devbox
2023面试高手
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

Django restframework auth 认证_django-rest-framework auth

作者:2023面试高手 | 2024-02-09 11:15:22

django-rest-framework auth

在页面渲染和权限判断之前,判断用户是否可以访问该页面,身份验证是将传入请求与一组识别凭证(例如请求的用户或其签名的令牌)相关联的机制。然后,权限和限制策略可以使用这些凭据来确定请求是否应该被允许。

如何确定身份认证

身份验证方案的定义为“类列表”,即如果您需要定义身份认证的方案,需要编写验证类(通过继承Base类)。REST框架将尝试对列表中的每个类进行身份验证,并将设置request.userrequest.auth使用成功进行身份验证的第一个类的返回值(在编写过程中有可能编写了多个验证类,程序将一个类一个类进行匹配,程序将返回第一个匹配正确的值)。如果没有任何类通过身份验证,request.user则将设置为的实例django.contrib.auth.models.AnonymousUser,并将request.auth设置为None

未认证请求的request.user和值request.auth可以使用UNAUTHENTICATED_USERUNAUTHENTICATED_TOKEN设置进行修改。

在django restframework中,有四个已经提供好的,可以直接使用的认证类,BasicAuthentication && TokenAuthentication && SessionAuthenticatoin && RemoteUserAuthentication

BasicAuthentication:第一个样例

step1:DEFAULT_AUTHENTICATION_CLASSES设置全局设置默认身份验证方案,例如:

  1. #settings.py
  2. REST_FRAMEWORK = {
  3.     'DEFAULT_AUTHENTICATION_CLASSES': [
  4.         'rest_framework.authentication.BasicAuthentication',
  5.     ]
  6. }

step2:在Views文件中使用身份验证方案(并编号URL文件)

  1. # url.py
  2. from django.contrib import admin
  3. from django.urls import path
  4. from django.conf.urls import url
  5.  
  6. from pert.views import Example
  7.  
  8. urlpatterns = [
  9.     path('admin/', admin.site.urls),
  10.     path('example/', Example.as_view()),
  11. ]
  12.  
  13. # views.py
  14. from rest_framework.authentication import SessionAuthentication, BasicAuthentication
  15. from rest_framework.permissions import IsAuthenticated
  16. from rest_framework.response import Response
  17. from rest_framework.views import APIView
  18.  
  19. class ExampleView(APIView):
  20.     # 由于在step1中设置了全局的验证方案,如果在编程过程中不需要使用全局验证方案则
  21.     # authentication_classes = []
  22.     authentication_classes = [BasicAuthentication]
  23.  
  24.     #设置,通过认证的用户具有访问权限
  25.     permission_classes = [IsAuthenticated]
  26.  
  27.     def get(self, request, format=None):
  28.         content = {
  29.             'user': unicode(request.user),  # `django.contrib.auth.User` instance.
  30.             'auth': unicode(request.auth),  # None
  31.         }
  32.         return Response(content)

step3:验证,当你get访问页面example时,您会发现跳出一个输入框【输入username && password】,(即匹配 默认的auth_user  MODEL )

自定义认证:第二个样例

step1:APP目录下生成utils目录,utils目录下生成authenticate.py文件,并编写认证类代码:

To implement a custom authentication scheme, subclass BaseAuthentication and override the .authenticate(self, request) method. The method should return a two-tuple of (user, auth) if authentication succeeds, or None otherwise.

In some circumstances instead of returning None, you may want to raise an AuthenticationFailed exception from the .authenticate() method.

Typically the approach you should take is:

  • If authentication is not attempted, return None. Any other authentication schemes also in use will still be checked.
  • If authentication is attempted but fails, raise a AuthenticationFailed exception. An error response will be returned immediately, regardless of any permissions checks, and without checking any other authentication schemes.

You may also override the .authenticate_header(self, request) method. If implemented, it should return a string that will be used as the value of the WWW-Authenticate header in a HTTP 401 Unauthorized response.

If the .authenticate_header() method is not overridden, the authentication scheme will return HTTP 403 Forbidden responses when an unauthenticated request is denied access.

