DRF认证组件

1.DRF认证组件之视图注册用法(自定义简单使用)

  settings.py配置  

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'app01.apps.App01Config',
    'rest_framework',
]
seetings.py

  urls.py:  

from django.conf.urls import url
from django.contrib import admin
from app01 import views
 
urlpatterns = [
    url(r'^admin/', admin.site.urls),
    url(r'^book/', views.CourseView.as_view(),name='courses'),
]
urls.py

  veiws.py

from django.shortcuts import render, HttpResponse
from rest_framework.views import APIView
from rest_framework import exceptions
# Create your views here.
 
 
#实例url:http://127.0.0.1:8000/book/?token=1
class MyAuth(object):
    def authenticate(self, request):
        # 该示例认证是需要在请求的url加上参数token(实际直接是校验用户名或密码或者登陆标识等)
        token = request._request.GET.get('token')
        if not token:
            raise exceptions.AuthenticationFailed('未认证用户!!!')
        return ('认证通过的request.user', 'request.auth')  # 认证函数执行结果如果通过则为元组,元组第一个元素封装在为request.user,第二个参数封装在request.auth中
 
    def authenticate_header(self, request):
        pass
 
 
class CourseView(APIView):
    # 认证组件
    authentication_classes = [MyAuth, ]
 
    def get(self, request):
        print(request.user)#request.user在APIViewD的dispatch中进行封装的
        return HttpResponse('GET')
 
    def post(self, request):
        return HttpResponse('POST')
 
    def put(self, request):
        return HttpResponse('PUT')
 
    def patch(self, request):
        return HttpResponse('PATCH')
 
    def delete(self, request):
        return HttpResponse('DELETE')
veiws.py

 

2.DRF认证组件的使用(局部和全局) 

方式一:局部配置---视图类中添加类变量    authentication_classes=[MyAuth,]---(认证类列表)

  

  settings.py配置见上(注册rest_framework应用)   

  models.py  

from django.db import models
 
 
# Create your models here
 
class UserInfo(models.Model):
    """
    用户表
    """
    user_type_choices = [
        (1, '普通用户'),
        (2, 'VIP用户'),
        (3, 'SVIP用户'),
    ]
    user_type = models.IntegerField(choices=user_type_choices)
    username = models.CharField(max_length=10, unique=True)
    password = models.CharField(max_length=12, null=False)
 
 
class UserToken(models.Model):
    """
    token表
    """
 
    user = models.OneToOneField(to='UserInfo')
    token = models.CharField(max_length=64)
    create_time = models.DateTimeField(auto_now=True)
 
 
class Book(models.Model):
    name = models.CharField(max_length=12)
models.py

  urls.py  

from django.conf.urls import url
from django.contrib import admin
from app01 import views
 
urlpatterns = [
    url(r'^admin/', admin.site.urls),
    url(r'^api/v1/login', views.AuthView.as_view()),
    url(r'^book/', views.CourseView.as_view(),name='courses'),
]
urls.py

  views.py  

from django.shortcuts import render, HttpResponse
from rest_framework.views import APIView
from rest_framework import exceptions
from app01 import models
from django.http import JsonResponse
 
 
# Create your views here.
 
 
# 实例url:http://127.0.0.1:8000/book/?token=1
#认证类,每个类使用都需要加上类变量参数authentication_classes = [MyAuth, ]
class MyAuth(object):
    def authenticate(self, request):
        # 该示例认证是需要在请求的url加上参数token(实际直接是校验用户名或密码或者登陆标识等)
        token = request._request.GET.get('token')
        token_obj = models.UserToken.objects.get(token=token)
        if not token_obj:
            raise exceptions.AuthenticationFailed('未认证用户!!!')
        return (token_obj.user, 'request.auth')  # 认证函数执行结果如果通过则为元组,元组第一个元素封装在为request.user,第二个元素封装为request.auth
 
    def authenticate_header(self, request):
        pass
 
 
class CourseView(APIView):
    # (1)认证组件
    authentication_classes = [MyAuth, ]
 
