一般情况下我们Django默认的用户系统是满足不了我们的需求的,那么我们会对他做一定的扩展
创建用户项目
python manage.py startapp users
添加项目apps
settings.py
INSTALLED_APPS = [ ... 'users.apps.UsersConfig', ] 添加AUTH_USRE_MODEL 替换默认的user AUTH_USER_MODEL = 'users.UserProfile' 如果说想用全局认证需要在配置文件中添加 # 全局认证from rest_framework.authentication import TokenAuthentication,BasicAuthentication,SessionAuthentication REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( # 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', # 全局认证,开源jwt 'rest_framework.authentication.BasicAuthentication', 'rest_framework.authentication.SessionAuthentication', # 'rest_framework.authentication.TokenAuthentication', #全局认证drf 自带的 ) }
编写model
扩展User model
from django.contrib.auth.models import AbstractUser from django.db import models class UserProfile(AbstractUser): """ 用户 """ name = models.CharField(max_length=30, null=True, blank=True, verbose_name="姓名") birthday = models.DateField(null=True, blank=True, verbose_name="出生年月") gender = models.CharField(max_length=6, choices=(("male", u"男"), ("female", "女")), default="female", verbose_name="性别") mobile = models.CharField(null=True, blank=True, max_length=11, verbose_name="电话") email = models.EmailField(max_length=100, null=True, blank=True, verbose_name="邮箱") class Meta: verbose_name = "用户" verbose_name_plural = verbose_name def __str__(self): return self.username
编写serializers.py
from rest_framework import serializers from users.models import VerifyCode class VerifyCodeSerializer(serializers.ModelSerializer): class Meta: model = VerifyCode fields = "__all__"
编写views 动态验证不同的请求使用不同的验证
views.py测试
from django.shortcuts import render from rest_framework import mixins, viewsets from rest_framework.views import APIView from users.models import VerifyCode from .serializers import VerifyCodeSerializer # Create your views here. from rest_framework.authentication import TokenAuthentication,BasicAuthentication,SessionAuthentication from rest_framework_jwt.authentication import JSONWebTokenAuthentication class VerifyCodeListViewSet(mixins.ListModelMixin,mixins.RetrieveModelMixin, viewsets.GenericViewSet): """ 验证码列表 """ queryset = VerifyCode.objects.all() serializer_class = VerifyCodeSerializer # authentication_classes = [TokenAuthentication, ] # authentication_classes = [JSONWebTokenAuthentication, ] # JWT 认证 加密,过期时间 def get_authenticators(self): """ Instantiates and returns the list of authenticators that this view can use. # 修改验证 """ # 动态认证 print(self.authentication_classes) print([JSONWebTokenAuthentication, ]) if self.action_map['get'] == "retrieve": self.authentication_classes = [BasicAuthentication,SessionAuthentication,] elif self.action_map['get'] == "list": self.authentication_classes = [JSONWebTokenAuthentication,] return [auth() for auth in self.authentication_classes] # DRF 自带的认证 不过期,易发生xss攻击 # def get_authenticators(self): # """ # Instantiates and returns the list of authenticators that this view can use. # # 修改验证 # """ # print(self.authentication_classes) # print([JSONWebTokenAuthentication, ]) # if self.action_map['get'] == "retrieve": # self.authentication_classes = [BasicAuthentication,SessionAuthentication,] # elif self.action_map['get'] == "list": # self.authentication_classes = [JSONWebTokenAuthentication,] # return [auth() for auth in self.authentication_classes] def get_queryset(self): # 取出认证信息 print(self.request.auth) # print(self.action) return self.queryset # url """untitled URL Configuration The `urlpatterns` list routes URLs to views. For more information please see: https://docs.djangoproject.com/en/1.10/topics/http/urls/ Examples: Function views 1. Add an import: from my_app import views 2. Add a URL to urlpatterns: url(r'^$', views.home, name='home') Class-based views 1. Add an import: from other_app.views import Home 2. Add a URL to urlpatterns: url(r'^$', Home.as_view(), name='home') Including another URLconf 1. Import the include() function: from django.conf.urls import url, include 2. Add a URL to urlpatterns: url(r'^blog/', include('blog.urls')) """ from rest_framework.authtoken import views from rest_framework_jwt.views import obtain_jwt_token from django.conf.urls import url, include from django.contrib import admin from rest_framework import routers from users.views import VerifyCodeListViewSet router = routers.DefaultRouter() router.register(r'codes', VerifyCodeListViewSet, 'codes') urlpatterns = [ url(r'^admin/', admin.site.urls), url(r'^api-auth/', include('rest_framework.urls')) ] urlpatterns += [ # drf 自带的 url(r'^api-token-auth/', views.obtain_auth_token), # jwt 认证 url(r'^jwt_auth/', obtain_jwt_token), ] urlpatterns += router.urls
1. debug模式启动
2. 使用postmain测试
粘贴jwt token 到header中法功请求获取codes列表数据
查看request 中的user可以看到用户代表成功request.auth 可以获得token
调试结束后可以看到结果
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持。
免责声明:本站文章均来自网站采集或用户投稿,网站不提供任何软件下载或自行开发的软件!
如有用户或公司发现本站内容信息存在侵权行为,请邮件告知! 858582#qq.com
暂无“Django JWT Token RestfulAPI用户认证详解”评论...
稳了!魔兽国服回归的3条重磅消息!官宣时间再确认!
昨天有一位朋友在大神群里分享,自己亚服账号被封号之后居然弹出了国服的封号信息对话框。
这里面让他访问的是一个国服的战网网址,com.cn和后面的zh都非常明白地表明这就是国服战网。
而他在复制这个网址并且进行登录之后,确实是网易的网址,也就是我们熟悉的停服之后国服发布的暴雪游戏产品运营到期开放退款的说明。这是一件比较奇怪的事情,因为以前都没有出现这样的情况,现在突然提示跳转到国服战网的网址,是不是说明了简体中文客户端已经开始进行更新了呢?
更新动态
2024年11月26日
2024年11月26日
- 凤飞飞《我们的主题曲》飞跃制作[正版原抓WAV+CUE]
- 刘嘉亮《亮情歌2》[WAV+CUE][1G]
- 红馆40·谭咏麟《歌者恋歌浓情30年演唱会》3CD[低速原抓WAV+CUE][1.8G]
- 刘纬武《睡眠宝宝竖琴童谣 吉卜力工作室 白噪音安抚》[320K/MP3][193.25MB]
- 【轻音乐】曼托凡尼乐团《精选辑》2CD.1998[FLAC+CUE整轨]
- 邝美云《心中有爱》1989年香港DMIJP版1MTO东芝首版[WAV+CUE]
- 群星《情叹-发烧女声DSD》天籁女声发烧碟[WAV+CUE]
- 刘纬武《睡眠宝宝竖琴童谣 吉卜力工作室 白噪音安抚》[FLAC/分轨][748.03MB]
- 理想混蛋《Origin Sessions》[320K/MP3][37.47MB]
- 公馆青少年《我其实一点都不酷》[320K/MP3][78.78MB]
- 群星《情叹-发烧男声DSD》最值得珍藏的完美男声[WAV+CUE]
- 群星《国韵飘香·贵妃醉酒HQCD黑胶王》2CD[WAV]
- 卫兰《DAUGHTER》【低速原抓WAV+CUE】
- 公馆青少年《我其实一点都不酷》[FLAC/分轨][398.22MB]
- ZWEI《迟暮的花 (Explicit)》[320K/MP3][57.16MB]