django rest framework用户认证
django rest framework用户认证
- 进入rest framework的Apiview
- @classmethod
- def as_view(cls, **initkwargs):
- """
- Store the original class on the view function.
- This allows us to discover information about the view when we do URL
- reverse lookups. Used for breadcrumb generation.
- """
- if isinstance(getattr(cls, 'queryset', None), models.query.QuerySet):
- def force_evaluation():
- raise RuntimeError(
- 'Do not evaluate the `.queryset` attribute directly, '
- 'as the result will be cached and reused between requests. '
- 'Use `.all()` or call `.get_queryset()` instead.'
- )
- cls.queryset._fetch_all = force_evaluation
- view = super().as_view(**initkwargs)
- view.cls = cls
- view.initkwargs = initkwargs
- # Note: session based authentication is explicitly CSRF validated,
- # all other authentication is CSRF exempt.
- return csrf_exempt(view)
django的类视图是调用内部的as_view方法来实现CBV,在第18行调用了父类的as_view,父类的as_view调用了dispatch方法,这里在ApiView自定义了dispatch
- @classmethod
- def dispatch(self, request, *args, **kwargs):
- """
- `.dispatch()` is pretty much the same as Django's regular dispatch,
- but with extra hooks for startup, finalize, and exception handling.
- """
- self.args = args
- self.kwargs = kwargs
- request = self.initialize_request(request, *args, **kwargs)
- self.request = request
- self.headers = self.default_response_headers # deprecate?
- try:
- self.initial(request, *args, **kwargs)
- # Get the appropriate handler method
- if request.method.lower() in self.http_method_names:
- handler = getattr(self, request.method.lower(),
- self.http_method_not_allowed)
- else:
- handler = self.http_method_not_allowed
- response = handler(request, *args, **kwargs)
- except Exception as exc:
- response = self.handle_exception(exc)
- self.response = self.finalize_response(request, response, *args, **kwargs)
- return self.response
和django的dispatch类似,第8,9行对request进行了封装
- def dispatch(self, request, *args, **kwargs):
- def initialize_request(self, request, *args, **kwargs):
- """
- Returns the initial request object.
- """
- parser_context = self.get_parser_context(request)
- return Request(
- request,
- parsers=self.get_parsers(),
- authenticators=self.get_authenticators(),
- negotiator=self.get_content_negotiator(),
- parser_context=parser_context
- )
封装函数内部返回的是Request对象
- def initialize_request(self, request, *args, **kwargs):
- class Request:
- """
- Wrapper allowing to enhance a standard `HttpRequest` instance.
- Kwargs:
- - request(HttpRequest). The original request instance.
- - parsers_classes(list/tuple). The parsers to use for parsing the
- request content.
- - authentication_classes(list/tuple). The authentications used to try
- authenticating the request's user.
- """
- def __init__(self, request, parsers=None, authenticators=None,
- negotiator=None, parser_context=None):
- assert isinstance(request, HttpRequest), (
- 'The `request` argument must be an instance of '
- '`django.http.HttpRequest`, not `{}.{}`.'
- .format(request.__class__.__module__, request.__class__.__name__)
- )
- self._request = request
- self.parsers = parsers or ()
- self.authenticators = authenticators or ()
- self.negotiator = negotiator or self._default_negotiator()
- self.parser_context = parser_context
- self._data = Empty
- self._files = Empty
- self._full_data = Empty
- self._content_type = Empty
- self._stream = Empty
- if self.parser_context is None:
- self.parser_context = {}
- self.parser_context['request'] = self
- self.parser_context['encoding'] = request.encoding or settings.DEFAULT_CHARSET
- force_user = getattr(request, '_force_auth_user', None)
- force_token = getattr(request, '_force_auth_token', None)
- if force_user is not None or force_token is not None:
- forced_auth = ForcedAuthentication(force_user, force_token)
- self.authenticators = (forced_auth,)
Request对象的初始化函数,它将原生django的request对象赋值给self._request,所以在ApiView视图中想使用原生的request要用request._request来使用
- class Request:
- 查看self.authenticators
- self.authenticators等于传进来的authenticators
- 在ApiView内部定义了get_authenticators方法,它会被authenticators来接受
- def get_authenticators(self):
- """
- Instantiates and returns the list of authenticators that this view can use.
