zoukankan      html  css  js  c++  java
  • django的用户认证模块(auth)

    简介

    功能: 用session记录登录验证状态

    前提: 用户表, django自带的auth_user

    创建超级用户: python3 manage.py createsuperuser

    API

    from django.contrib import auth

    验证

    验证成功返回user对象, 否则返回None

    user = request.POST.get('user')
    pwd =request.POST.get('pwd')
    user = auth.authenticate(username=user, password=pwd)
    '''
    user 为前端 input标签里设置的name属性的值, 在后端通过 request.POST.get('user')获得数据
    pwd 为前端 input标签里设置的name属性的值, 在后端通过 request.POST.get('pwd')获得数据
    '''
    

    登录

    auth.login(request, user)

    如果user的值不为空, 完成登录; request.user=user ===> 当前登录对象, request.user是一个全局变量, 作用于整个django项目

    如果user的值是空的, 则 request.user = AnonymousUser

    注销

    request.logout(request)

    django_session保存的登录记录会被自动删除

    判断是否登录

    request.user.is_authenticated()

    返回的是布尔值, 如果用户登录了, 就返回True; 否则就是False

    注册用户

    from django.contrib.auth.models import User
    User.objects.create_user(username=user, password=pwd)
    

    匿名用户对象

    class models.AnonymousUser

    django.contrib.auth.model.AnonymousUser 类实现了 django.contrib.auth.model.User接口

    字段 说明
    id 永远为None
    get_username() 永远返回字符串
    is_staff 永远为False
    is_superuser 永远为False
    is_active 永远为False
    groups 永远为空
    user_permissions 永远为空
    is_anonymous() 返回True 而不是False
    is_authenticated() 返回False而不是True
    set_password() 引发 NotImplementedError
    check_password() 引发 NotImplementedError
    save() 引发 NotImplementedError
    delete() 引发 NotImplementedError
    from django.utils.deprecation import CallableFalse, CallableTrue
    from django.db.models.manager import EmptyManager
    
    class AnonymousUser(object):
        id = None
        pk = None
        username = ''
        is_staff = False
        is_active = False
        is_superuser = False
        _groups = EmptyManager(Group)
        _user_permissions = EmptyManager(Permission)
    
        def __init__(self):
            pass
    
        def __str__(self):
            return 'AnonymousUser'
    		
        def save(self):
          raise NotImplementedError("Django doesn't provide a DB representation for AnonymousUser.")
    
        def delete(self):
            raise NotImplementedError("Django doesn't provide a DB representation for AnonymousUser.")
    
        def set_password(self, raw_password):
            raise NotImplementedError("Django doesn't provide a DB representation for AnonymousUser.")
    
        def check_password(self, raw_password):
            raise NotImplementedError("Django doesn't provide a DB representation for AnonymousUser.")
            
        @property
        def groups(self):
            return self._groups
    
        @property
        def user_permissions(self):
            return self._user_permissions
    
        def get_group_permissions(self, obj=None):
            return set()
    
        @property
        def is_anonymous(self):
            return CallableTrue
    
        @property
        def is_authenticated(self):
            return CallableFalse
    
        def get_username(self):
            return self.username
    

    案例

    urls.py

    from django.conf.urls import url
    from django.contrib import admin
    from app01 import views
    
    urlpatterns = [
        url(r'^admin/', admin.site.urls),
        url(r'^login/', views.login),
        url(r'^index/', views.index),
        url(r'^logout/', views.logout),
        url(r'^reg/', views.reg),
    ]
    

    templates/index.html

    <!DOCTYPE html>
    <html lang="en">
    <head>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <title>Title</title>
    </head>
    <body>
    <h3>Hi, {{ user }}</h3>
    <a href="/logout/">注销</a>
    </body>
    </html>
    

