I'm trying to save my hashed password in my database, but It keeps saving my plaintext password
Models:
class StudentRegistration(models.Model):
email = models.EmailField(max_length=50)
first_name = models.CharField(max_length=20)
last_name = models.CharField(max_length=20)
password = models.CharField(max_length=100, default="", null=False)
prom_code = models.CharField(max_length=8, default="", null=False)
gender = (
("M","Male"),
("F","Female"),
)
gender = models.CharField(max_length=1, choices=gender, default="M", null=False)
prom_name = models.CharField(max_length=20, default="N/A")
prom_year = models.IntegerField(max_length=4, default=1900)
school = models.CharField(max_length=50, default="N/A")
def save(self):
try:
Myobj = Space.objects.get(prom_code = self.prom_code)
self.prom_name = Myobj.prom_name
self.prom_year = Myobj.prom_year
self.school = Myobj.school_name
super(StudentRegistration, self).save()
except Space.DoesNotExist:
print("Error")
Views:
def register_user(request):
args = {}
if request.method == 'POST':
form = MyRegistrationForm(request.POST) # create form object
if form.is_valid():
clearPassNoHash = form.cleaned_data['password']
form.password = make_password(clearPassNoHash, None, 'md5')
form.save()
form = MyRegistrationForm()
print ('se salvo')
else:
print ('Error en el form')
else:
form = MyRegistrationForm()
args['form'] = form #MyRegistrationForm()
return render(request, 'register/register.html', args)
I've printed the hashed result so I know it is hashing but not saving that.
Am I using the make_password wrong? or is there any better way to protect my passwords?
--------------------------UPDATE:(The Solution)----------------------------
Remember In settings.py:
#The Hasher you are using
PASSWORD_HASHERS = (
'django.contrib.auth.hashers.MD5PasswordHasher',
)
Models.py:
#Import and add the AbstractBaseUser in your model
class StudentRegistration(AbstractBaseUser, models.Model):
Views.py:
if form.is_valid():
user = form.save(commit=False)
clearPassNoHash = form.cleaned_data['password']
varhash = make_password(clearPassNoHash, None, 'md5')
user.set_password(varhash)
user.save()
Use Django set_password in the documentation
https://docs.djangoproject.com/en/1.9/ref/contrib/auth/
You also need to get your model object from the form using form.save(commit=False)
if form.is_valid():
# get model object data from form here
user = form.save(commit=False)
# Cleaned(normalized) data
username = form.cleaned_data['username']
password = form.cleaned_data['password']
# Use set_password here
user.set_password(password)
user.save()
Save the object first, without committing to DB, then update password before a final save. Make sure your imports are all correct.
def register_user(request):
if request.method == 'POST':
form = MyRegistrationForm(request.POST) # create form object
if form.is_valid():
new_object = form.save(commit=False)
new_object.password = make_password(form.cleaned_data['password'])
new_object.save()
messages.success(request, "Form saved.")
return redirect("somewhere")
else:
messages.error(request, "There was a problem with the form.")
else:
form = MyRegistrationForm()
return render(request, 'register/register.html', { 'form': form })
Related
I want to have an email check in my email form field so that if the user's email doesn't end with '#aun.edu.ng' it will through an error message.
forms.py
class EmployeeRegistrationForm(forms.ModelForm):
first_name = forms.CharField(label='First Name')
last_name = forms.CharField(label='Last Name')
cv = forms.FileField(label='CV')
skills_or_trainings = forms.SlugField(label='Skills or Trainings', required=False, widget=forms.Textarea)
class Meta:
model = Student
fields = ['first_name', 'last_name', 'gender', 'level', 'school', 'major', 'cv', 'skills_or_trainings' ]
class EmployerRegistrationForm(forms.ModelForm):
company_name = forms.CharField(label="Company Name")
company_address = forms.CharField(label="Company Address")
website = forms.CharField()
class Meta:
model = Employer
fields = ['company_name', 'company_address', 'website']
views.py
def student_register(request):
if request.method == 'POST':
form = UserRegistrationForm(request.POST)
student_form = EmployeeRegistrationForm(request.POST)
if form.is_valid() and student_form.is_valid():
user = form.save(commit=False)
user.is_student = True
user.save()
student = student_form.save(commit=False)
student.user = user
student.save()
return redirect('login')
else:
form = UserRegistrationForm()
student_form = EmployeeRegistrationForm()
context = {'form': form, 'student_form': student_form}
return render (request, 'accounts/employee/register.html', context)
def employer_register(request):
if request.method == 'POST':
form = UserRegistrationForm(request.POST)
employer_form = EmployerRegistrationForm(request.POST)
if form.is_valid() and employer_form.is_valid():
user = form.save(commit=False)
user.is_employer = True
user.save()
employer = employer_form.save(commit=False)
employer.user = user
employer.save()
return redirect('login')
else:
form = UserRegistrationForm()
employer_form = EmployerRegistrationForm()
context = {'form': form, 'employer_form': employer_form}
return render (request, 'accounts/employer/register.html', context)
Please how do I go about it so that I will be able to through a Validation Error message when the user puts in an email that doesn't end with '#aun.edu.ng'
Thank you
To raise validation error for the employer you can do this by overriding the clean() method of the EmployerRegistrationForm form.
