我正在使用 django-tenant 和 django-tenant-user 构建一个多租户项目,但我面临一个奇怪的问题,即登录尝试失败后,我的登录表单的 CSRF TOKEN 和电子邮件字段被密码数据覆盖。
请查看下面我的相关代码片段:
查看
def login_user(request):
if request.user.is_authenticated:
return redirect('core:index')
if request.method != 'POST':
form = LoginForm()
return render(request, 'core/login.html', {'form': form})
form = LoginForm(request.POST)
if not form.is_valid():
context = {"form": form}
if not form.errors:
messages.error(request, 'Invalid username or password')
return render(request, 'core/login.html', context)
user = authenticate(request, username=form.cleaned_data['username'], password=form.cleaned_data['password'])
if user is None:
messages.error(request, 'Invalid username or password.')
return render(request, 'core/login.html', {'form': form})
messages.success(request, 'Login successful')
login(request, user)
return redirect('core:index')
表格
class LoginForm(forms.Form):
username = forms.CharField(min_length=4, max_length=150)
password = forms.CharField(min_length=4, max_length=128, widget=forms.PasswordInput)
模板
{% extends "_base.html" %}
{% block title %}
<title>TalwaPro HR Admin - Login </title>
{% endblock title %}
{% block content %}
{% load tailwind_filters %}
<div class="flex h-screen items-center justify-center">
<div class="card w-[90%] bg-base-200 shadow-xl justify-center md:w-[65%] lg:w-[40%]">
{% if messages %}
<div class="toast toast-top toast-start">
<div class="alert alert-error">
{% for message in messages %}
{{ message }}
{% endfor %}
</div>
</div>
{% endif %}
<div class="card-body">
<h2 class="card-title text-accent justify-center">Sign In</h2>
<form class="mt-4" action="/login/" method="POST">
{% csrf_token %}
<label class="input input-bordered flex items-center gap-2 {% if form.username.errors %} border-error {% endif %}">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" fill="currentColor" class="w-4 h-4 opacity-70"><path d="M8 8a3 3 0 1 0 0-6 3 3 0 0 0 0 6ZM12.735 14c.618 0 1.093-.561.872-1.139a6.002 6.002 >
<input type="text" class="grow" name="username" value="{% if form.username.value %} {{form.username.value}} {% endif %}" placeholder="Username" required />
</label>
<div class="text-error">
{% if form %}
{{ form.username.errors }}
{% endif %}
</div>
<label class="input input-bordered flex items-center gap-2 mt-4 {% if form.password.errors %} border-error {% endif %}">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16" fill="currentColor" class="w-4 h-4 opacity-70"><path fill-rule="evenodd" d="M14 6a4 4 0 0 1-4.899 3.899l-1.955 1.955a.5.5 0 0 1-.353.146H5v1>
<input type="password" class="grow" name="password" placeholder="Password" required />
</label>
<div class="text-error">
{% if form %}
{{ form.password.errors }}
{% endif %}
</div>
<div class="card-actions justify-center mt-4">
<button class="btn btn-primary" type="submit">Sign In</button>
</div>
</form>
</div>
</div>
</div>
{% endblock %}
我尝试记录表单数据,但这无济于事,因为第一次尝试时 CSRF TOKEN 已正确传递,然后对于其他请求,密码数据作为 CSRF TOKEN 传递
您描述的问题听起来像是设置中未完全激活
django.middleware.csrf.CsrfViewMiddleware
的情况。如果不希望完全安装中间件,您可以考虑用 csrf_protect
来装饰您的视图。