Auth用户认证组件

用户认证组件:

　　功能：用session记录登录验证状态

　　前提：用户表：django自带的auth-user

python3 manage.py createsuperuser #创建超级用户

 补充匿名用户：

API:
    from  django.contrib import auth :
        1. #if 验证成功返回user对象，否则返回None
        user = auth.authenticate(username=user,password=pwd)
        2. auth.login(request,user) #request.user 当前登录对象
        3. auth.login(request)
        from django.contrib.auth.models import User #User == auth_user
        4. request.user.is_authenticated
        5.user = User.objects.create_user(username='',password='',email='')

    补充：
        匿名用户对象：
            匿名用户
            class models.AnonymousUser

            django.contrib.auth.models.AnonymousUser #这个类实现了django.contrib.auth.models.User
            借口，但是又几点不同：
            id永远是None
            username永远为空字符串
            get_username()永远返回空字符串
            is_staff和is_superuser永远是False
            is_active永远是False
            groups和user_permissions永远为空
            is_annonymous()返回True 而不是False
            is_authenticated()返回时False，而不是True
            set_password()、check_password()、save()和delete()引发NotImplementedError。
            New in Django 1.8:
            新增 AnonymouseUser.get_username()以更好的模拟django.contrib.auth.moudels.User
总结：
　　if not :auth.login(request,user)　　request.user = AnonymousUser()
　　else:request.user==登录对象
　　request.user是一个全局变量

 views.py

from django.shortcuts import render, redirect

# Create your views here.

from django.contrib import auth
from django.contrib.auth.models import User
from django.contrib.auth.decorators import login_required


def login(request):
    if request.method == 'POST':
        # 取得账号密码，验证用户对象
        user = request.POST.get("user")
        pwd = request.POST.get("pwd")
        # if验证成功返回user对象，否则返回NONE
        user = auth.authenticate(username=user, password=pwd)
        if user:
            auth.login(request, user)  # request.user：当前登录对象
            next_url = request.GET.get("next", "/index/")
            return redirect(next_url)
    return render(request, "login.html")


# 登录验证装饰器
@login_required
def index(request):
    # 打印匿名用户信息
    # print("request.user:",request.user.username)
    # print("request.user:",request.user.id)
    # print("request.user:",request.user.is_anonymous)
    #
    # #if request.user.is_anonymous:
    # if not request.user.is_authenticated:
    #     return redirect("/login/")

    username = request.user.username
    return render(request, "index.html", {"username": username})
    # return render(request,"index.html")


@login_required
def order(request):
    if not request.user.is_authenticated:
        return render(request, "order.html")
    return render(request,"order.html")


# 注销登录
def logout(request):
    auth.logout(request)
    return redirect("/login/")


# 注册页面
def reg(request):
    # 取得注册信息
    if request.method == "POST":
        user = request.POST.get("user")
        pwd = request.POST.get("pwd")
        # 这种是不对的
        # User.objects.create(username=user,password=pwd)
        user = User.objects.create_user(username=user, password=pwd)
        return redirect("/login/")
    return render(request, "reg.html")

 settings.py

# LANGUAGE_CODE = 'en-us'
LANGUAGE_CODE = 'zh-Hans'

# TIME_ZONE = 'UTC'
TIME_ZONE = 'Asia/Shanghai'

USE_I18N = True

USE_L10N = True

USE_TZ = True
# USE_TZ = False


# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/2.0/howto/static-files/

STATIC_URL = '/static/'

LOGIN_URL = "/login/"

urls.py

from django.contrib import admin
from django.urls import path

from blog import views

urlpatterns = [
    path('admin/', admin.site.urls),
    path('login/', views.login),
    path('index/', views.index),
    path('order/', views.order),
    path('logout/', views.logout),
    path('reg/', views.reg),

]