from django.form import ValidationError
class EmployerRegistrationForm(forms.ModelForm):
company_name = forms.CharField(label="Company Name")
company_address = forms.CharField(label="Company Address")
website = forms.CharField()
class Meta:
model = Employer
fields = ['company_name', 'company_address', 'website']
def clean(self):
cleaned_data = super().clean()
if cleaned_data.get('company_address').endswith('#aun.edu.ng'):
raise ValidationError('This email is not applicable')
return cleaned_data
See this answer for a regular expression that matches email addresses. You can use this in Python with the regular expression module. If the email is invalid, just send them back to the login with a message saying the email address is invalid.
import re
email_re = """(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")#(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9]))\.){3}(?:(2(5[0-5]|[0-4][0-9])|1[0-9][0-9]|[1-9]?[0-9])|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])"""
if re.match(email_re, "someone#example.com"):
print("Match found")
else:
print("Invalid email address")
Please note that valid email addresses include unregistered email addresses and the only way to verify an email address completely is to send them an email with a verification link. This link would then allow them to "unlock" the account created.
I wrote the following code which creates a new user and tries to create a profile for that user:
class RegisterForm(UserCreationForm):
email = forms.EmailField(max_length=200, help_text='Required')
class Meta:
model = CustomUser
fields = ('username', 'email', 'password1', 'password2')
#login_required(login_url="/login")
def index(request):
if request.method == 'POST':
form = RegisterForm(request.POST)
if form.is_valid():
profile = Profile().save()
user = form
user.profile = profile
user.save()
return redirect('users')
else:
print(form.errors)
else:
form = RegisterForm()
user_model = get_user_model()
users = user_model.objects.all()
paginator = Paginator(users, 15)
page = request.GET.get('page')
users = paginator.get_page(page)
return render(request, 'users/index.html', {'users': users, 'form': form})
class Profile(models.Model):
has_premium_until = models.DateTimeField(null=True, blank=True)
has_premium = models.BooleanField(default=False)
has_telegram_premium_until = models.DateTimeField(null=True, blank=True)
has_telegram_premium = models.BooleanField(default=False)
updated_at = models.DateTimeField(auto_now=True)
created_at = models.DateTimeField(auto_now_add=True)
class CustomUser(AbstractUser):
email = models.EmailField(max_length=255, unique=True)
profile = models.OneToOneField(Profile, on_delete=models.CASCADE, null=True)
When I'm submitting the form the user as well as the profile is created but the profile is not stored in the user (the profile_id stays null).
Anyone who can help me out?
Your user is actually just a reference to the ProfileForm you constructed. You can obtain the user that has logged in with request.user. So you can update the user with:
#login_required(login_url='/login')
def index(request):
if request.method == 'POST':
form = RegisterForm(request.POST)
if form.is_valid():
profile = Profile().save()
user = request.user
user.profile = profile
user.save()
return redirect('users')
else:
print(form.errors)
else:
form = RegisterForm()
# …
I want to save the values that users enter into the repository. But if the user has already entered a value, I want it to update.
It's saving the data right now. But it cannot update.
I' am use Django
forms.py
class Meta():
model = UserProfileInfo
fields = ('apikey', 'apivalue', 'apisupplier')
views.py
def user_set_api(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
user = authenticate(username=username, password=password)
current_user = request.user
user_form = UserProfileInfoForm(data=request.POST)
user_id = current_user.id
print('UserId:', user_id)
if user_form.is_valid() and user_id:
user_form.save(request.user)
print('User: ', user, 'Userformid:', UserProfileInfo(['user_id']))
else:
print(user_form)
else:
keysvalue = UserProfileInfoForm()
return render(request, 'form.html',
{'apisupplier': UserProfileInfo})
models.py
user = models.OneToOneField(User, default=None, null=True, on_delete=models.CASCADE)
apisupplier = models.CharField(max_length=40, blank=True, default="null")
apikey = models.CharField(max_length=40, blank=True, default="null")
apivalue = models.CharField(max_length=40, blank=True, default="null")
def __str__(self):
template = '{0.user} {0.apikey} {0.apivalue} {0.apisupplier}'
return template.format(self)```
I'm not sure why you are passing the user id to form.save(). You need to pass the user object to the form instantiation:
if request.method == 'POST':
...