  1. # APPname.utils.authenticate
  2. from pert import models
  3. from rest_framework import exceptions
  4. from rest_framework.authentication import BaseAuthentication
  5.  
  6.  
  7. class MyAuthenticate(BaseAuthentication):
  8.     def authenticate(self, request):
  9.         token = request._request.GET.get('token')                         # 获取token参数
  10.         token_obj = models.UserToken.objects.filter(token=token).first()  # 在数据库UserToken查找是否有相应的对象
  11.         if not token_obj:                                                 # 如果没有,则报错
  12.             raise exceptions.AuthenticationFailed('用户认证失败')
  13.         return (token_obj.user, token_obj)                                # 这里需要返回两个对象,分别是UserInfo对象和UserToken对象
  14.   
  15.     def authenticate_header(self, request):  # 返回相应头信息
  16.           pass

step2:DEFAULT_AUTHENTICATION_CLASSES设置全局设置默认身份验证方案,例如:

  1. #settings.py
  2. REST_FRAMEWORK = {
  3.     'DEFAULT_AUTHENTICATION_CLASSES': [
  4.         'rest_framework.authentication.BasicAuthentication',
  5.         'rest_framework.authentication.SessionAuthentication',
  6.         'appname.utils.authenticate.MyAuthenticate',
  7.     ]
  8. }

 step3:在Views文件中使用身份验证方案(并编号URL文件)

  1. # url.py
  2. from django.contrib import admin
  3. from django.urls import path
  4. from django.conf.urls import url
  5.  
  6. from pert.views import Example
  7.  
  8. urlpatterns = [
  9.     path('admin/', admin.site.urls),
  10.     path('api/v1/auth/', AuthView.as_view()),
  11.     path('api/v1/order/', OrderView.as_view())
  12. ]
  13.  
  14. #models
  15. from django.db import models
  16.  
  17. class UserInfo(models.Model):
  18.     USER_TYPE = (
  19.         (1, '普通用户'),
  20.         (2, 'VIP'),
  21.         (3, 'SVIP')
  22.     )
  23.  
  24.     user_type = models.IntegerField(choices=USER_TYPE, default=1)
  25.     username = models.CharField(max_length=32)
  26.     password = models.CharField(max_length=64)
  27.  
  28. class UserToken(models.Model):
  29.     user = models.OneToOneField(UserInfo,on_delete=models.CASCADE)
  30.     token = models.CharField(max_length=64)
  31.  
  32. # views.py
  33. class AuthView(View):
  34.     def get(self, request, *args, **kwargs):
  35.         # request.session["user"] = "szy"
  36.         ret = {'code': 1000, 'msg': 'success', 'name': 'get method'}
  37.         ret = json.dumps(ret, ensure_ascii=False)
  38.  
  39.         return HttpResponse(ret)
  40.  
  41.     def post(self, request, *args, **kwargs):
  42.         ret = {'code': 1000, 'msg': None}
  43.         try:
  44.             data = JSONParser().parse(request)
  45.             print(data)
  46.             user = data["username"]
  47.             print(user)
  48.             pwd = data["password"]
  49.             print(pwd)
  50.             obj = models.UserInfo.objects.filter(username=user).first()
  51.  
  52.             if not obj:
  53.                 obj = models.UserInfo.objects.create(username=user, password=pwd)
  54.                 ret['code'] = 1001
  55.                 ret['msg'] = '创建用户成功'
  56.  
  57.             # 为用户创建token
  58.             token = md5(user)
  59.             # 存在就更新,不存在就创建
  60.             models.UserToken.objects.update_or_create(user=obj, defaults={'token': token})
  61.             ret['token'] = token
  62.         except Exception as e:
  63.             ret['code'] = 1002
  64.             ret['msg'] = '请求异常'
  65.         return JsonResponse(ret)
  66.  
  67. class OrderView(APIView):
  68.     authentication_classes = [MyAuthenticate]
  69.     # permission_classes = [IsAuthenticated]
  70.     def get(self, request, *args, **kwargs):
  71.         print(str(request.user))
  72.         ret = {
  73.             'code': 1024,
  74.             'msg': '订单获取成功',
  75.         }
  76.         try:
  77.             ret['data'] = ORDER_DICT
  78.         except Exception as e:
  79.             pass
  80.         return JsonResponse(ret)

 step4:验证

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/2023面试高手/article/detail/71662
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号