django rest framework用户认证

  • 进入rest framework的Apiview

    •  @classmethod
      
     def as_view(cls, **initkwargs):
      
         """
      
         Store the original class on the view function.

         This allows us to discover information about the view when we do URL
      
         reverse lookups.  Used for breadcrumb generation.
      
         """
      
         if isinstance(getattr(cls, 'queryset', None), models.query.QuerySet):
      
             def force_evaluation():
      
                 raise RuntimeError(
      
                     'Do not evaluate the `.queryset` attribute directly, '
      
                     'as the result will be cached and reused between requests. '
      
                     'Use `.all()` or call `.get_queryset()` instead.'
      
                 )
      
             cls.queryset._fetch_all = force_evaluation

         view = super().as_view(**initkwargs)
      
         view.cls = cls
      
         view.initkwargs = initkwargs

         # Note: session based authentication is explicitly CSRF validated,
      
         # all other authentication is CSRF exempt.
      
         return csrf_exempt(view)

      django的类视图是调用内部的as_view方法来实现CBV,在第18行调用了父类的as_view,父类的as_view调用了dispatch方法,这里在ApiView自定义了dispatch


    •      def dispatch(self, request, *args, **kwargs):
      
         """
      
         `.dispatch()` is pretty much the same as Django's regular dispatch,
      
         but with extra hooks for startup, finalize, and exception handling.
      
         """
      
         self.args = args
      
         self.kwargs = kwargs
      
         request = self.initialize_request(request, *args, **kwargs)
      
         self.request = request
      
         self.headers = self.default_response_headers  # deprecate?

         try:
      
             self.initial(request, *args, **kwargs)

             # Get the appropriate handler method
      
             if request.method.lower() in self.http_method_names:
      
                 handler = getattr(self, request.method.lower(),
      
                                   self.http_method_not_allowed)
      
             else:
      
                 handler = self.http_method_not_allowed

             response = handler(request, *args, **kwargs)

         except Exception as exc:
      
             response = self.handle_exception(exc)

         self.response = self.finalize_response(request, response, *args, **kwargs)
      
         return self.response

      和django的dispatch类似,第8,9行对request进行了封装

    •      def initialize_request(self, request, *args, **kwargs):
      
         """
      
         Returns the initial request object.
      
         """
      
         parser_context = self.get_parser_context(request)

         return Request(
      
             request,
      
             parsers=self.get_parsers(),
      
             authenticators=self.get_authenticators(),
      
             negotiator=self.get_content_negotiator(),
      
             parser_context=parser_context
      
         )

      封装函数内部返回的是Request对象

    •  class Request:
      
     """
      
     Wrapper allowing to enhance a standard `HttpRequest` instance.

     Kwargs:
      
         - request(HttpRequest). The original request instance.
      
         - parsers_classes(list/tuple). The parsers to use for parsing the
      
           request content.
      
         - authentication_classes(list/tuple). The authentications used to try
      
           authenticating the request's user.
      
     """

     def __init__(self, request, parsers=None, authenticators=None,
      
                  negotiator=None, parser_context=None):
      
         assert isinstance(request, HttpRequest), (
      
             'The `request` argument must be an instance of '
      
             '`django.http.HttpRequest`, not `{}.{}`.'
      
             .format(request.__class__.__module__, request.__class__.__name__)
      
         )

         self._request = request
      
         self.parsers = parsers or ()
      
         self.authenticators = authenticators or ()
      
         self.negotiator = negotiator or self._default_negotiator()
      
         self.parser_context = parser_context
      
         self._data = Empty
      
         self._files = Empty
      
         self._full_data = Empty
      
         self._content_type = Empty
      
         self._stream = Empty

         if self.parser_context is None:
      
             self.parser_context = {}
      
         self.parser_context['request'] = self
      
         self.parser_context['encoding'] = request.encoding or settings.DEFAULT_CHARSET

         force_user = getattr(request, '_force_auth_user', None)
      
         force_token = getattr(request, '_force_auth_token', None)
      
         if force_user is not None or force_token is not None:
      
             forced_auth = ForcedAuthentication(force_user, force_token)
      
             self.authenticators = (forced_auth,)

      Request对象的初始化函数,它将原生django的request对象赋值给self._request,所以在ApiView视图中想使用原生的request要用request._request来使用

    • 查看self.authenticators
    • self.authenticators等于传进来的authenticators
    • 在ApiView内部定义了get_authenticators方法,它会被authenticators来接受 
           def get_authenticators(self):
      
         """
      
         Instantiates and returns the list of authenticators that this view can use.
      
