官方文档:http://psa.matiasaguirre.net/docs/pipeline.html#authentication-pipeline
管道机制是开发者在开发身份认证,连接和断开连接等模块时能够用到的机制
每个管道接口返回类型为dict或者None,任何其他的返回类型会被当作response返回给client。
返回类型为None会被当作{},即空的字典,返回类型为dict时会被加入到kwargs参数中传给下一个管道
authentication pipline(身份认证管道)
( # Get the information we can about the user and return it in a simple # format to create the user instance later. On some cases the details are # already part of the auth response from the provider, but sometimes this # could hit a provider API. 'social.pipeline.social_auth.social_details', # Get the social uid from whichever service we're authing thru. The uid is # the unique identifier of the given user in the provider.
# 给予一个uid,这个uid在提供者(例如github)中是唯一的 'social.pipeline.social_auth.social_uid', # Verifies that the current auth process is valid within the current # project, this is were emails and domains whitelists are applied (if # defined).
# 证实当前的账户是有效的,意思是email以及域名是在白名单中。 'social.pipeline.social_auth.auth_allowed', # Checks if the current social-account is already associated in the site.
# 查看当前的账户是否已经在该网站中 'social.pipeline.social_auth.social_user', # Make up a username for this person, appends a random string at the end if # there's any collision.
# 生成一个username,如果有冲突的话在后面附加一个随机的字符串 'social.pipeline.user.get_username', # Send a validation email to the user to verify its email address. # Disabled by default.
# 发送一个有效的email给user来确认他的email # 'social.pipeline.mail.mail_validation', # Associates the current social details with another user account with # a similar email address. Disabled by default.
# # 'social.pipeline.social_auth.associate_by_email', # Create a user account if we haven't found one yet.
# 如果没有建立一个user账号,它就创建一个user账号 'social.pipeline.user.create_user', # Create the record that associated the social account with this user.
# 创建一个与social account相关的记录 'social.pipeline.social_auth.associate_user', # 前提:已经对用户进行了身份验证
# Populate the extra_data field in the social record with the values # specified by settings (and the default ones like access_token, etc).
# 设置额外的数据在这个social记录中,数据的值在settings中制定 'social.pipeline.social_auth.load_extra_data', # 前提:已经对用户进行了身份验证
# Update the user record with any changed info from the auth service.
# 如果从auth service获得的用户信息有任何的改变则更新用户记录 'social.pipeline.user.user_details', # 前提:已经对用户进行了身份验证
'myapp.pipeline.load_user' # 前提:已经对用户进行了身份验证
)
每个管道函数接受以下参数:
- Current strategy (which gives access to current store, backend and request)
- User ID given by authentication provider
- User details given by authentication provider
is_new
flag (initialized asFalse
)- Any arguments passed to
auth_complete
backend method, default views pass these arguments: - current logged in user (if it’s logged in, otherwiseNone
) - current request
disconnection pipline (断开连接的管道)
Like the authentication pipeline, it’s possible to define a disconnection pipeline if needed.
For example, this can be useful on sites where a user that disconnects all the related social account is required to fill a password to ensure the authentication process in the future. This can be accomplished by overriding the default disconnection pipeline and setup a function that checks if the user has a password, in case it doesn’t a redirect to a fill-your-password form can be returned and later continue the disconnection process, take into account that disconnection ensures the POST method by default, a simple method to ensure this, is to make your form POST to /disconnect/
and set the needed password in your pipeline function. Check Partial Pipelinebelow.
In order to override the disconnection pipeline, just define the setting:
SOCIAL_AUTH_DISCONNECT_PIPELINE = (
# Verifies that the social association can be disconnected from the current
# user (ensure that the user login mechanism is not compromised by this
# disconnection).
'social.pipeline.disconnect.allowed_to_disconnect',
# Collects the social associations to disconnect.
'social.pipeline.disconnect.get_entries',
# Revoke any access_token when possible.
'social.pipeline.disconnect.revoke_tokens',
# Removes the social associations.
'social.pipeline.disconnect.disconnect'
)
Partial Pipeline
It’s possible to cut the pipeline process to return to the user asking for more data and resume the process later. To accomplish this decorate the function that will cut the process with the @partial
decorator located at social/pipeline/partial.py
.
The old social.pipeline.partial.save_status_to_session
is now deprecated.
When it’s time to resume the process just redirect the user to /complete/<backend>/
or /disconnect/<backend>/
view. The pipeline will resume in the same function that cut the process.
@partial
and save_status_to_session
stores needed data into user session under the key partial_pipeline
. To get the backend in order to redirect to any social view, just do:
backend = session['partial_pipeline']['backend']
Check the example applications to check a basic usage.