
这个是我自定义的加密方式,就是基本的md5,而django的MD5PasswordHasher是加盐的。
以下是我的自定义hashers.py:
<div class="dp-highlighter bg_python">
<div class="bar">
<div class="tools">[python] <a class="ViewSource" title="view plain" onclick="dp.sh.Toolbar.Command('ViewSource',this);return false;" href="#">copy
<div style="position: absolute; left: 277px; top: 713px; width: 16px; height: 16px; z-index: 99;"><object id="ZeroClipboardMovie_2" width="16" height="16" align="middle" bgcolor="#ffffff" data="http://static.blog.csdn.net/scripts/ZeroClipboard/ZeroClipboard.swf" type="application/x-shockwave-flash">
<span class="tracking-ad" data-mod="popu_169"> <a class="PrintSource" title="print" onclick="dp.sh.Toolbar.Command('PrintSource',this);return false;" href="#">?
class MyMD5PasswordHasher(MD5PasswordHasher):之后可以在数据库中看到,密码确实使用了自定义的加密方式。
algorithm = "mymd5"def encode(self,salt): assert password is not None hash = hashlib.md5(password).hexdigest().upper() return hash def verify(self,encoded): encoded_2 = self.encode(password,'') return encoded.upper() == encoded_2.upper() def safe_summary(self,encoded): return OrderedDict([ (_('algorithm'),(_('salt'),''),(_('hash'),])
然而仅仅修改这些,在配合django的authenticate验证时无法进行。
经过一些查找,发现需要在自定义authenticate。以下为方法:
在settings.py中加入以下:
<div class="dp-highlighter bg_python">
<div class="bar">
<div class="tools">[python] <a class="ViewSource" title="view plain" onclick="dp.sh.Toolbar.Command('ViewSource',this);return false;" href="#">copy
<div style="position: absolute; left: 277px; top: 1296px; width: 16px; height: 16px; z-index: 99;"><object id="ZeroClipboardMovie_3" width="16" height="16" align="middle" bgcolor="#ffffff" data="http://static.blog.csdn.net/scripts/ZeroClipboard/ZeroClipboard.swf" type="application/x-shockwave-flash">
<span class="tracking-ad" data-mod="popu_169"> <a class="PrintSource" title="print" onclick="dp.sh.Toolbar.Command('PrintSource',this);return false;" href="#">?
以下代码为自定义的mybackend.py<div class="dp-highlighter bg_python">
<div class="bar">
<div class="tools">[python] <a class="ViewSource" title="view plain" onclick="dp.sh.Toolbar.Command('ViewSource',this);return false;" href="#">copy
<div style="position: absolute; left: 277px; top: 1441px; width: 16px; height: 16px; z-index: 99;"><object id="ZeroClipboardMovie_4" width="16" height="16" align="middle" bgcolor="#ffffff" data="http://static.blog.csdn.net/scripts/ZeroClipboard/ZeroClipboard.swf" type="application/x-shockwave-flash">
<span class="tracking-ad" data-mod="popu_169"> <a class="PrintSource" title="print" onclick="dp.sh.Toolbar.Command('PrintSource',this);return false;" href="#">?hashlib
- promodels
- MyBackend(object):
- authenticate(,username=,password=):
- :
- user=models.M_User.objects.get(username=username)
- user
- Exception:
- hashlib.md5(password).hexdigest().upper()==user.password:
- user
- get_user(,user_id):
- :
- models.M_User.objects.get(id=user_id)
- Exception:
class MyBackend(object):
def authenticate(self,username=None,password=None):
try:
user = models.M_User.objects.get(username=username)
print user
except Exception:
print 'no user'
return None
if hashlib.md5(password).hexdigest().upper() == user.password:
return user
return Nonedef get_user(self,user_id): try: return models.M_User.objects.get(id=user_id) except Exception: return None
之后验证成功。当然经过这些修改后最终的安全性比起django自带的降低很多,但是需求就是这样的,必须满足。
完成需求的过程中查找了不少资料,最后还是在django文档中找到的答案,文档还是很全全面的,以后通读还是感觉有必要的。
</div>
<p style="list-style: none; margin-top: 0px; margin-bottom: 0px; padding-top: 8px; padding-bottom: 8px; font-size: 14px; line-height: 26px; word-wrap: break-word; color: #444444; font-family: Simsun;"> 首先,引入模块: