DRF认证组件
2019-09-23 16:23
295 查看
原文链接:http://www.cnblogs.com/open-yang/p/11572999.html
1.DRF认证组件之视图注册用法(自定义简单使用)
settings.py配置
INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'app01.apps.App01Config', 'rest_framework', ]seetings.py
urls.py:
from django.conf.urls import url from django.contrib import admin from app01 import views urlpatterns = [ url(r'^admin/', admin.site.urls), url(r'^book/', views.CourseView.as_view(),name='courses'), ]urls.py
veiws.py
from django.shortcuts import render, HttpResponse from rest_framework.views import APIView from rest_framework import exceptions # Create your views here. #实例url:http://127.0.0.1:8000/book/?token=1 class MyAuth(object): def authenticate(self, request): # 该示例认证是需要在请求的url加上参数token(实际直接是校验用户名或密码或者登陆标识等) token = request._request.GET.get('token') if not token: raise exceptions.AuthenticationFailed('未认证用户!!!') return ('认证通过的request.user', 'request.auth') # 认证函数执行结果如果通过则为元组,元组第一个元素封装在为request.user,第二个参数封装在request.auth中 def authenticate_header(self, request): pass class CourseView(APIView): # 认证组件 authentication_classes = [MyAuth, ] def get(self, request): print(request.user)#request.user在APIViewD的dispatch中进行封装的 return HttpResponse('GET') def post(self, request): return HttpResponse('POST') def put(self, request): return HttpResponse('PUT') def patch(self, request): return HttpResponse('PATCH') def delete(self, request): return HttpResponse('DELETE')veiws.py
2.DRF认证组件的使用(局部和全局)
方式一:局部配置---视图类中添加类变量 authentication_classes=[MyAuth,]---(认证类列表)
settings.py配置见上(注册rest_framework应用)
models.py
from django.db import models # Create your models here class UserInfo(models.Model): """ 用户表 """ user_type_choices = [ (1, '普通用户'), (2, 'VIP用户'), (3, 'SVIP用户'), ] user_type = models.IntegerField(choices=user_type_choices) username = models.CharField(max_length=10, unique=True) password = models.CharField(max_length=12, null=False) class UserToken(models.Model): """ token表 """ user = models.OneToOneField(to='UserInfo') token = models.CharField(max_length=64) create_time = models.DateTimeField(auto_now=True) class Book(models.Model): name = models.CharField(max_length=12)models.py
urls.py
from django.conf.urls import url from django.contrib import admin from app01 import views urlpatterns = [ url(r'^admin/', admin.site.urls), url(r'^api/v1/login', views.AuthView.as_view()), url(r'^book/', views.CourseView.as_view(),name='courses'), ]urls.py
views.py
from django.shortcuts import render, HttpResponse from rest_framework.views import APIView from rest_framework import exceptions from app01 import models from django.http import JsonResponse # Create your views here. # 实例url:http://127.0.0.1:8000/book/?token=1 #认证类,每个类使用都需要加上类变量参数authentication_classes = [MyAuth, ] class MyAuth(object): def authenticate(self, request): # 该示例认证是需要在请求的url加上参数token(实际直接是校验用户名或密码或者登陆标识等) token = request._request.GET.get('token') token_obj = models.UserToken.objects.get(token=token) if not token_obj: raise exceptions.AuthenticationFailed('未认证用户!!!') return (token_obj.user, 'request.auth') # 认证函数执行结果如果通过则为元组,元组第一个元素封装在为request.user,第二个元素封装为request.auth def authenticate_header(self, request): pass class CourseView(APIView): # (1)认证组件 authentication_classes = [MyAuth, ] def get(self, request): print(request.user) # request.user在认证组件中进行封装的 return HttpResponse('GET') def post(self, request): return HttpResponse('POST') def put(self, request): return HttpResponse('PUT') def patch(self, request): return HttpResponse('PATCH') def delete(self, request): return HttpResponse('DELETE') import time import hashlib def token_md5(username): """ 自定义token :param username: :return: """ t = time.time() md5 = hashlib.md5(str(t).encode('utf-8')) md5.update(username.encode('utf-8')) return md5.hexdigest() class AuthView(APIView): def post(self, request): """ 用户登录 :param request:进行封装之后的request对象 :return: 登录结果信息 """ ret = {'code': 0, 'msg': ''} print(request._request.POST) username = request._request.POST.get('username', None) password = request._request.POST.get('password', None) # 每次登陆如果有就更新没有就创建 try: user_obj = models.UserInfo.objects.filter(username=username, password=password).first() if user_obj: token = token_md5(username) print(token) # 每次登陆如果有就更新没有就创建 models.UserToken.objects.update_or_create(user=user_obj, defaults={'token': token}) ret['msg'] = '登陆成功!' ret['token'] = token else: ret['code'] = 1 ret['msg'] = '账号或密码有误!!!' except Exception as e: ret['code'] = 2 ret['msg'] = '未知错误!!!' finally: return JsonResponse(ret)views.py
方式二:全局配置----在settings.py配置文件中加载REST_FRAMEWORK配置
settings.py
INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'app01.apps.App01Config', 'rest_framework', ] REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES' : ['app01.utils.auth.MyAuth',],#可以自定义多个认证类 'UNAUTHENTICATED_USER':lambda :'匿名用户request.user自定义值',#request.user有默认值,可以直接写None 'UNAUTHENTICATED_TOKEN':lambda :'request.auth自定义值',#request.auth有默认值,可以直接写None }seetings.py
utils--auth.py--MyAuth认证类
from rest_framework import exceptions from app01 import models class MyAuth(object): def authenticate(self, request): # 该示例认证是需要在请求的url加上参数token(实际直接是校验用户名或密码或者登陆标识等) token = request._request.GET.get('token') token_obj = models.UserToken.objects.get(token=token) if not token_obj: raise exceptions.AuthenticationFailed('未认证用户!!!') return (token_obj.user, 'request.auth') # 认证函数执行结果如果通过则为元组,元组第一个元素封装在为request.user,第二个元素封装为request.auth def authenticate_header(self, request): passView Code
models.py
from django.db import models # Create your models here class UserInfo(models.Model): """ 用户表 """ user_type_choices = [ (1, '普通用户'), (2, 'VIP用户'), (3, 'SVIP用户'), ] user_type = models.IntegerField(choices=user_type_choices) username = models.CharField(max_length=10, unique=True) password = models.CharField(max_length=12, null=False) class UserToken(models.Model): """ token表 """ user = models.OneToOneField(to='UserInfo') token = models.CharField(max_length=64) create_time = models.DateTimeField(auto_now=True) class Book(models.Model): name = models.CharField(max_length=12)models.py
urls.py
from django.conf.urls import url from django.contrib import admin from app01 import views urlpatterns = [ url(r'^admin/', admin.site.urls), url(r'^api/v1/login', views.AuthView.as_view()), url(r'^book/', views.CourseView.as_view(),name='courses'), ]urls.py
views.py
