Ways to manage users and permissions and groups in Django

The simplest way to manage a certification system is through a management interface. However, when you need absolute control, there are some low-level APIs that need to be developed in-depth, and we'll discuss them in the following sections.
Create user

To create a user using the Create_user helper function:

>>> from django.contrib.auth.models import user>>> User = User.objects.create_user (username= ' John ', ...         Email= ' jlennon@beatles.com ',...         password= ' Glass onion ')

Here, user is an instance of the user class, ready to be used to store data in the database. (Create_user () does not actually call Save ()). The Create_user () function does not create a record in the database, and you can continue to modify its property values until you save the data.

>>> User.is_staff = true>>> User.save ()

Change Password

You can use Set_password () to change your password:

>>> user = User.objects.get (username= ' John ') >>> User.set_password (' Goo Goo Goo Joob ') >>> User.save ()

Do not modify the Password property directly unless you know exactly what you are doing. It is a hash value that is added to the salt of the password, so it cannot be edited directly.

In general, the password property of the User object is a string with the following format:

Hashtype$salt$hash

This is the hash type, the salt and the hash itself, separated by a dollar sign ($).

Hashtype is the SHA1 (default) or MD5, which is the algorithm used to process a one-way password hash. A salt is a random string used to encrypt the original password to create a hash, for example:

Sha1$a1976$a36cc8cbf81742a8fb52e221aaeab48ed7f58ab4

The User.set_password () and User.check_password () functions process and examine these values in the background.

A hash value of salt

Once a hash is a one-way encryption process, you can easily calculate a hash code for a given value, but it is almost impossible to extract its original value from a hash code.

If we store passwords in plain text, anyone who can access the database can easily get everyone's password. Using hashing to store passwords correspondingly reduces the likelihood of a database leak password.

However, attackers can still use brute force to obtain a database password by comparing the stored values with the millions of passwords. It will take some time, but the smart computer is surprisingly fast beyond your imagination.

What's worse is that we can publicly get rainbow tables (a brute-force password-cracking table) or a database with millions of hashed password values. With rainbow tables, you can get the most complex password in a matter of seconds.

On the basis of the stored hash value, adding a salt value (a random value) increases the strength of the password, making it more difficult to crack. Because each password has a different salt value, it also limits the use of rainbow table, allowing attackers to use only the most primitive brute force methods.

Adding salt to hash is not an absolute safe way to store passwords, but it is a good tradeoff between security and convenience.
Process Registration

We can use these underlying tools to create a view that allows users to register. Recently, every developer wants to implement their own different registration methods, so Django has left you the job of registering the view. Fortunately, it's easy.

As the most streamlined process of this thing, we can provide a small view that prompts for some necessary user information and creates those users. Django provides a built-in form for this, and the following example uses this form:

From Django Import formsfrom django.contrib.auth.forms import usercreationformfrom django.http Import Httpresponseredirectfrom django.shortcuts Import render_to_responsedef Register (Request): if Request.method = = ' POST ':  form = usercreationform (Request. POST)  if Form.is_valid ():   new_user = Form.save ()   return Httpresponseredirect ("/books/") Else:  form = Usercreationform () return Render_to_response ("registration/register.html", {  ' form ': form,})

This form requires a template called registration/register.html. This template may be:

Create an account
{% Endblock%}

