zoukankan      html  css  js  c++  java
  • djoser

    User authentication in Django

    https://docs.djangoproject.com/en/3.2/topics/auth/

    django带有一个用户认证系统,能够处理 用户账户、组、许可、基于cookie的用户会话。

    Django comes with a user authentication system. It handles user accounts, groups, permissions and cookie-based user sessions. This section of the documentation explains how the default implementation works out of the box, as well as how to extend and customize it to suit your project’s needs.

    认证系统处理 认证 和 授权。

    The Django authentication system handles both authentication and authorization. Briefly, authentication verifies a user is who they claim to be, and authorization determines what an authenticated user is allowed to do. Here the term authentication is used to refer to both tasks.

    The auth system consists of:

    • Users
    • Permissions: Binary (yes/no) flags designating whether a user may perform a certain task.
    • Groups: A generic way of applying labels and permissions to more than one user.
    • A configurable password hashing system
    • Forms and view tools for logging in users, or restricting content
    • A pluggable backend system

    认证接口

    https://docs.djangoproject.com/en/3.2/topics/auth/default/#authenticating-users

    仅仅验证 用户名和密码 的合法性

    from django.contrib.auth import authenticate
    user = authenticate(username='john', password='secret')
    if user is not None:
        # A backend authenticated the credentials
    else:
        # No backend authenticated the credentials

    登录接口

    https://docs.djangoproject.com/en/3.2/topics/auth/default/#how-to-log-a-user-in

    登录接口,将用户记入session

    from django.contrib.auth import authenticate, login
    
    def my_view(request):
        username = request.POST['username']
        password = request.POST['password']
        user = authenticate(request, username=username, password=password)
        if user is not None:
            login(request, user)
            # Redirect to a success page.
            ...
        else:
            # Return an 'invalid login' error message.
            ...

    登出接口

    https://docs.djangoproject.com/en/3.2/topics/auth/default/#how-to-log-a-user-out

    从session中销毁

    from django.contrib.auth import logout
    
    def logout_view(request):
        logout(request)
        # Redirect to a success page.

    djoser

    https://djoser.readthedocs.io/en/latest/introduction.html

    django 提供的认证系统, 从函数层面提供接口,对于HTTP接口,还需要用户去封装。

    对于普遍情况,登录逻辑是一致的, 所以djoser库直接提供了 restful HTTP接口。

    REST implementation of Django authentication system. djoser library provides a set of Django Rest Framework views to handle basic actions such as registration, login, logout, password reset and account activation. It works with custom user model.

    Instead of reusing Django code (e.g. PasswordResetForm), we reimplemented few things to fit better into Single Page App architecture.

    Developed by SUNSCRAPERS with passion & patience.

    Supported API

    https://djoser.readthedocs.io/en/latest/getting_started.html

    此库基于DRF.

    Available endpoints

    • /users/
    • /users/me/
    • /users/confirm/
    • /users/resend_activation/
    • /users/set_password/
    • /users/reset_password/
    • /users/reset_password_confirm/
    • /users/set_username/
    • /users/reset_username/
    • /users/reset_username_confirm/
    • /token/login/ (Token Based Authentication)
    • /token/logout/ (Token Based Authentication)
    • /jwt/create/ (JSON Web Token Authentication)
    • /jwt/refresh/ (JSON Web Token Authentication)
    • /jwt/verify/ (JSON Web Token Authentication)

    djoser tutorial

    https://saasitive.com/tutorial/token-based-authentication-django-rest-framework-djoser/#

    • /users/ - to signup a new user,
    • /users/me/ - to get user information,
    • /token/login/ - to get token,
    • /token/logout/ - to logout.

    创建用户

    It is expected because we don’t have any endpoint at /. Please go to http://127.0.0.1:8000/api/v1/users:

    Django page not found error

    Please fill the form at the bottom of the page and click POST. This will create a new user. The email field is not required, you can leave it blank.

    登录

    Please change the url to http://127.0.0.1:8000/api/v1/token/login:

    DRF login

    Please fill the form at the bottom and click POST. You should see a screen like below:

    DRF token

    使用ModHeader添加 Authorization:Token xxxxxxxxxx 报文头

    The browsable DRF API doesn’t support authorization with token, so there are 2 ways to enable it:

    • add session based authentication for testing (I don’t like it),
    • add free browser plugin to inject token in request’s header (that’s my option).

    I’m using free ModHeader plugin. It is availble for many browsers (Chrome, Firefox, Opera, Edge).

    Set token in ModHeader

    Notice: You need to set a token in the form Token dd7cfbff8525727b267411c692d08ee34478f2af - there is no colon here!

    After setting the token in the header please just refresh the website.

    DRF login

    登出

    Please go to http://127.0.0.1:8000/api/v1/token/logout to logout. You should click POST button to logout.

    出处:http://www.cnblogs.com/lightsong/ 本文版权归作者和博客园共有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文连接。
  • 相关阅读:
    Linux文件管理详解
    Linux用户管理详解
    Error: No suitable device found: no device found for connection "System eth0" 解决方法
    Linux配置网络详解
    万能的数据传输格式XML入门教程
    【万能的数据传输格式XML入门教程】八、Xpath查询语言
    【万能的数据传输格式XML入门教程】七、SimpleXML模型(查询操作)
    h5标签兼容
    vue 常用指令
    echarts3更新
  • 原文地址:https://www.cnblogs.com/lightsong/p/15490299.html
Copyright © 2011-2022 走看看