from django.shortcuts import render, HttpResponse from rest_framework.views import APIView from rest_framework import exceptions from app01 import models from django.http import JsonResponse # 实例url:http://127.0.0.1:8000/book/?token=1 class CourseView(APIView): # (1)认证组件 authentication_classes = [MyAuth, ] def get(self, request): print(request.user) #request.user在APIViewD的dispatch中进行封装的 return HttpResponse('GET') def post(self, request): return HttpResponse('POST') def put(self, request): return HttpResponse('PUT') def patch(self, request): return HttpResponse('PATCH') def delete(self, request): return HttpResponse('DELETE') import time import hashlib def token_md5(username): """ 自定义token :param username: :return: """ t = time.time() md5 = hashlib.md5(str(t).encode('utf-8')) md5.update(username.encode('utf-8')) return md5.hexdigest() class AuthView(APIView): #如果不注册自定义组件,走默认的认证,最后返回了request.user和request.auth都是匿名用户默认值,可以在settings.py中加载自定义配置 def post(self, request): """ 用户登录 :param request:进行封装之后的request对象 :return: 登录结果信息 """ ret = {'code': 0, 'msg': ''} print(request._request.POST) username = request._request.POST.get('username', None) password = request._request.POST.get('password', None) # 每次登陆如果有就更新没有就创建 try: user_obj = models.UserInfo.objects.filter(username=username, password=password).first() if user_obj: token = token_md5(username) print(token) # 每次登陆如果有就更新没有就创建 models.UserToken.objects.update_or_create(user=user_obj, defaults={'token': token}) ret['msg'] = '登陆成功!' ret['token'] = token else: ret['code'] = 1 ret['msg'] = '账号或密码有误!!!' except Exception as e: ret['code'] = 2 ret['msg'] = '未知错误!!!' finally: return JsonResponse(ret)views.py
3.DRF认证组件的继承类(常用)
utils--auth.py--MyAuth认证类
from rest_framework import exceptions from app01 import models from rest_framework.authentication import BaseAuthentication,BasicAuthentication # 实例url:http://127.0.0.1:8000/book/?token=1 #认证类(可以定义多个): # 方式一:每个类使用都需要加上类变量参数authentication_classes = [MyAuth, ] #方式二:在setings.py配置中加载REST_FRAMEWORK配置----'DEFAULT_AUTHENTICATION_CLASSES' : [], # class MyAuth(object): class MyAuth(BaseAuthentication):#可以直接继承BaseAuthentication类,可以省略authenticate_header方法,或者继承BasicAuthentication def authenticate(self, request): # 该示例认证是需要在请求的url加上参数token(实际直接是校验用户名或密码或者登陆标识等) token = request._request.GET.get('token') token_obj = models.UserToken.objects.get(token=token) if not token_obj: raise exceptions.AuthenticationFailed('未认证用户!!!') return (token_obj.user', 'request.auth') # 认证函数执行结果如果通过则为元组,元组第一个元素封装在为request.user # def authenticate_header(self, request): # passutils--auth.py--MyAuth认证类
settings.py
INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', 'app01.apps.App01Config', 'rest_framework', ] REST_FRAMEWORK = { #认证组件 'DEFAULT_AUTHENTICATION_CLASSES' : ['app01.utils.auth.MyAuth',],#可以自定义多个认证类 'UNAUTHENTICATED_USER':lambda :'匿名用户request.user自定义值',#request.user有默认值,可以直接写None 'UNAUTHENTICATED_TOKEN':lambda :'request.auth自定义值',#request.auth有默认值,可以直接写None }seetings.py
转载于:https://www.cnblogs.com/open-yang/p/11572999.html
相关文章推荐
- DRF认证组件
- DRF认证组件流程分析
- Django之用户认证组件
- Django学习笔记(13)——Django的用户认证组件,视图层和QuerySet API
- 10.Django用户认证组件
- 8.用户认证组件
- Rest Framework:四、认证组件
- rest-framework框架——认证、权限、频率组件
- Django 用户认证组件使用详解
- Django的用户认证组件
- 06 django的用户认证组件
- restful framework之认证组件
- Laravel 5.3 使用内置的 Auth 组件实现多用户认证功能以及登陆才能访问后台的功能的一种实现方法
- .Net Core:身份认证组件
- Django和drf-jwt用户认证过程
- websphere数据源属性之容器的认证别名和组件管理的认证别名
- Django - DRF自带的token认证和JWT区别
- Openstack组件实现原理 — Keystone认证功能
- 002---rest_framework认证组件
- 在ASP.NET AJAX中使用应用程序服务和本地化(1):身份认证组件AuthenticationService