1. 首页
  2. 问答
  3. 登录CSRF验证失败。请求中止

登录CSRF验证失败。请求中止

2013-04-30 144 views
0

我伸出AbstractBaseUser,我尝试写的登录功能,但我得到这个错误:在views.py登录CSRF验证失败。请求中止

def admin_login(request): 
username = password = '' 
if request.POST: 
    request.session.delete_test_cookie() 
    username = request.POST.get('username') 
    password = request.POST.get('password') 
    admin = Administrator.objects.all.get(username__exact=username) 
    if admin is not None and admin.check_password(password): 
     login(request, admin) 
     request.session['admin_id'] = admin.id 
     return redirect('dashborad') 
return render_to_response('admin/login.html',{ 'username': username})

来源

2013-04-30 Amir Asaad

+0

用户名和密码是否正确?没有ü检查这些 – NetStarter 2013-04-30 09:48:38

+0

看到http://stackoverflow.com/questions/10388033/csrf-verification-failed-request-aborted – devnull 2013-04-30 09:56:23

回答

4

请记住,只要你使用CSRF

CSRF verification failed. Request aborted.

,你需要将RequestContext的实例传回给视图。另外,您的表单需要添加{% csrf_token %}

在您的视图代码,你可以使用render shortcut将incude正确的上下文为您提供:

from django.shortcuts import render 

def admin_login(request): 
    # your normal code 
    return render(request, 'admin/login.html', {'username': username})

文档的CSRF section有什么,以便需要的清单进行CSRF正常工作。

您还应该使用authenticate(),而不是写你自己的逻辑:

from django.contrib.auth import authenticate 
user = authenticate(username='john', password='secret')

把所有的一起,你的代码是现在:

from django.shortcuts import render 
from django.contrib.auth import authenticate 
from django.contrib import messages 

def admin_login(request): 
    """Logs in an admin user, redirecting to the dashboard""" 
    if request.POST: 
      username = request.POST.get('username') 
      password = request.POST.get('password') 

      user = authenticate(username, password) 

      if user is not None: 
       if user.is_active: 
        login(request, user) 
        request.session['admin_id'] = user.id 
        return redirect('dashboard') 
       else: 
        # do something because user was not active 
        messages.add_message(request, messages.ERROR, 'User Inactive') 
        return render(request, 'admin/login.html') 
      else: 
       # password/username combination was wrong 
       messages.add_message(request, messages.ERROR, 'Invalid Credentials') 
       return render(request, 'admin/login.html') 
    else: 
     return render(request, 'admin/login.html')

我使用的是内置messages framework显示错误消息。

来源

2013-04-30 09:50:24

+0

由于它的工作原理 – 2013-04-30 11:31:21

相关问题

 相关问题