在drf中添加django自带的用户认证来鉴权用户
- drf中需要先建自定的has_permission
- 将这个鉴权类引入到所需项目的viewset中
- 将django自带的auth,User体系功能代码引入到自定义鉴权中
在url中定义三个用户鉴权方法路由(注册,登录,退出登录)
urlpatterns = [
path('drf/', include(router.urls)),
path('login/', user_login.login),
path('register/', user_login.register),
path('sign_out/', user_login.sign_out)
]
views中添加对应的函数,使用的是django自带的auth,User模块
from django.http import JsonResponse
from django.shortcuts import render
from django.shortcuts import render, HttpResponse, redirect
from rest_framework.exceptions import AuthenticationFailed
from rest_framework.permissions import BasePermission
from rest_framework.authentication import BaseAuthentication
from django.contrib.auth.models import User
from django.contrib import auth
from django.contrib.auth.decorators import login_required
# 登录模块
def login(request):
if request.method == "POST":
username = request.POST.get('username')
password = request.POST.get('password')
user = auth.authenticate(request, username=username, password=password)
if user and user.is_active:
# remember 是否记住登录状态 ture false
# if remember:
# request.session.set_expiry(None)
# else:
# request.session.set_expiry(0)
auth.login(request, user)
return JsonResponse({"status": "ok"})
return render(request, 'login.html')
# 注册用户
def register(request):
if request.method == "POST":
username = request.POST.get('username')
password = request.POST.get('password')
User.objects.create_user(username=username, password=password)
return JsonResponse({"status": "ok"})
return render(request, 'register.html')
# 登出模块
def sign_out(request):
auth.logout(request)
return JsonResponse({"status": "ok"})
<!DOCTYPE html>
<html lang="en">
<body>
<h1>欢迎登录!</h1>
<form action="/login/" method="post">
{% csrf_token %}
<p>
用户名:
<input type="text" name="username">
</p>
<p>
密码:
<input type="text" name="password">
</p>
<p>
<input type="submit" value="登录">
</p>
<hr>
</form>
</body>
</html>
这样做之后,有些不放入viewset中的视图函数也可以直接使用django自带的验证装饰器@login_required(login_url="/login/")来进行直接的验证
接下来制作drf鉴权类,使用自定类的方式继承has_permission
# 将验证加入到drf中实现局部自定义
class AdminPermission(BasePermission):
def has_permission(self, request, view):
user = request.user
if user.username:
return True
else:
raise AuthenticationFailed('login-error')
# viewset
class testviewset(viewsets.ModelViewSet):
permission_classes = [AllowAny, AdminPermission]
在使用login后浏览器中会记录当前登录用户的sessionid,还请求的时候头部添加此cookie即可