一般情況下我們Django默認的用戶系統是滿足不了我們的需求的,那么我們會對他做一定的擴展。
rest_framwork_jwt中的token認證,帶過期時間。
1.創建用戶項目
python manage.py users
2.配置用戶項目,添加項目apps,在settings.py中
INSTALLED_APPS = [ ... 'users.apps.UsersConfig', ] # 添加AUTH_USRE_MODEL 替換默認的user AUTH_USER_MODEL = 'users.UserProfile' # 如果說想用全局認證需要在配置文件中添加 # 全局認證from rest_framework.authentication import TokenAuthentication,BasicAuthentication,SessionAuthentication REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( # 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', # 方式一:全局認證,開源jwt 'rest_framework.authentication.BasicAuthentication', 'rest_framework.authentication.SessionAuthentication', # 'rest_framework.authentication.TokenAuthentication', # 方式二:全局認證drf 自帶的 ) } # settings.py文件
3.擴展User model,在models.py文件中
from django.contrib.auth.models import AbstractUser from django.db import models class UserProfile(AbstractUser): """ 用戶 """ name = models.CharField(max_length=30, null=True, blank=True, verbose_name="姓名") birthday = models.DateField(null=True, blank=True, verbose_name="出生年月") gender = models.CharField(max_length=6, choices=(("male", u"男"), ("female", "女")), default="female", verbose_name="性別") mobile = models.CharField(null=True, blank=True, max_length=11, verbose_name="電話") email = models.EmailField(max_length=100, null=True, blank=True, verbose_name="郵箱") class Meta: verbose_name = "用戶" verbose_name_plural = verbose_name def __str__(self): return self.username
4.編寫serializers.py文件
from rest_framework import serializers from users.models import VerifyCode # 此文件在哪里? class VerifyCodeSerializer(serializers.ModelSerializer): class Meta: model = VerifyCode fields = "__all__"
5. 編寫views 動態驗證不同的請求使用不同的驗證
from django.shortcuts import render from rest_framework import mixins, viewsets from rest_framework.views import APIView from users.models import VerifyCode from .serializers import VerifyCodeSerializer # Create your views here. from rest_framework.authentication import TokenAuthentication,BasicAuthentication,SessionAuthentication from rest_framework_jwt.authentication import JSONWebTokenAuthentication
class VerifyCodeListViewSet(mixins.ListModelMixin,mixins.RetrieveModelMixin, viewsets.GenericViewSet): """ 驗證碼列表 """ queryset = VerifyCode.objects.all() serializer_class = VerifyCodeSerializer # authentication_classes = [TokenAuthentication, ] # authentication_classes = [JSONWebTokenAuthentication, ] # JWT 認證 加密,過期時間 def get_authenticators(self): """ Instantiates and returns the list of authenticators that this view can use. # 修改驗證 """ # 動態認證 print(self.authentication_classes) print([JSONWebTokenAuthentication, ]) if self.action_map['get'] == "retrieve": self.authentication_classes = [BasicAuthentication,SessionAuthentication,] elif self.action_map['get'] == "list": self.authentication_classes = [JSONWebTokenAuthentication,] return [auth() for auth in self.authentication_classes] # DRF 自帶的認證 不過期,易發生xss攻擊 # def get_authenticators(self): # """ # Instantiates and returns the list of authenticators that this view can use. # # 修改驗證 # """ # print(self.authentication_classes) # print([JSONWebTokenAuthentication, ]) # if self.action_map['get'] == "retrieve": # self.authentication_classes = [BasicAuthentication,SessionAuthentication,] # elif self.action_map['get'] == "list": # self.authentication_classes = [JSONWebTokenAuthentication,] # return [auth() for auth in self.authentication_classes] def get_queryset(self): # 取出認證信息 print(self.request.auth) # print(self.action) return self.queryset # url """untitled URL Configuration The `urlpatterns` list routes URLs to views. For more information please see: https://docs.djangoproject.com/en/1.10/topics/http/urls/ Examples: Function views 1. Add an import: from my_app import views 2. Add a URL to urlpatterns: url(r'^$', views.home, name='home') Class-based views 1. Add an import: from other_app.views import Home 2. Add a URL to urlpatterns: url(r'^$', Home.as_view(), name='home') Including another URLconf 1. Import the include() function: from django.conf.urls import url, include 2. Add a URL to urlpatterns: url(r'^blog/', include('blog.urls')) """ from rest_framework.authtoken import views from rest_framework_jwt.views import obtain_jwt_token from django.conf.urls import url, include from django.contrib import admin from rest_framework import routers from users.views import VerifyCodeListViewSet router = routers.DefaultRouter() router.register(r'codes', VerifyCodeListViewSet, 'codes') urlpatterns = [ url(r'^admin/', admin.site.urls), url(r'^api-auth/', include('rest_framework.urls')) ] urlpatterns += [ # drf 自帶的 url(r'^api-token-auth/', views.obtain_auth_token), # jwt 認證 url(r'^jwt_auth/', obtain_jwt_token), ] urlpatterns += router.urls # views.py