[django_vue3_admin]框架单独编写登录接口
在根据 'dvadmin/login.py'的
class LoginSerializer(TokenObtainPairSerializer):
1 class LoginSerializer(TokenObtainPairSerializer): 2 """ 3 登录的序列化器: 4 重写djangorestframework-simplejwt的序列化器 5 """ 6 captcha = serializers.CharField( 7 max_length=6, required=False, allow_null=True, allow_blank=True 8 ) 9 10 class Meta: 11 model = Users 12 fields = "__all__" 13 read_only_fields = ["id"] 14 15 default_error_messages = {"no_active_account": _("账号/密码错误")} 16 17 def validate(self, attrs): 18 captcha = self.initial_data.get("captcha", None) 19 if dispatch.get_system_config_values("base.captcha_state"): 20 if captcha is None: 21 raise CustomValidationError("验证码不能为空") 22 self.image_code = CaptchaStore.objects.filter( 23 id=self.initial_data["captchaKey"] 24 ).first() 25 five_minute_ago = datetime.now() - timedelta(hours=0, minutes=5, seconds=0) 26 if self.image_code and five_minute_ago > self.image_code.expiration: 27 self.image_code and self.image_code.delete() 28 raise CustomValidationError("验证码过期") 29 else: 30 if self.image_code and ( 31 self.image_code.response == captcha 32 or self.image_code.challenge == captcha 33 ): 34 self.image_code and self.image_code.delete() 35 else: 36 self.image_code and self.image_code.delete() 37 raise CustomValidationError("图片验证码错误") 38 try: 39 user = Users.objects.get( 40 Q(username=attrs['username']) | Q(email=attrs['username']) | Q(mobile=attrs['username'])) 41 except Users.DoesNotExist: 42 raise CustomValidationError("您登录的账号不存在") 43 except Users.MultipleObjectsReturned: 44 raise CustomValidationError("您登录的账号存在多个,请联系管理员检查登录账号唯一性") 45 if not user.is_active: 46 raise CustomValidationError("账号已被锁定,联系管理员解锁") 47 try: 48 # 必须重置用户名为username,否则使用邮箱手机号登录会提示密码错误 49 attrs['username'] = user.username 50 data = super().validate(attrs) 51 data["username"] = self.user.username 52 data["name"] = self.user.name 53 data["userId"] = self.user.id 54 data["avatar"] = self.user.avatar 55 data['user_type'] = self.user.user_type 56 data['pwd_change_count'] = self.user.pwd_change_count 57 dept = getattr(self.user, 'dept', None) 58 if dept: 59 data['dept_info'] = { 60 'dept_id': dept.id, 61 'dept_name': dept.name, 62 } 63 role = getattr(self.user, 'role', None) 64 if role: 65 data['role_info'] = role.values('id', 'name', 'key') 66 request = self.context.get("request") 67 request.user = self.user 68 # 记录登录日志 69 save_login_log(request=request) 70 user.login_error_count = 0 71 user.save() 72 return {"code": 2000, "msg": "请求成功", "data": data} 73 except Exception as e: 74 user.login_error_count += 1 75 if user.login_error_count >= 5: 76 user.is_active = False 77 user.save() 78 raise CustomValidationError("账号已被锁定,联系管理员解锁") 79 user.save() 80 count = 5 - user.login_error_count 81 raise CustomValidationError(f"账号/密码错误;重试{count}次后将被锁定~")
类进行复写。
以这个相同代码去掉验证码验证部分后,测试过程一直出现 “账号/密码错误”问题
经检查,该错误由
data = super().validate(attrs)
代码报出错误,经排查错误原因是密码验证问题;
【错误原因】
在该框架下,前端进行登录验证时,传递的密码在传递之前经过了一层md5加密
具体代码在 "login/component/account.vue"
const loginClick = async () => {
if (!formRef.value) return
await formRef.value.validate((valid: any) => {
if (valid) {
loginApi.login({ ...state.ruleForm, password: Md5.hashStr(state.ruleForm.password) }).then((res: any) => {
if (res.code === 2000) {
const {data} = res
Cookies.set('username', res.data.username);
Session.set('token', res.data.access);
useUserInfo().setPwdChangeCount(data.pwd_change_count)
if(data.pwd_change_count==0){
return router.push('/login');
}
在本地进行加密后继续测试,成功:
浙公网安备 33010602011771号