回复: login or login_decorator issue

Thu, 09 Aug 2012 00:27:44 -0700 


--  
Sincerely,
Pengfei Xue
已使用 Sparrow (http://www.sparrowmailapp.com/?sig)

已使用 Sparrow (http://www.sparrowmailapp.com/?sig)  

在 2012年8月9日星期四,下午2:33,mapapage 写道:

> > I wrote this custom authentication backend:
>  
> from django.contrib.auth.models import User, check_password
> from auth.models import Owners
> class AuthBackend(object):
>     
>      
>     def authenticate(self, username=None, password=None):
>         
>         try:
>             user = Owners.objects.get(id=username)
>  
>  

what's your definition for user, that's your user model  
>             #if user.check_password(password):
>             if user.password == password:  
>  
>  

you should user user.check_password instead of simple string comparison,  
user.password is a encrypted string other than plain text
>                 return user
>         except User.DoesNotExist:
>             return None  
>  
>     def get_user(self, user_id):
>         """ Get a User object from the user_id. """
>         try:
>             return User.objects.get(pk=user_id)
>         except User.DoesNotExist:
>             return None
>  
> but still the decorator doesn't work..even if a user is not logged in he can 
> access another's page just by modifying the  url(r'^(?P<user_id>\d+)/$', 
> 'auth.views.main', name='main'),(putting his id)
have you followed the django's documentation about how to use the 
login_requried decorator? have you installed the required app in setting ?  
>  
> --  
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To view this discussion on the web visit 
> https://groups.google.com/d/msg/django-users/-/HsS1FtrjJ5IJ.
> To post to this group, send email to django-users@googlegroups.com 
> (mailto:django-users@googlegroups.com).
> To unsubscribe from this group, send email to 
> django-users+unsubscr...@googlegroups.com 
> (mailto:django-users+unsubscr...@googlegroups.com).
> For more options, visit this group at 
> http://groups.google.com/group/django-users?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Reply via email to