    templates/login.html

    <!DOCTYPE html>
    <html lang="en">
    <head>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <title>Title</title>
    </head>
    <body>
    <form action="" method="post">
        {% csrf_token %}
        用户名 <input type="text" name="user">
        密码 <input type="text" name="pwd">
        <input type="submit" value="submit">
    </form>
    </body>
    </html>
    

    templates/reg.html

    <!DOCTYPE html>
    <html lang="en">
    <head>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <title>登录</title>
    </head>
    <body>
    <form action="" method="post">
        {% csrf_token %}
        <h1>注册</h1>
        用户名 <input type="text" name="user">
        密码 <input type="text" name="pwd">
        <input type="submit" value="submit">
    </form>
    </body>
    </html>
    

    登录认证

    验证用户是否登录

    版本1

    测试登录和未登录时候request.user这个对象的属性的返回值

    views.py

    from django.shortcuts import render, redirect, HttpResponse
    from django.contrib import auth
    # Create your views here.
    
    def login(request):
        if request.method=='POST':
            user = request.POST.get('user')
            pwd =request.POST.get('pwd')
    
            # if 验证成功返回user对象, 否则返回None
            user = auth.authenticate(username=user, password=pwd)
    
            if user:
                auth.login(request, user)  # request.user=user ===> 当前登录对象
                return redirect('/index/')
    
    
        return render(request, 'login.html')
    
    def index(request):
        print("request.user:", request.user)
        print("request.user.username:", request.user.username)
        print("request.user.get_username():", request.user.get_username())
        print("request.is_anonymous():", request.user.is_anonymous())
    
        return render(request, 'index.html')
    

    未登录时候的输出结果

    request.user: AnonymousUser
    request.user.username: 
    request.user.get_username(): 
    request.is_anonymous(): True
    

    登录时候的输出结果

    request.user: cjw
    request.user.username: cjw
    request.user.get_username(): cjw
    request.is_anonymous(): False
    

    版本2

    做判断, 验证用户登录

    views.py

    from django.shortcuts import render, redirect, HttpResponse
    from django.contrib import auth
    
    def login(request):
        if request.method=='POST':
            user = request.POST.get('user')
            pwd =request.POST.get('pwd')
    
            '''if 验证成功返回user对象, 否则返回None'''
            user = auth.authenticate(username=user, password=pwd)
    
            if user:
                '''request.user=user ===> 当前登录对象, request.user是全局变量, 作用于整个django项目'''
                auth.login(request, user)
                
                return redirect('/index/')
    
    
        return render(request, 'login.html')
    
    def index(request):
        if request.user.is_anonymous:
            return redirect('/login/')
        return render(request, 'index.html')
    

    同一个用户重复登录, django_session表中的 字段 session_keysession_data不变

    不同的用户第二次再登录, django_session表中的 字段 session_keysession_data值发生变化

    用户1 第一次登录的记录**

    用户1 第二次登录的记录

    在用户登录的条件下, 用户2第一次登录的记录**

    注销用户

    当执行 auth.logout(request)的时候, session记录从 django_session表中移除

    views.py

    def logout(request):
        auth.logout(request)
        return redirect('/login/')
    

    注册用户

    views.py

    def reg(request):
        if request.method == "POST":
            user, pwd = request.POST.get('user'), request.POST.get('pwd')
            User.objects.create_user(username=user, password=pwd)
            return redirect('/login/')
    
        return render(request, 'reg.html')
    
  • 相关阅读:
    OAuth2.0标准类库汇总
    RabbitMQ:Docker环境下搭建rabbitmq集群
    WCF&AppFabric :异常消息: 内存入口检查失败
    前端框架Vue、Angular、React
    串口驱动开发
    组合而不是继承,单一职责
    项目管理的一个月
    软件架构的一个设想以及谈一下过去两年开发软件的过失
    TCP中需要了解的东西
    C++编程新思维中的技巧
  • 原文地址:https://www.cnblogs.com/cjwnb/p/11715401.html
Copyright © 2011-2022 走看看