django-认证
官网链接
https://docs.djangoproject.com/zh-hans/2.2/topics/auth/default/ https://docs.djangoproject.com/zh-hans/2.2/ref/contrib/auth/#django.contrib.auth.models.User
一 user对象
创建普通用户
使用 create_user() 方法
from django.contrib.auth.models import User user = User.objects.create_user('用户名','邮箱','密码') user.save()
创建超级用户
python manage.py createsuperuser
更改密码
使用 set_password()方法
from django.contrib.auth.models import User user = User.objects.get(username='wangys') user <User: wangys> user.set_password('新密码') user.save()
验证用户
-
authenticate
- 认证失败返回 None
- 认证成功返回user对象
from django.contrib import auth user = auth.authenticate(username='wangys',password='123456') print(user) None user = auth.authenticate(username='wangys',password='654321') print(user) wangys
保持用户会话(session)
- login方法
路由
from django.contrib import admin from django.urls import path from app1 import views urlpatterns = [ path('admin/', admin.site.urls), path('login/', views.login), # 登陆 path('index/', views.index), # 首页 ]
form表单
from django import forms class LoginFrom(forms.Form): username = forms.CharField(max_length=32,label='用户名') password = forms.CharField(max_length=16,label='密码')
视图
from django.shortcuts import render,redirect
from django.http import JsonResponse
from .forms import LoginFrom
from django.contrib import auth
# Create your views here.
def login(request):
# POST请求
if request.method == 'POST':
loginform = LoginFrom(request.POST)
# 如果表单数据有效
if loginform.is_valid():
username = loginform.cleaned_data['username']
password = loginform.cleaned_data['password']
# 认证
user = auth.authenticate(username=username,password=password)
if user:
# 保持会话,将user对象做为request.user属性
auth.login(request,user)
return redirect('/index/')
# GET请求
else:
loginform = LoginFrom()
return render(request,'login.html',{ 'loginform': loginform })
def index(request):
user = request.user
return JsonResponse({'view': 'index','user': user.username})
模板
login.html
<body>
<form action="/login/" method="post">
{% csrf_token %}
{% for field in loginform %}
<div class="c1" >
<label for="{{ field.id_for_label }}">{{ field.label }}</label>
{{ field }} {{ field.errors.0 }}
</div>
{% endfor %}
<input type="submit" value="提交">
</form>
</body>
注销
- django.contrib.auth.logout()方法
- 参数为HttpRequest对象
- 会将当前用户的会话数据全部清除
from django.shortcuts import redirect
from django.contrib import auth
def logout(request):
auth.logout(request)
return redirect('/login/')
限制未登录用户访问
限制访问的方式有很多
login_required装饰器
- login_required(redirect_field_name='next',login_url=None)
- 如果认证失败,我们需要制定登陆url,需要指定如下
- 如果不想在每个视图上指定,我们可以在setting文件中指定全局的 LOGIN_URL
from django.contrib.auth.decorators import login_required
@login_required(login_url='/login/')
def index(request):
user = request.user
return render(request,'index.html')
二: 扩展user表
扩展方式有很多
继承的方法
-
django.contrib.auth.models.AbstractUser
- 所有牵扯到User表的用自定义表代替就可以了 该对象其他方法都可以直接用
model
from django.db import models from django.contrib.auth.models import AbstractUser # Create your models here. class UserInfo(AbstractUser): phone = models.CharField(max_length=32) address = models.CharField(max_length=128)
setting的配置
AUTH_USER_MODEL = 'app名称.自定义用户表'
浙公网安备 33010602011771号