1👍
Django will, by default, hash the password as security measure, and thus the hashed password is longer than 32 characters. Indeed, in the How Django stores passwords section of the documentation, it shows that it stores the password as:
<algorithm>$<iterations>$<salt>$<hash>
an example could for example be:
pbkdf2_sha256$15000$Pjun1TMGEQnM$lShdzU33covbDNiqGVDffdHh/86VaECJlaaNXchT0ew=
It is impossible to reconstruct the original password (given the hasher is a safe hasher), only to check if the passwords match. If someone manages to get access to the database, that person still can not read the real passwords. Since people often tend to use the same password on multiple sites, that would be a severe security risk.
You thus need more space to store the hashed passwords. Django’s standard user model uses 128 characters. So you implement this as:
class Person(AbstractUser):
username = models.fields.CharField(max_length=50, unique=True)
password = models.fields.CharField(max_length=128)
You can let the form check if the username
is unique and thus work with:
class RegisterForm(ModelForm):
class Meta:
model = Person
fields = ['username', 'password']
widgets = {
'password': PasswordInput()
}
def save(self, *args, commit=True, **kwargs):
person = super().save(*args, commit=commit, **kwargs)
person.set_password(self.cleaned_data['password'])
if commit:
person.save()
return person
By not specifying the form fields manually, Django will also validate the maximum length for the username (50 characters), and check its uniqness.
You then can use as view:
def register(request):
if request.method == 'POST':
form = RegisterForm(request.POST, request.FILES)
if form.is_valid():
form.save()
return redirect('name-of-some-view')
else:
form = RegisterForm()
context = {'form': form}
# …