我目前正在研究一个flask项目,并第一次尝试使用flask-admin。到目前为止,一切都很正常,但有一件事真的困扰着我:每当我编辑我的用户模型时,用户的密码都会被覆盖。我正在遵循this question第二个答案中给出的建议,以防止flask-admin重新散列我的密码。不幸的是,空的密码字段仍然会写入数据库。
我试图从User
-Model获取当前密码,该密码是作为on_model_change
方法的参数提供的,但不知何故,密码似乎在此时已被覆盖(或者它不是我在这里查看的实际数据库模型-我在这里有点困惑)。
下面是我的代码:
用户模型
class User(UserMixin, SurrogatePK, Model):
"""A user of the app."""
__tablename__ = 'users'
username = Column(db.String(80), unique=True, nullable=False)
email = Column(db.String(80), unique=True, nullable=False)
#: The hashed password
password = Column(db.String(128), nullable=True)
created_at = Column(db.DateTime, nullable=False,
default=datetime.datetime.utcnow)
first_name = Column(db.String(30), nullable=True)
last_name = Column(db.String(30), nullable=True)
active = Column(db.Boolean(), default=False)
is_admin = Column(db.Boolean(), default=False)
def __init__(self, username="", email="", password=None, **kwargs):
"""Create instance."""
db.Model.__init__(self, username=username, email=email, **kwargs)
if password:
self.set_password(password)
else:
self.password = None
def __str__(self):
"""String representation of the user. Shows the users email address."""
return self.email
def set_password(self, password):
"""Set password"""
self.password = bcrypt.generate_password_hash(password)
def check_password(self, value):
"""Check password."""
return bcrypt.check_password_hash(self.password, value)
def get_id(self):
"""Return the email address to satisfy Flask-Login's requirements"""
return self.id
@property
def full_name(self):
"""Full user name."""
return "{0} {1}".format(self.first_name, self.last_name)
@property
def is_active(self):
"""Active or non active user (required by flask-login)"""
return self.active
@property
def is_authenticated(self):
"""Return True if the user is authenticated."""
if isinstance(self, AnonymousUserMixin):
return False
else:
return True
@property
def is_anonymous(self):
"""False, as anonymous users aren't supported."""
return False
Flask-管理员UserView
class UserView(MyModelView):
"""Flask user model view."""
create_modal = True
edit_modal = True
def on_model_change(self, form, User, is_created):
if form.password.data is not None:
User.set_password(form.password.data)
else:
del form.password
def on_form_prefill(self, form, id):
form.password.data = ''
任何帮助都是非常感谢的。提前谢谢你,
oneiro
发布于 2016-08-28 10:29:42
重写get_edit_form
方法并从编辑窗体中完全删除密码字段可能更容易。
class UserView(MyModelView):
def get_edit_form(self):
form_class = super(UserView, self).get_edit_form()
del form_class.password
return form_class
另一种替代方法是从表单中完全删除模型密码字段,并使用虚拟密码字段,然后可以使用该字段填充模型的密码。通过删除真实密码字段,Flask-Admin将不会涉及我们的密码数据。示例:
class UserView(MyModelView):
form_excluded_columns = ('password')
# Form will now use all the other fields in the model
# Add our own password form field - call it password2
form_extra_fields = {
'password2': PasswordField('Password')
}
# set the form fields to use
form_columns = (
'username',
'email',
'first_name',
'last_name',
'password2',
'created_at',
'active',
'is_admin',
)
def on_model_change(self, form, User, is_created):
if form.password2.data is not None:
User.set_password(form.password2.data)
发布于 2020-03-20 18:11:54
我也遇到过类似的问题。当密码的字段被更改时,我需要生成密码的哈希。我不想添加额外的表单来更改密码。在后端,我使用了MongoDB。我对flask admin的解决方案:
class User(db.Document, UserMixin):
***
password = db.StringField(verbose_name='Password')
roles = db.ListField(db.ReferenceField(Role), default=[]
def save(self) -> None:
if not self.id:
self.password = hashlib.md5((self.password + Config.SECURITY_PASSWORD_SALT).encode()).hexdigest()
return super(User, self).save(self)
else:
return super(User, self).update(
***
password = self.password,
)
class UserModelView(ModelView):
def on_model_change(self, form, model, is_created):
user = User.objects(id=model.id)[0]
if user.password != form.password.data:
model.password = hashlib.md5((form.password.data + Config.SECURITY_PASSWORD_SALT).encode()).hexdigest()
admin.add_view(UserModelView(User, 'Users'))
对于SQL解决方案,它也将是实际的。
https://stackoverflow.com/questions/39185230
复制相似问题