一、认证已封装好的类
from rest_framework.authentication import BaseAuthentication
class BaseAuthentication(object):
def authenticate(self, request):
#三种返回结果
1、 return (user,auth) #当前认证处理后,认证环节结束,不在执行后面的认证了
2、 return None #不处理,让后面认证处理
3、 raise raise #exceptions.AuthenticationFailed("用户认证失败")
def authenticate_header(self, request):
# 验证失败时,返回的响应头WWW-Authenticate对应的值
pass
class BasicAuthentication(BaseAuthentication):
'请求头认证'
pass
class SessionAuthentication(BaseAuthentication):
'session认证'
pass
class TokenAuthentication(BaseAuthentication):
'token认证,'
pass
二、权限已封装好的类
from rest_framework.permissions import BasePermission
class BasePermission(object):
message = "权限验证失败" #定制验证的错误信息
def has_permission(self, request, view):
'判断是否有权限访问当前请求'
return True #/ False
# GenericAPIView中get_object时调用
def has_object_permission(self, request, view, obj):
'视图继承GenericAPIView,并在其中使用get_object时获取对象时,触发单独对象权限验证'
return True # / False
class AllowAny(BasePermission):
'任何人都能访问,和没设置一样'
def has_permission(self, request, view):
return True
class IsAuthenticated(BasePermission):
'登录后,才能访问'
def has_permission(self, request, view):
return request.user and request.user.is_authenticated
class IsAdminUser(BasePermission):
'只允许,admin用户访问'
class IsAuthenticatedOrReadOnly(BasePermission):
'登录后,请求方式允许(get , put) 才能访问 '
class DjangoModelPermissions(BasePermission):
'不清楚'
1、def authenticate_header(self, request): #作用
生成这样的登录界面(浏览器自带的登录界面)
三、认证示例展示
============*****============
1、用户url传入的token认证 #局部 或 全局类使用
2、请求头认证
3. 多个认证规则
4.认证和权限
============*****============
1、用户url传入的token认证
in url.py
from django.conf.urls import url, include
from web.viewsimport TestView
urlpatterns = [
url(r'^test/', TestView.as_view()),
]
in view.py
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework.authentication import BaseAuthentication
from rest_framework.request import Request
from rest_framework import exceptions
token_list = [
'sfsfss123kuf3j123',
'asijnfowerkkf9812',
]
class TestAuthentication(BaseAuthentication):
def authenticate(self, request):
"""
用户认证,如果验证成功后返回元组: (用户,用户Token)
:param request:
:return:
None,表示跳过该验证;
如果跳过了所有