Customizing authentication in Django-结合Django的认证机制添加自定义的认证后端
Django有一套自己的认证机制,一般默认设置(在setting.py中)为:
AUTHENTICATION_BACKENDS = ['django.contrib.auth.backends.ModelBackend']
其主要使用了自带的User模型来进行一些验证,我们也可以对User模型进行扩充
Your company may already have an LDAP setup that stores a username and password for every employee. It’d be a hassle for both the network administrator and the users themselves if users had separate accounts in LDAP and the Django-based applications.
如果你们公司应使用了LDAP来存储用户信息并进行验证,那么对于网络管理者或者用户来说分离的LDAP和基于Django的应用中的用户管理都比较麻烦
So, to handle situations like this, the Django authentication system lets you plug in other authentication sources. You can override Django’s default database-based scheme, or you can use the default system in tandem with other systems.
为了应对这种情况,Django认证系统允许你使用其他认证源作为插件,你可以重写Django默认的基于数据库的视图,或者你可以使用多个系统中的默认系统。
对于默认的认证系统我们只需要调用如下:
from django.contrib import auth
。。。
user = auth.authenticate(username = username, password = password)
但是如果我们想要集成其他的认证系统的话要怎么做呢?自定义一个验证后段!
An authentication backend is a class that implements two required methods: get_user(user_id) and authenticate(request, **credentials), as well as a set of optional permission related authorization methods.
一个自定义的认证后段是一个实现了get_user(user_id) and authenticate(request, **credentials)两个必须方法的类,以及一组可选的权限方法。
定制的后段可以是一个辅助程序里的类如下:
class MyBackend:
def authenticate(self, request, username=None, password=None):
# Check the username/password and return a user.
...
Either way, authenticate() should check the credentials it gets and return a user object that matches those credentials if the credentials are valid. If they’re not valid, it should return None.
而且,authenticate() 应该检查凭证然后返回一个匹配认证的用户对象,如果凭证无效,那么返回应该为None
Here’s an example backend that authenticates against a username and password variable defined in your settings.py file and creates a Django User object the first time a user authenticates:
下面是一个自定义的认证后端,当用户第一次认证的时候创建一个用户对象保存下来:
from django.conf import settings
from django.contrib.auth.hashers import check_password
from django.contrib.auth.models import User
class SettingsBackend:
"""
Authenticate against the settings ADMIN_LOGIN and ADMIN_PASSWORD.
Use the login name and a hash of the password. For example:
ADMIN_LOGIN = 'admin'
ADMIN_PASSWORD = 'pbkdf2_sha256$30000$Vo0VlMnkR4Bk$qEvtdyZRWTcOsCnI/oQ7fVOu1XAURIZYoOZ3iq8Dr4M='
"""
def authenticate(self, request, username=None, password=None):
login_valid = (settings.ADMIN_LOGIN == username)
pwd_valid = check_password(password, settings.ADMIN_PASSWORD)
if login_valid and pwd_valid:
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
# Create a new user. There's no need to set a password
# because only the password from settings.py is checked.
user = User(username=username)
user.is_staff = True
user.is_superuser = True
user.save()
return user
return None
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
定义好了自己的认证后段之后我们就可以在setting中加入让它生效了:
UTHENTICATION_BACKENDS = (‘x.x.SettingsBackend’, ‘django.contrib.auth.backends.ModelBackend’)
对于多个认证后端Django会按顺序进行认证,一旦有一个认证通过那么后面的就不会进行认证了,但是(if a backend raises a PermissionDenied exception in has_perm() or has_module_perms(), the authorization will immediately fail and Django won’t check the backends that follow)如果一个认证后端引发了一个权限拒绝的异常,那么认证将立刻失败,剩下的后端认证将不会继续进行下去.