【DRF框架】认证组件

DRF框架的认证组件

核心代码:       self.perform_authentication(request) 

框架自带模块：    from rest_framework import authentication

认证组件的返回值:request.user

自定义的认证组件的钩子方法authenticator.authenticate(self) ；返回值是元组(user,auth)

from rest_framework import authentication

from rest_framework import authentication


class BaseAuthentication(object):
    def authenticate(self, request):
        # 必须重写该方法，返回元组(user,auth)
        return (user_obj,token)


class BasicAuthentication(BaseAuthentication):


class SessionAuthentication(BaseAuthentication):


class TokenAuthentication(BaseAuthentication):
    

class RemoteUserAuthentication(BaseAuthentication):

基于BaseAuthentication类的认证

# myauth.py


from rest_framework import authentication
from AuthDemo.models import UserTable
from rest_framework.exceptions import AuthenticationFailed      # 用于抛出异常


# 基于BaseAuthentication类的认证
class AuthoDemo(authentication.BaseAuthentication):
    '''验证GET请求是否携带Token'''
    def authenticate(self, request):
        # 通过/user/test/?token="xxx" 获取token
        token = request.query_params.get("token","")
        # 如果token不存在
        if not token:
            # 抛出异常
            raise AuthenticationFailed("token不存在")

        # token存在，验证token
        user_obj = UserTable.objects.filter(token=token).first()
        if user_obj:
            # 验证通过，必须返回元组，(user,token)
            return (user_obj,token)
        # 认证不通过抛出异常
        raise AuthenticationFailed("token错误")

# views.py

from django.shortcuts import render
from rest_framework.views import APIView
from rest_framework.response import Response
from .models import UserTable
import uuid
from utils.myauth import AuthoDemo
from rest_framework import authentication

# Create your views here.

# 注册视图
class RegisterView(APIView):
    def post(self,request):
        # 获取提交的用户名和密码
        username = request.data.get('username')
        password = request.data.get('password')

        # 创建对象
        UserTable.objects.create(username=username,password=password)

        # 返回结果
        return Response("注册成功！")

# 登陆视图
class LoginView(APIView):
    def post(self,request):
        # 获取提交的用户名和密码
        username = request.data.get('username')
        password = request.data.get('password')
        # 验证用户名密码是否正确
        user_obj = UserTable.objects.filter(username=username,password=password).first()
        if user_obj:
            # 验证通过，写入Token并保存
            token = uuid.uuid4()
            user_obj.token = token           # 为对象的token字段写入随机字符串
            user_obj.save()
            # 返回token
            return Response(token)
        else:
            return Response("用户名密码不正确")


# 认证的测试视图
class TestView(APIView):
    authentication_classes = [AuthoDemo,]
    def get(self,request):
        print(request.user)             # 获取用户对象
        print(request.auth)             # 获取token
        print(request.user.username)    # 获取用户对象的名字
        return Response("认证测试接口")

源码流程

# 1、封装request对象
def dispatch(self, request, *args, **kwargs):
    request = self.initialize_request(request, *args, **kwargs)

# 1.1
def initialize_request(self, request, *args, **kwargs):
    parser_context = self.get_parser_context(request)
    return Request(
        request,
        parsers=self.get_parsers(),
        # 返回认证类的实例化对象列表：[auth() for auth in self.authentication_classes]
        authenticators=self.get_authenticators(),
        negotiator=self.get_content_negotiator(),
        parser_context=parser_context
    )


# 1.2
class APIView(View):
    authentication_classes = api_settings.DEFAULT_AUTHENTICATION_CLASSES


from rest_framework import authentication  # 查看自带的认证类


class ApiView(View):
    # 2、认证组件
    self.perform_authentication(request)
    # 权限组件
    self.check_permissions(request)
    # 节流组件
    self.check_throttles(request)
  
    
# 2.1、开始认证
def perform_authentication(self, request):
    request.user


# 2.2、调用Request.user
class Request(object):
    def __init__(self, request, authenticators=None):
        self.authenticators = authenticators or ()

    @property
    def user(self):
        if not hasattr(self, '_user'):
            with wrap_attributeerrors():
                # 2.3、
                self._authenticate()  
        return self._user   


# 2.3、读取认证对象列表
def _authenticate(self):
    for authenticator in self.authenticators:
        try:
            # 对每个进行验证，异常则全部终止，若返回None,则继续循环
            user_auth_tuple = authenticator.authenticate(self)
            
        except exceptions.APIException:
            self._not_authenticated()
            raise

        if user_auth_tuple is not None:
            # 给request赋值user
            self._authenticator = authenticator
            self.user, self.auth = user_auth_tuple
            # 通过直接退出循环
            return
    
    # 全都没有通过则设置匿名用户
    self._not_authenticated()


# 认证类实例
class BasicAuthentication(BaseAuthentication):
    def authenticate(self, request):
        """
        Returns a `User` if a correct username and password have been supplied
        using HTTP Basic authentication.  Otherwise returns `None`.
        """
        pass
        return self.authenticate_credentials(userid, password, request)
        
     def authenticate_credentials(self, userid, password, request=None):
        """
        Authenticate the userid and password against username and password
        with optional request for context.
        """
        user = authenticate(request=request, **credentials)

        if user is None:
            raise exceptions.AuthenticationFailed(_('Invalid username/password.'))

        if not user.is_active:
            raise exceptions.AuthenticationFailed(_('User inactive or deleted.'))
            
        return (user, None)