user_form = UserProfileInfoForm(data=request.POST, instance=request.user)
if user_form.is_valid()
user_form.save()
...
else:
user_form = UserProfileInfoForm(instance=request.user)
return render(request, 'form.html',
{'apisupplier': UserProfileInfo, "user_form": user_form})
Weird issue with by registration form, not sure i am doing wrong.
I have StudentProfile Model, that I am trying to save data from StudentResistrationForm but the data is not being saved into database
ERROR: NameError at /register/ name 'StudentProfile' is not defined
Is the view logic correct? What am I missing? Ideas please
model
class Accounts(AbstractUser):
email = models.EmailField('email address', unique=True)
first_name = models.CharField('first name', max_length=30, blank=True)
last_name = models.CharField('last name', max_length=30, blank=True)
date_joined = models.DateTimeField('date joined', auto_now_add=True)
# asdd
bio = models.TextField(max_length=500, blank=True)
location = models.CharField(max_length=30, blank=True)
birth_date = models.DateField(null=True, blank=True)
class StudentProfile(models.Model):
user = models.OneToOneField('Accounts', related_name='student_profile')
# additional fields for students
AMEB_Ratings = models.PositiveIntegerField(default=0)
is_student = models.BooleanField('student status', default=False)
form
class StudentResistrationForm(forms.ModelForm):
class Meta:
model = StudentProfile
fields = (
'AMEB_Ratings',
)
def save(self, commit=True):
user = super(StudentResistrationForm, self).save(commit=False)
# user.first_name = self.cleaned_data['first_name']
# user.last_name = self.cleaned_data['last_name']
user.AMEB_Ratings = self.cleaned_data['AMEB_Ratings']
if commit:
user.save()
return user
class UserForm(forms.ModelForm):
class Meta:
model = get_user_model()
fields = ('username', 'email', 'password')
view
def registerStudent(request):
# Once register page loads, either it will send to the server POST data (if the form is submitted), else if it don't send post data create a user form to register
if request.method == "POST":
user_form = UserForm(request.POST)
form = StudentResistrationForm(request.POST)
if form.is_valid() and user_form.is_valid():
User = get_user_model()
username = user_form.cleaned_data['username']
email = user_form.cleaned_data['email']
password = user_form.cleaned_data['password']
new_user = User.objects.create_user(username=username, email=email, password=password)
Student_profile = StudentProfile()
Student_profile.user = new_user
Student_profile.AMEB_Ratings = request.POST['AMEB_Ratings']
# Student_profile = StudentProfile.create_user(AMEB_Ratings=AMEB_Ratings)
new_user.save()
Student_profile.save()
# form.save()
# AMEB_Ratings = form.cleaned_data['AMEB_Ratings']
return redirect('/')
else:
# Create the django default user form and send it as a dictionary in args to the reg_form.html page.
user_form = UserForm()
form = StudentResistrationForm()
# args = {'form_student': form, 'user_form': user_form }
return render(request, 'accounts/reg_form_students.html', {'form_student': form, 'user_form': user_form })
Looks like you have a few typos you currently are setting your email variable to the email data then setting it to the password data. Correct this first.
email = user_form.cleaned_data['email']
password = user_form.cleaned_data['password']
I have a model with a field called in is_student and is_teacher Student and Teacher forms
is_teacher = models.BooleanField('teacher status', default=False)
is_student = models.BooleanField('student status', default=False)
I want to make sure this field is:
Always Checked by the user True *Required
Currently: is_teacher in TeacherApplications Model
When unchecked - it saved 0 to the form and continues. (Not good)
When checked gives me this error:
ValueError at /register/teacher invalid literal for int() with base
10: ''
Currently: is_student in StudentProfile Model
When checked gives this error
ValidationError at /register/ ["'on' value must be either True or
False."]