- """
- return [auth() for auth in self.authentication_classes]
这个方法回去self.authentication_classes里面找定义好的对象再将其实例化
- def get_authenticators(self):
- 定义自定义验证类
- from rest_framework.views import APIView
- from django.http import HttpResponse
- from rest_framework.authentication import BaseAuthentication
- from rest_framework.exceptions import AuthenticationFailed
- class MyAuthentication(BaseAuthentication):
- def authenticate(self, request):
- if not request._request.GET.get('name'):
- raise AuthenticationFailed
- return ('user', None)
- def authenticate_header(self, request):
- pass
- class MyView(APIView):
- authentication_classes = [MyAuthentication]
- def get(self, request):
user = request.user - return HttpResponse(user)
验证类继承BaseAuthentication(不继承也可以,但都要实现authenticate)方法,在authenticate里面实现用户的认证,最后返回一个元祖,第一个元素为user对象,该对象被request.user接受, 第二个元素会被request.auth捕捉
- from rest_framework.views import APIView
- 效果
django rest framework用户认证的更多相关文章
- Django Rest framework 之 认证
django rest framework 官网 django rest framework 之 认证(一) django rest framework 之 权限(二) django rest fra ...
- Django 中的用户认证
Django 自带一个用户认证系统,这个系统处理用户帐户.组.权限和基于 cookie 的 会话.本文说明这个系统是如何工作的. 概览 认证系统由以下部分组成: 用户 权限:控制用户进否可以执行某项任 ...
- Django rest framework 的认证流程(源码分析)
一.基本流程举例: urlpatterns = [ url(r'^admin/', admin.site.urls), url(r'^users/', views.HostView.as_view() ...
- Django Rest Framework用户访问频率限制
一. REST framework的请求生命周期 基于rest-framework的请求处理,与常规的url配置不同,通常一个django的url请求对应一个视图函数,在使用rest-framewor ...
- Django组件之用户认证组件
一.auth模块 from django.contrib import auth django.contrib.auth中提供了许多方法,这里主要介绍其中的三个: 1.1 .authenticate( ...
- Django Rest Framework之认证
代码基本结构 url.py: from django.conf.urls import url, include from web.views.s1_api import TestView urlpa ...
- 使用django实现自定义用户认证
参考资料:https://docs.djangoproject.com/en/1.10/topics/auth/customizing/ 直接拉到最后看栗子啦 django自定义用户认证(使用自 ...
- 09 Django组件之用户认证组件
没有学习Django认证组件之前使用装饰器方法 from django.shortcuts import render, HttpResponse, redirect from app01.MyFor ...
- Django组件之用户认证
auth模块 1 from django.contrib import auth django.contrib.auth中提供了许多方法,这里主要介绍其中的三个: 1.1 .authenticate( ...
随机推荐
- frida(hook工具)的环境搭建
一.简介 frida 是一款基于 python+javascript 的 hook 框架,可运行在 android.ios.linux.win等各个平台,主要使用的动态二进制插桩技术. Frida官网 ...
- DS01-线性表
0.PTA得分截图 1.本周内容总结 1.1总结线性表内容 顺序表结构体定义 typedef struct LNode *List struct LNode { ElementType Data[MA ...
- 视觉目标跟踪算法——SRDCF算法解读
首先看下MD大神2015年ICCV论文:Martin Danelljan, Gustav Häger, Fahad Khan, Michael Felsberg. "Learning Spa ...
- 1. python跨目录调用模块
快速镜像安装第三方库 : pip install -i https://pypi.tuna.tsinghua.edu.cn/simple numpy (三方库名字) 同目录下,我们可以直接调用模块, ...
- requests模块使用一
1.安装与简介 Urllib和requests模块是python中发起http请求最常见的模块,但是requests模块使用更加方便简单. pip install requests 2.GET请求 2 ...
- Mass Spectrometry-Compatible Subcellular Fractionation for Proteomics 质谱兼容的蛋白质组学的亚细胞分离(解读人:王茹凯)
文献名:Mass Spectrometry-Compatible Subcellular Fractionation for Proteomics(质谱兼容的蛋白质组学的亚细胞分离) 期刊名:Jpor ...
- IntelliJ IDEA 2018.1.4 x64安装创建maven项目等
Intellij IDEA 一:介绍 Jetbrains公司https://www.jetbrains.com/idea/ 1.1版本 Ultimate最终[收费] 网络,移动和企业开发 Web, m ...
- 补充JavaScript
1 JavaScript概述 1.1 ECMAScript和Javascript的关系 1996年11月,JavaScript的创造者--Netscape公司,决定将JavaScript提交给国际标准 ...
- 题解 P5835 【 USACO19DEC Meetings S】
前言 这道题目是道好题,想通了之后就可以把轻松这道题做出来. 正文 结论 先把一个结论写出来. 无论所有奶牛怎么走,它们的体重从左往右组成的序列是不会发生改变的. 这个结论简单地说明一下. 首先我们可 ...
- word2vec 和 glove 模型的区别
2019-09-09 15:36:13 问题描述:word2vec 和 glove 这两个生成 word embedding 的算法有什么区别. 问题求解: GloVe (global vectors ...