    def get(self, request):
        print(request.user)  # request.user在认证组件中进行封装的
        return HttpResponse('GET')
 
    def post(self, request):
        return HttpResponse('POST')
 
    def put(self, request):
        return HttpResponse('PUT')
 
    def patch(self, request):
        return HttpResponse('PATCH')
 
    def delete(self, request):
        return HttpResponse('DELETE')
 
 
import time
import hashlib
 
 
def token_md5(username):
    """
    自定义token
    :param username: 
    :return: 
    """
    t = time.time()
    md5 = hashlib.md5(str(t).encode('utf-8'))
    md5.update(username.encode('utf-8'))
    return md5.hexdigest()
 
 
class AuthView(APIView):
 
    def post(self, request):
        """
        用户登录
        :param request:进行封装之后的request对象
        :return: 登录结果信息
        """
        ret = {'code': 0, 'msg': ''}
        print(request._request.POST)
        username = request._request.POST.get('username', None)
        password = request._request.POST.get('password', None)
 
        # 每次登陆如果有就更新没有就创建
        try:
            user_obj = models.UserInfo.objects.filter(username=username, password=password).first()
            if user_obj:
                token = token_md5(username)
                print(token)
                # 每次登陆如果有就更新没有就创建
                models.UserToken.objects.update_or_create(user=user_obj, defaults={'token': token})
                ret['msg'] = '登陆成功!'
                ret['token'] = token
            else:
                ret['code'] = 1
                ret['msg'] = '账号或密码有误!!!'
 
        except Exception as e:
            ret['code'] = 2
            ret['msg'] = '未知错误!!!'
        finally:
            return JsonResponse(ret)
views.py

 

 

方式二:全局配置----settings.py配置文件中加载REST_FRAMEWORK配置

  

 

 

 

  settings.py  

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'app01.apps.App01Config',
    'rest_framework',
]
 
REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES' : ['app01.utils.auth.MyAuth',],#可以自定义多个认证类
    'UNAUTHENTICATED_USER':lambda :'匿名用户request.user自定义值',#request.user有默认值,可以直接写None
    'UNAUTHENTICATED_TOKEN':lambda :'request.auth自定义值',#request.auth有默认值,可以直接写None
}
seetings.py

  utils--auth.py--MyAuth认证类  

from rest_framework import exceptions
from app01 import models
 
class MyAuth(object):
    def authenticate(self, request):
        # 该示例认证是需要在请求的url加上参数token(实际直接是校验用户名或密码或者登陆标识等)
        token = request._request.GET.get('token')
        token_obj = models.UserToken.objects.get(token=token)
        if not token_obj:
            raise exceptions.AuthenticationFailed('未认证用户!!!')
        return (token_obj.user, 'request.auth')  # 认证函数执行结果如果通过则为元组,元组第一个元素封装在为request.user,第二个元素封装为request.auth
 
    def authenticate_header(self, request):
        pass
View Code

  models.py

from django.db import models
 
 
# Create your models here
 
class UserInfo(models.Model):
    """
    用户表
    """
    user_type_choices = [
        (1, '普通用户'),
        (2, 'VIP用户'),
        (3, 'SVIP用户'),
    ]
    user_type = models.IntegerField(choices=user_type_choices)
    username = models.CharField(max_length=10, unique=True)
    password = models.CharField(max_length=12, null=False)
 
 
class UserToken(models.Model):
    """
    token表
    """
 
    user = models.OneToOneField(to='UserInfo')
    token = models.CharField(max_length=64)
    create_time = models.DateTimeField(auto_now=True)
 
 
class Book(models.Model):
    name = models.CharField(max_length=12)
models.py

  urls.py  

from django.conf.urls import url
from django.contrib import admin
from app01 import views
 
urlpatterns = [
    url(r'^admin/', admin.site.urls),
    url(r'^api/v1/login', views.AuthView.as_view()),
    url(r'^book/', views.CourseView.as_view(),name='courses'),
]
urls.py

  views.py  

from django.shortcuts import render, HttpResponse
from rest_framework.views import APIView
from rest_framework import exceptions
from app01 import models
from django.http import JsonResponse
 