When unchecked it saved 0 to the form and continues. (Again, not good)
UPDATED CODE
Above errors are gone: New error each time I try to submit form after checking is_teacher/is_student
IntegrityError at /register/ NOT NULL constraint failed:
accounts_studentprofile.is_student
model
class StudentProfile(models.Model):
user = models.OneToOneField('Accounts', related_name='student_profile')
# additional fields for students
AMEB_Ratings = models.PositiveIntegerField(default=0)
is_student = models.BooleanField('student status', default=False)
class TeacherApplications(models.Model):
user = models.OneToOneField('Accounts', related_name='teacher_profile')
# additional fields for teachers
instrument = models.TextField(max_length=500, blank=True)
skill = models.CharField(max_length=30, blank=True)
experience_in_years = models.PositiveIntegerField(blank=True)
is_teacher = models.BooleanField('teacher status', default=False)
view
def registerStudent(request):
# Once register page loads, either it will send to the server POST data (if the form is submitted), else if it don't send post data create a user form to register
if request.method == "POST":
user_form = UserForm(request.POST)
form = StudentResistrationForm(request.POST)
if form.is_valid() and user_form.is_valid():
User = get_user_model()
username = user_form.cleaned_data['username']
email = user_form.cleaned_data['email']
password = user_form.cleaned_data['password']
new_user = User.objects.create_user(username=username, email=email, password=password)
student = form.save(commit=False)
student.user = new_user
student.save()
# Student_profile = StudentProfile()
# Student_profile.user = new_user
# Student_profile.AMEB_Ratings = request.POST['AMEB_Ratings']
# Student_profile.is_student = request.POST.get('is_student', False)
new_user.save()
# Student_profile.save()
# form.save()
return redirect('/')
else:
# Create the django default user form and send it as a dictionary in args to the reg_form.html page.
user_form = UserForm()
form = StudentResistrationForm()
# args = {'form_student': form, 'user_form': user_form }
return render(request, 'accounts/reg_form_students.html', {'form_student': form, 'user_form': user_form })
def teacherApplication(request):
# Once register page loads, either it will send to the server POST data (if the form is submitted), else if it don't send post data create a user form to register
if request.method == "POST":
user_form = UserForm(request.POST)
form = TeacherRegistrationForm(request.POST)
if form.is_valid() and user_form.is_valid():
User = get_user_model()
username = user_form.cleaned_data['username']
email = user_form.cleaned_data['email']
password = user_form.cleaned_data['password']
new_user = User.objects.create_user(username=username, email=email, password=password)
teacher = form.save(commit=False)
teacher.user = new_user
teacher.save()
# Teacher_profile = TeacherApplications()
# Teacher_profile.user = new_user
# Teacher_profile.instrument = request.POST['instrument']
# Teacher_profile.skill = request.POST['skill']
# Teacher_profile.experience_in_years = request.POST['experience_in_years']
# Teacher_profile.is_teacher = request.POST.get('is_teacher', False)
new_user.save()
# Teacher_profile.save()
# form.save()
return redirect('/')
else:
# Create the django default user form and send it as a dictionary in args to the reg_form.html page.
user_form = UserForm()
form = TeacherRegistrationForm()
return render(request, 'accounts/reg_form_teachers.html', {'form_student': form, 'user_form': user_form })
forms
class StudentResistrationForm(forms.ModelForm):
class Meta:
model = StudentProfile
fields = (
'AMEB_Ratings',
'is_student',
)
def save(self, commit=True):
user = super(StudentResistrationForm, self).save(commit=False)
# user.first_name = self.cleaned_data['first_name']
# user.last_name = self.cleaned_data['last_name']
user.AMEB_Ratings = self.cleaned_data['AMEB_Ratings']
if commit:
user.save()
return user
class TeacherRegistrationForm(forms.ModelForm):
class Meta:
model = TeacherApplications
fields = (
'instrument',
'skill',
'experience_in_years',
'is_teacher',
)
class UserForm(forms.ModelForm):
class Meta:
model = get_user_model()
fields = ('username', 'email', 'password')
You can add this fields to StudentResistrationForm and TeacherRegistrationForm and add custom validation for it in clean_fieldname method to make it required:
StudentResistrationForm(ModelForm):
class Meta:
model = StudentRegistration
fields = (
'instrument',
'skill',
'experience_in_years',
'is_student',
)
def clean_is_student(self):
is_student = self.cleaned_data.get('is_student')
if not is_student:
raise forms.ValidationError('This field is required')
return is_student
Also in view instead of getting raw data from request.POST you can use forms to create student and teacher objects:
new_user = User.objects.create_user(username=username, email=email, password=password)
teacher = form.save(commit=False)
teacher.user = new_user
teacher.save()