authentication in Django

Customizing authentication in Django-结合Django的认证机制添加自定义的认证后端


Django有一套自己的认证机制,一般默认设置(在setting.py中)为:

AUTHENTICATION_BACKENDS = ['django.contrib.auth.backends.ModelBackend']

其主要使用了自带的User模型来进行一些验证,我们也可以对User模型进行扩充

Your company may already have an LDAP setup that stores a username and password for every employee. It’d be a hassle for both the network administrator and the users themselves if users had separate accounts in LDAP and the Django-based applications.

如果你们公司应使用了LDAP来存储用户信息并进行验证,那么对于网络管理者或者用户来说分离的LDAP和基于Django的应用中的用户管理都比较麻烦

So, to handle situations like this, the Django authentication system lets you plug in other authentication sources. You can override Django’s default database-based scheme, or you can use the default system in tandem with other systems.

为了应对这种情况,Django认证系统允许你使用其他认证源作为插件,你可以重写Django默认的基于数据库的视图,或者你可以使用多个系统中的默认系统。

对于默认的认证系统我们只需要调用如下:

from django.contrib import auth

。。。

user = auth.authenticate(username = username, password = password)

但是如果我们想要集成其他的认证系统的话要怎么做呢?自定义一个验证后段!

An authentication backend is a class that implements two required methods: get_user(user_id) and authenticate(request, **credentials), as well as a set of optional permission related authorization methods.

一个自定义的认证后段是一个实现了get_user(user_id) and authenticate(request, **credentials)两个必须方法的类,以及一组可选的权限方法。

定制的后段可以是一个辅助程序里的类如下:

class MyBackend:
    def authenticate(self, request, username=None, password=None):
        # Check the username/password and return a user.
        ...

Either way, authenticate() should check the credentials it gets and return a user object that matches those credentials if the credentials are valid. If they’re not valid, it should return None.

而且,authenticate() 应该检查凭证然后返回一个匹配认证的用户对象,如果凭证无效,那么返回应该为None

Here’s an example backend that authenticates against a username and password variable defined in your settings.py file and creates a Django User object the first time a user authenticates:

下面是一个自定义的认证后端,当用户第一次认证的时候创建一个用户对象保存下来:
from django.conf import settings
from django.contrib.auth.hashers import check_password
from django.contrib.auth.models import User

class SettingsBackend:
    """
    Authenticate against the settings ADMIN_LOGIN and ADMIN_PASSWORD.

    Use the login name and a hash of the password. For example:

    ADMIN_LOGIN = 'admin'
    ADMIN_PASSWORD = 'pbkdf2_sha256$30000$Vo0VlMnkR4Bk$qEvtdyZRWTcOsCnI/oQ7fVOu1XAURIZYoOZ3iq8Dr4M='
    """

    def authenticate(self, request, username=None, password=None):
        login_valid = (settings.ADMIN_LOGIN == username)
        pwd_valid = check_password(password, settings.ADMIN_PASSWORD)
        if login_valid and pwd_valid:
            try:
                user = User.objects.get(username=username)
            except User.DoesNotExist:
                # Create a new user. There's no need to set a password
                # because only the password from settings.py is checked.
                user = User(username=username)
                user.is_staff = True
                user.is_superuser = True
                user.save()
            return user
        return None

    def get_user(self, user_id):
        try:
            return User.objects.get(pk=user_id)
        except User.DoesNotExist:
            return None

定义好了自己的认证后段之后我们就可以在setting中加入让它生效了:

UTHENTICATION_BACKENDS = (‘x.x.SettingsBackend’, ‘django.contrib.auth.backends.ModelBackend’)

对于多个认证后端Django会按顺序进行认证,一旦有一个认证通过那么后面的就不会进行认证了,但是(if a backend raises a PermissionDenied exception in has_perm() or has_module_perms(), the authorization will immediately fail and Django won’t check the backends that follow)如果一个认证后端引发了一个权限拒绝的异常,那么认证将立刻失败,剩下的后端认证将不会继续进行下去.

阅读更多
换一批

没有更多推荐了,返回首页