我有一个OTP生成器机制,在GET方法中,生成一个唯一的4-dit OTP,并将其发送到OTPAuthenticationForm(),如下所示:
视图.py
if request.method == 'GET':
otp = 'abcd'
# code to send otp via mail
form = OTPAuthenticationForm(request=request, otp=otp) # this is how the OTP is passed only once.
return ....
elif request.method == 'POST':
form = OTPAuthenticationForm(request.POST, request=request)
if form.is_valid(): # the clean_field() method is not invoked/throws error.
print("OTP is valid")
else:
print("OTP is invalid")
表单.py
from django.contrib.auth.forms import AuthenticationForm
class OTPAuthenticationForm(AuthenticationForm):
otp = forms.CharField(required=True, widget=forms.TextInput)
def __init__(self, otp, *args, **kwargs):
self.otp = kwargs.pop("otp")
super(OTPAuthenticationForm, self).__init__(*args, **kwargs)
def clean(self):
if self.otp!= self.cleaned_data['otp']:
raise forms.ValidationError("Invalid OTP")
如何将生成的otp只传递一次给OTPAuthForm(),以便根据用户输入otp(通过电子邮件接收的otp)对其进行验证。
更新:
OTPAuthenticationForm(forms.Form)
之前导入的类AuthenticationForm()需要用户名、密码字段和自定义OTP字段。
这就是为什么form.is_valid()返回为无效,因为在应用程序中分别处理用户名、密码身份验证。
