密码hash包含username

account/models.py

@@ -21,7 +21,7 @@ class User(models.Model):
     email = models.EmailField(_('email address'), unique=True)
 
     def save(self, *args, **kwargs):
-        self.password = encode_password(self.password)
+        self.password = encode_password(self.username, self.password)
         super(User, self).save(*args, **kwargs)
 
     def get_root_folder(self):

account/utils.py

@@ -2,7 +2,7 @@ from string import ascii_letters, digits, printable
 
 
 def auth_with_username_or_email(username, password):
-    password = encode_password(password)
+    password = encode_password(username, password)
     from account.models import User
     if '@' in username:
         user = User.objects.get(email=username, password=password)
@@ -17,8 +17,8 @@ def check_password(password):
     return set(password).issubset(printable) and len(password) >= 8
 
 
-def encode_password(password):
+def encode_password(username, password):
     import hashlib
     md5 = hashlib.md5()
-    md5.update(password.encode())
-    return md5.hexdigest()
+    md5.update((username + password).encode())
+    return md5.hexdigest()