         """
      
         return [auth() for auth in self.authentication_classes]

      这个方法回去self.authentication_classes里面找定义好的对象再将其实例化

    • 定义自定义验证类 
      from rest_framework.views import APIView
      
from django.http import HttpResponse
      
from rest_framework.authentication import BaseAuthentication
      
from rest_framework.exceptions import AuthenticationFailed

class MyAuthentication(BaseAuthentication):
      
    def authenticate(self, request):
      
        if not request._request.GET.get('name'):
      
            raise AuthenticationFailed
      
        return ('user', None)

    def authenticate_header(self, request):
      
        pass

class MyView(APIView):
      
    authentication_classes = [MyAuthentication]

    def get(self, request):
             user = request.user
      
        return HttpResponse(user)

      验证类继承BaseAuthentication(不继承也可以,但都要实现authenticate)方法,在authenticate里面实现用户的认证,最后返回一个元祖,第一个元素为user对象,该对象被request.user接受, 第二个元素会被request.auth捕捉

    • 效果

django rest framework用户认证的更多相关文章

  1. Django Rest framework 之 认证

    django rest framework 官网 django rest framework 之 认证(一) django rest framework 之 权限(二) django rest fra ...

  2. Django 中的用户认证

    Django 自带一个用户认证系统,这个系统处理用户帐户.组.权限和基于 cookie 的 会话.本文说明这个系统是如何工作的. 概览 认证系统由以下部分组成: 用户 权限:控制用户进否可以执行某项任 ...

  3. Django rest framework 的认证流程(源码分析)

    一.基本流程举例: urlpatterns = [ url(r'^admin/', admin.site.urls), url(r'^users/', views.HostView.as_view() ...

  4. Django Rest Framework用户访问频率限制

    一. REST framework的请求生命周期 基于rest-framework的请求处理,与常规的url配置不同,通常一个django的url请求对应一个视图函数,在使用rest-framewor ...

  5. Django组件之用户认证组件

    一.auth模块 from django.contrib import auth django.contrib.auth中提供了许多方法,这里主要介绍其中的三个: 1.1 .authenticate( ...

  6. Django Rest Framework之认证

    代码基本结构 url.py: from django.conf.urls import url, include from web.views.s1_api import TestView urlpa ...

  7. 使用django实现自定义用户认证

    参考资料:https://docs.djangoproject.com/en/1.10/topics/auth/customizing/    直接拉到最后看栗子啦 django自定义用户认证(使用自 ...

  8. 09 Django组件之用户认证组件

    没有学习Django认证组件之前使用装饰器方法 from django.shortcuts import render, HttpResponse, redirect from app01.MyFor ...

  9. Django组件之用户认证

    auth模块 1 from django.contrib import auth django.contrib.auth中提供了许多方法,这里主要介绍其中的三个: 1.1 .authenticate( ...

随机推荐

  1. WINDOWS上JDK安装与环境变量设置

    一.JDK安装 jdk版本:jdk1.8.0_144 下载链接:https://pan.baidu.com/s/1eS2bFhg 密码:e3q1 下载JDK后点击安装,可以根据需要修改JDK的安装目录 ...

  2. element UI中的tab切换栏

    html代码:(用的是el-tab组件) <el-tabs v-model="activeIndex" type="border-card" @tab-c ...

  3. mongo请求超时

    no_cursor_timeout=True参数的使用 实例: import pymongo handler = pymongo.MongoClient().db.col with handler.f ...

  4. Unity 随机数与随机种子

    随机数几乎应用于游戏开发的方方面面,例如,随机生成的地图,迷宫,怪物属性等,在Unity中,使用随机数非常方便: // // 摘要: // Return a random integer number ...

  5. 测试必知必会系列- Linux常用命令 - ls

    21篇测试必备的Linux常用命令,每天敲一篇,每次敲三遍,每月一循环,全都可记住!! https://www.cnblogs.com/poloyy/category/1672457.html 列出当 ...

  6. 快速排序--15--快排--LeetCode排序数组

    排序数组 给定一个整数数组 nums,将该数组升序排列. 示例 1: 输入:[5,2,3,1] 输出:[1,2,3,5] 示例 2: 输入:[5,1,1,2,0,0] 输出:[0,0,1,1,2,5] ...

  7. 华为云+NextCloud(私人云盘搭建)

    这几天发现了牛客+华为云的返现活动,免费用一年,赶紧的去搞了一个折腾折腾.(相关软件下载链接在最下面) 噔噔噔!!! 102822985.png) 废话少说,开始搭建. 基础环境部署 Apache安装 ...

  8. ASP.NET Core去掉HTTPS配置和SSL证书

    如果你的项目一不小心配置了https 右击项目=>属性=>调试=>启用SSL=>选择去掉 测试

  9. Burpsuite被动扫描流量转发插件:Passive Scan Client

    编译成品:链接: https://pan.baidu.com/s/1E0vsPGgPgB9bXCW-8Yl1gw 提取码: 49eq Passive Scan Client Burpsuite被动扫描 ...

  10. hdu1242 又又又是逃离迷宫(bfs模板题)

    题目链接:http://icpc.njust.edu.cn/Problem/Hdu/1242/ 这次的迷宫是有守卫的,杀死一个守卫需要花费1个单位的时间,所以以走的步数为深度,在每一层进行搜索,由于走 ...