文章目录
Django组件-auth用户认证组件
from django.contrib import auth
create之间的区别
创建数据库auth_user
表的对象时:
from django.contrib.auth.models import User
user = User.objects.create_user(username='admin',password='1234',email='xx@123.com')
-
create:
创建一个普通用户,密码是明文的.
-
create_user:
创建一个普通用户,密码是密文的.
-
create_superuser:
创建一个超级用户,密码是密文的,要多传一个email参数.
authenticate()方法
两个参数,分别是用户名username
和 密码password
,拿到参数后,去数据库过滤,有值,就返回 User 对象,没有返回None
。必须通过authenticate
方法取得表对象,直接通过数据库取对象时会报错。
from django.contrib.auth import authenticate, login
...
user = authenticate(username='admin',password='1234')
login(HttpRequest, user)方法
-
两个参数,分别是
reques
, auth_user表的对象(上一条返回的对象)user
. -
设置
session
信息 -
request.user = user
.
from django.contrib.auth import authenticate, login
def my_view(request):
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user is not None:
login(request, user)
# Redirect to a success page.
path = request.GET.get("next") or "/index/"
print(path)
return redirect(path)
else:
# Return an 'invalid login' error message.
return redirect("/login/")
logout(HttpRequest) 方法
-
一个参数, 是
request
,无返回值。 -
清空
session
信息 -
将
request.user
赋值成匿名用户.
def logout(request):
# request.session.flush()
auth.logout(request)
return redirect("/login/")
is_authenticated属性
user
对象的is_authenticated
。当前用户是否登录状态,如果是真正的 User 对象,返回值恒为 True
。
# 自己写的装饰器
def login_required(func):
def inner(request, *args, **kwargs):
if not request.user.is_authenticated: # 没有登录成功
path = request.path
return redirect('/login/?next=%s' % path)
ret = func(request, *args, **kwargs)
return ret
return inner
login_required装饰器(Django自带的)
from django.contrib.auth.decorators import login_required
@login_required
def my_view(request):
...
check_password(passwd)验证密码
用户需要修改密码的时候 首先要让他输入原来的密码 ,如果给定的字符串通过了密码检查,返回 True
set_password() 设置密码
user = User.objects.get(username='admin')
user.set_password(password='5678')
user.save()
- 通过旧密码验证修改密码:
@login_required
def set_password(request):
user = request.user
state = None
if request.method == 'POST':
old_password = request.POST.get('old_password', '')
new_password = request.POST.get('new_password', '')
repeat_password = request.POST.get('repeat_password', '')
if user.check_password(old_password):
if not new_password:
state = 'empty'
elif new_password != repeat_password:
state = 'repeat_error'
else:
user.set_password(new_password)
user.save()
return redirect("/log_in/")
else:
state = 'password_error'
content = {
'user': user,
'state': state,
}
return render(request, 'set_password.html', content)
- 注册
def sign_up(request):
state = None
if request.method == 'POST':
password = request.POST.get('password', '')
repeat_password = request.POST.get('repeat_password', '')
email=request.POST.get('email', '')
username = request.POST.get('username', '')
if User.objects.filter(username=username):
state = 'user_exist'
else:
new_user = User.objects.create_user(username=username, password=password,email=email)
new_user.save()
return redirect('/book/')
content = {
'state': state,
'user': None,
}
return render(request, 'sign_up.html', content)