drf之auth认证

drf总流程链接

https://www.cnblogs.com/daviddd/p/11918405.html

drf之auth认证

'''
承上rest_framework总流程的5.2认证

认证：
1. 执行dispatch方法，中的initialize_request
封装新的request，然后执行get_authenticators，实例化认证类对象列表，并封装到request中


2. 执行initial中的perform_authrentication 方法，执行request.user 中的_authenticate
方法，循环认证类对象列表，并执行authenticate方法，返回none，或者一个元组,或者抛出异常

'''
class APIView(View):

	
	# 3.22authentication_classes 配置，全局配置在settings文件中或自定义在需要的类中
	authentication_classes = api_settings.DEFAULT_AUTHENTICATION_CLASSES

	settings = api_settings

	schema = DefaultSchema()
	
	
	def initialize_request(self, request, *args, **kwargs):
		"""
		Returns the initial request object.
		"""
		parser_context = self.get_parser_context(request)

		return Request(
			request,
			parsers=self.get_parsers(),
			
			# 承接总流程的3.2过程
			authenticators=self.get_authenticators(),  
		)
	 
	 
	# 3.21实例化认证函数并存放到一个列表中
	def get_authenticators(self):
		"""
		Instantiates and returns the list of authenticators that this view can use.
		"""
		return [auth() for auth in self.authentication_classes]
		
	
	# 封装请求头后执行initial函数，版本，认证。。。
	def initial(self, request, *args, **kwargs):
	
		# 5.2认证
		self.perform_authentication(request)
		
		
	# 5.21当后端执行request.user时，调用request的user()函数
	def perform_authentication(self, request):
		"""
		Perform authentication on the incoming request.

		Note that if you override this and simply 'pass', then authentication
		will instead be performed lazily, the first time either
		`request.user` or `request.auth` is accessed.
		"""
		request.user
		
		
	# 5.22封装request.user,request.auth
	@property
	def user(self):
		"""
		Returns the user associated with the current request, as authenticated
		by the authentication classes provided to the request.
		"""
		if not hasattr(self, '_user'):
		
			# 5.23
			with wrap_attributeerrors():
			
				# 5.24
				self._authenticate()
		return self._user
		
	
		
		
	def _authenticate(self):
		"""
		Attempt to authenticate the request using each authentication instance
		in turn.
		"""
		for authenticator in self.authenticators:
			try:
				
				# 5.25，调用认证类中的authenticate函数，自己定义则调用自己的
				user_auth_tuple = authenticator.authenticate(self)
			except exceptions.APIException:
				self._not_authenticated()
				raise
			
			
			# 5.27得到authenticate的返回值user_auth_tuple，封装user，auth
			if user_auth_tuple is not None:
				self._authenticator = authenticator
				self.user, self.auth = user_auth_tuple
				return
		
		
		# 5.28 user，auth 分类
		self._not_authenticated()
		
		
	# 5.26执行认证类中的authenticate函数，自己定义则执行自己的，返回返回值
	def authenticate(self, request):
		"""
		Returns a `User` if a correct username and password have been supplied
		using HTTP Basic authentication.  Otherwise returns `None`.
		"""
		
		# 5.261封装auth
		auth = get_authorization_header(request).split()

		if not auth or auth[0].lower() != b'basic':
			return None

		if len(auth) == 1:
			msg = _('Invalid basic header. No credentials provided.')
			raise exceptions.AuthenticationFailed(msg)
		elif len(auth) > 2:
			msg = _('Invalid basic header. Credentials string should not contain spaces.')
			raise exceptions.AuthenticationFailed(msg)

		try:
			auth_parts = base64.b64decode(auth[1]).decode(HTTP_HEADER_ENCODING).partition(':')
		except (TypeError, UnicodeDecodeError, binascii.Error):
			msg = _('Invalid basic header. Credentials not correctly base64 encoded.')
			raise exceptions.AuthenticationFailed(msg)

		userid, password = auth_parts[0], auth_parts[2]
		
		# 5.262封装user
		return self.authenticate_credentials(userid, password, request)

		
   # 5.29 执行_not_authenticated函数，UNAUTHENTICATED_USER，UNAUTHENTICATED_TOKEN可以自定义
   def _not_authenticated(self):
		"""
		Set authenticator, user & authtoken representing an unauthenticated request.
		设置表示未经身份验证的请求的身份验证器、用户和身份验证器。默认值为"无"、"匿名用户"和"无
		Defaults are None, AnonymousUser & None.
		# Authentication
		'UNAUTHENTICATED_USER': 'django.contrib.auth.models.AnonymousUser',
		'UNAUTHENTICATED_TOKEN': None,
		"""
		self._authenticator = None

		if api_settings.UNAUTHENTICATED_USER:
			self.user = api_settings.UNAUTHENTICATED_USER()
		else:
			self.user = None

		if api_settings.UNAUTHENTICATED_TOKEN:
			self.auth = api_settings.UNAUTHENTICATED_TOKEN()
		else:
			self.auth = None

自定义authenticate方法

from rest_framework.authentication import BaseAuthentication
from api import models
class TokenAuthentication(BaseAuthentication):
	def authenticate(self, request):
		token = request.query_params.get("token")
		print(f'token:{token}')
		if not token:
			return (None, None)
			user_obj = models.UserInfo.objects.filter(token=token).first()
			if user_obj:
			return (user_obj, token)
		return (None, None)

配置文件

REST_FRAMEWORK = {"DEFAULT_AUTHENTICATION_CLASSES": ['myviews.extensions.auth.TokenAuthentication'],}