# 实例url:http://127.0.0.1:8000/book/?token=1
class CourseView(APIView):
    # (1)认证组件
    authentication_classes = [MyAuth, ]
 
    def get(self, request):
        print(request.user)  #request.user在APIViewD的dispatch中进行封装的
        return HttpResponse('GET')
 
    def post(self, request):
        return HttpResponse('POST')
 
    def put(self, request):
        return HttpResponse('PUT')
 
    def patch(self, request):
        return HttpResponse('PATCH')
 
    def delete(self, request):
        return HttpResponse('DELETE')
 
 
import time
import hashlib
 
 
def token_md5(username):
    """
    自定义token
    :param username:
    :return:
    """
    t = time.time()
    md5 = hashlib.md5(str(t).encode('utf-8'))
    md5.update(username.encode('utf-8'))
    return md5.hexdigest()
 
 
class AuthView(APIView):
    #如果不注册自定义组件,走默认的认证,最后返回了request.user和request.auth都是匿名用户默认值,可以在settings.py中加载自定义配置
    def post(self, request):
        """
        用户登录
        :param request:进行封装之后的request对象
        :return: 登录结果信息
        """
        ret = {'code': 0, 'msg': ''}
        print(request._request.POST)
        username = request._request.POST.get('username', None)
        password = request._request.POST.get('password', None)
 
        # 每次登陆如果有就更新没有就创建
        try:
            user_obj = models.UserInfo.objects.filter(username=username, password=password).first()
            if user_obj:
                token = token_md5(username)
                print(token)
                # 每次登陆如果有就更新没有就创建
                models.UserToken.objects.update_or_create(user=user_obj, defaults={'token': token})
                ret['msg'] = '登陆成功!'
                ret['token'] = token
            else:
                ret['code'] = 1
                ret['msg'] = '账号或密码有误!!!'
 
        except Exception as e:
            ret['code'] = 2
            ret['msg'] = '未知错误!!!'
        finally:
            return JsonResponse(ret)
views.py

 

 

 

3.DRF认证组件的继承类(常用)

  

  utils--auth.py--MyAuth认证类  

from rest_framework import exceptions
from app01 import models
 
from rest_framework.authentication import BaseAuthentication,BasicAuthentication
 
# 实例url:http://127.0.0.1:8000/book/?token=1
#认证类(可以定义多个):
    # 方式一:每个类使用都需要加上类变量参数authentication_classes = [MyAuth, ]
    #方式二:在setings.py配置中加载REST_FRAMEWORK配置----'DEFAULT_AUTHENTICATION_CLASSES' : [],
   
# class MyAuth(object):
class MyAuth(BaseAuthentication):#可以直接继承BaseAuthentication类,可以省略authenticate_header方法,或者继承BasicAuthentication
    def authenticate(self, request):
        # 该示例认证是需要在请求的url加上参数token(实际直接是校验用户名或密码或者登陆标识等)
        token = request._request.GET.get('token')
        token_obj = models.UserToken.objects.get(token=token)
        if not token_obj:
            raise exceptions.AuthenticationFailed('未认证用户!!!')
        return (token_obj.user', 'request.auth')  # 认证函数执行结果如果通过则为元组,元组第一个元素封装在为request.user
 
    # def authenticate_header(self, request):
    #     pass
utils--auth.py--MyAuth认证类

  settings.py 

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'app01.apps.App01Config',
    'rest_framework',
]
 
REST_FRAMEWORK = {
#认证组件
    'DEFAULT_AUTHENTICATION_CLASSES' : ['app01.utils.auth.MyAuth',],#可以自定义多个认证类
    'UNAUTHENTICATED_USER':lambda :'匿名用户request.user自定义值',#request.user有默认值,可以直接写None
    'UNAUTHENTICATED_TOKEN':lambda :'request.auth自定义值',#request.auth有默认值,可以直接写None
}
seetings.py

 

posted @ 2019-09-23 16:23  笑得好美  阅读(270)  评论(0编辑  收藏  举报