CODEWITHSUNDEEP
pythondjango
winston
winston

Reputation: 3100

Password not set for new django users

When a new user signs up for an account, the admin panel shows that a password has not been set for the user (despite saving it via views.py). Another strange thing I noticed is that the password is being saved to the email field in the database. The code appears fine. Not sure where I went wrong. Any help would be greatly appreciated.

sign up html template

{% if user.is_authenticated %}
                <h2>currently logged in as {{ user.username }} </h2>
                {% else %}
                <h1 class="h5 text-center">Create Account</h1>
                <h4>{{ error }}</h4>
                <form method="POST">
                  {% csrf_token %}
                  <div class="form-group">
                    <label for="username">Username</label>
                    <input type="text" class="form-control" name="username" autocomplete="username" placeholder="Username" id="id_username" required>
                  </div>
                  <div class="form-group">
                    <label for="password1">Password</label>
                    <input type="password" class="form-control" name="password1" placeholder="Password"  autocomplete="new-password" required id="id_password1">
                    <small>Password must be at least 8 characters</small>
                  </div>
                  <div class="form-group">
                    <label for="password2">Confirm Password</label>
                    <input type="password" class="form-control" name="password2" placeholder="Confirm Password" autocomplete="new-password" required id="id_password2">
                  </div>
                  <ul>
                    <li>Your password can’t be too similar to your other personal information.</li>
                    <li>Your password must contain at least 8 characters.</li>
                    <li>Your password can’t be a commonly used password.</li>
                    <li>Your password can’t be entirely numeric.</li>
                </ul>
                  <!-- <div class="form-group">
                    <div class="custom-control custom-checkbox text-small">
                      <input type="checkbox" class="custom-control-input" id="sign-up-agree">
                      <label class="custom-control-label" for="sign-up-agree">I agree to the <a target="_blank" href="utility-legal-terms.html">Terms &amp; Conditions</a>
                      </label>
                    </div>
                  </div> -->
                  <button class="btn btn-primary btn-block" type="submit">Create Account</button>
                </form>

views.py

def signup(request):
    if request.method == 'GET':
        return render(request, 'events/signup.html', {'form': UserCreationForm()})
    else:
        # Create new user and profile
        if request.POST['password1'] == request.POST['password2']:
            try:
                print(request.POST['password1'])
                print(request.POST['password2'])
                user = User.objects.create_user(request.POST['username'], request.POST['password1'])
                user.save()

                login(request, user)

                return redirect('home')
            except IntegrityError:
                return render(request, 'events/signup.html', {'form': UserCreationForm(), 'error':'Username has already been taken. Please use a different name.'})
        else:
            # Tell the user the passwords don't match
            return render(request, 'events/signup.html', {'form': UserCreationForm(), 'error':'Passwords did not match'})

There's no mention of "email" anywhere in the code but for some reason the password gets saved as email and the actual password isn't getting set.

Upvotes: 1

Views: 1031

Answers (2)

RemcoGerlich
RemcoGerlich

Reputation: 31270

Your code:

user = User.objects.create_user(request.POST['username'], request.POST['password1'])
            user.save()

See the the docs:

create_user(username, email=None, password=None, **extra_fields)

So, oops, you send the password as second argument and it is interpreted as being the email address.

create_user(username=request.POST['username'], password=request.POST['password1'])

Should work.

Upvotes: 1

Sami
Sami

Reputation: 381

You need to set password explicitly, or send it in the third param, second param of create_user method is email, thats why password is being set as email. reference to set_password method

reference to create_user method

You need something like this.

user = User.objects.create_user(username=request.POST['username'])
user.set_password('new password')
user.save()

Upvotes: 3

Related Questions