溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊(cè)×
其他方式登錄
點(diǎn)擊 登錄注冊(cè) 即表示同意《億速云用戶(hù)服務(wù)條款》

Django JWT Token RestfulAPI用戶(hù)認(rèn)證詳解

發(fā)布時(shí)間:2020-09-28 01:26:14 來(lái)源:腳本之家 閱讀:385 作者:小澤哥 欄目:開(kāi)發(fā)技術(shù)

一般情況下我們Django默認(rèn)的用戶(hù)系統(tǒng)是滿足不了我們的需求的,那么我們會(huì)對(duì)他做一定的擴(kuò)展

創(chuàng)建用戶(hù)項(xiàng)目

python manage.py startapp users

添加項(xiàng)目apps

settings.py

INSTALLED_APPS = [
 ...
 'users.apps.UsersConfig',

]
添加AUTH_USRE_MODEL 替換默認(rèn)的user
AUTH_USER_MODEL = 'users.UserProfile'

如果說(shuō)想用全局認(rèn)證需要在配置文件中添加

# 全局認(rèn)證from rest_framework.authentication import TokenAuthentication,BasicAuthentication,SessionAuthentication

REST_FRAMEWORK = {
 'DEFAULT_AUTHENTICATION_CLASSES': (
  # 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', # 全局認(rèn)證,開(kāi)源jwt
  'rest_framework.authentication.BasicAuthentication',
  'rest_framework.authentication.SessionAuthentication',
  # 'rest_framework.authentication.TokenAuthentication', #全局認(rèn)證drf 自帶的

 )
}

編寫(xiě)model

擴(kuò)展User model

from django.contrib.auth.models import AbstractUser
from django.db import models


class UserProfile(AbstractUser):
 """
 用戶(hù)
 """
 name = models.CharField(max_length=30, null=True, blank=True, verbose_name="姓名")
 birthday = models.DateField(null=True, blank=True, verbose_name="出生年月")
 gender = models.CharField(max_length=6, choices=(("male", u"男"), ("female", "女")), default="female", verbose_name="性別")
 mobile = models.CharField(null=True, blank=True, max_length=11, verbose_name="電話")
 email = models.EmailField(max_length=100, null=True, blank=True, verbose_name="郵箱")

 class Meta:
  verbose_name = "用戶(hù)"
  verbose_name_plural = verbose_name

 def __str__(self):
  return self.username

編寫(xiě)serializers.py

from rest_framework import serializers
from users.models import VerifyCode

class VerifyCodeSerializer(serializers.ModelSerializer):
 class Meta:
  model = VerifyCode
  fields = "__all__"

編寫(xiě)views 動(dòng)態(tài)驗(yàn)證不同的請(qǐng)求使用不同的驗(yàn)證

views.py測(cè)試

from django.shortcuts import render
from rest_framework import mixins, viewsets
from rest_framework.views import APIView
from users.models import VerifyCode

from .serializers import VerifyCodeSerializer
# Create your views here.
from rest_framework.authentication import TokenAuthentication,BasicAuthentication,SessionAuthentication

from rest_framework_jwt.authentication import JSONWebTokenAuthentication
class VerifyCodeListViewSet(mixins.ListModelMixin,mixins.RetrieveModelMixin, viewsets.GenericViewSet):
 """
 驗(yàn)證碼列表
 """
 queryset = VerifyCode.objects.all()
 serializer_class = VerifyCodeSerializer
 # authentication_classes = [TokenAuthentication, ]
 # authentication_classes = [JSONWebTokenAuthentication, ]
 # JWT 認(rèn)證 加密,過(guò)期時(shí)間
 def get_authenticators(self):
  """
  Instantiates and returns the list of authenticators that this view can use.
  # 修改驗(yàn)證
  """
  # 動(dòng)態(tài)認(rèn)證
  print(self.authentication_classes)
  print([JSONWebTokenAuthentication, ])
  if self.action_map['get'] == "retrieve":
   self.authentication_classes = [BasicAuthentication,SessionAuthentication,]
  elif self.action_map['get'] == "list":
   self.authentication_classes = [JSONWebTokenAuthentication,]
  return [auth() for auth in self.authentication_classes]

 # DRF 自帶的認(rèn)證 不過(guò)期,易發(fā)生xss攻擊
 # def get_authenticators(self):
 #  """
 #  Instantiates and returns the list of authenticators that this view can use.
 #  # 修改驗(yàn)證
 #  """
 #  print(self.authentication_classes)
 #  print([JSONWebTokenAuthentication, ])
 #  if self.action_map['get'] == "retrieve":
 #   self.authentication_classes = [BasicAuthentication,SessionAuthentication,]
 #  elif self.action_map['get'] == "list":
 #   self.authentication_classes = [JSONWebTokenAuthentication,]
 #  return [auth() for auth in self.authentication_classes]

 def get_queryset(self):
     # 取出認(rèn)證信息
  print(self.request.auth)
  # print(self.action)
  return self.queryset
 # url

"""untitled URL Configuration

The `urlpatterns` list routes URLs to views. For more information please see:
 https://docs.djangoproject.com/en/1.10/topics/http/urls/
Examples:
Function views
 1. Add an import: from my_app import views
 2. Add a URL to urlpatterns: url(r'^$', views.home, name='home')
Class-based views
 1. Add an import: from other_app.views import Home
 2. Add a URL to urlpatterns: url(r'^$', Home.as_view(), name='home')
Including another URLconf
 1. Import the include() function: from django.conf.urls import url, include
 2. Add a URL to urlpatterns: url(r'^blog/', include('blog.urls'))
"""
from rest_framework.authtoken import views
from rest_framework_jwt.views import obtain_jwt_token

from django.conf.urls import url, include
from django.contrib import admin
from rest_framework import routers
from users.views import VerifyCodeListViewSet

router = routers.DefaultRouter()
router.register(r'codes', VerifyCodeListViewSet, 'codes')

urlpatterns = [
 url(r'^admin/', admin.site.urls),
 url(r'^api-auth/', include('rest_framework.urls'))

]
urlpatterns += [
 # drf 自帶的
 url(r'^api-token-auth/', views.obtain_auth_token),
 # jwt 認(rèn)證
 url(r'^jwt_auth/', obtain_jwt_token),
]
urlpatterns += router.urls

1. debug模式啟動(dòng)

Django JWT Token RestfulAPI用戶(hù)認(rèn)證詳解

2. 使用postmain測(cè)試

Django JWT Token RestfulAPI用戶(hù)認(rèn)證詳解

粘貼jwt token 到header中法功請(qǐng)求獲取codes列表數(shù)據(jù)

Django JWT Token RestfulAPI用戶(hù)認(rèn)證詳解

查看request 中的user可以看到用戶(hù)代表成功request.auth 可以獲得token

Django JWT Token RestfulAPI用戶(hù)認(rèn)證詳解

調(diào)試結(jié)束后可以看到結(jié)果

以上就是本文的全部?jī)?nèi)容,希望對(duì)大家的學(xué)習(xí)有所幫助,也希望大家多多支持億速云。

向AI問(wèn)一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI