Skip to content

Latest commit

 

History

History
143 lines (121 loc) · 4.2 KB

auth认证模块.md

File metadata and controls

143 lines (121 loc) · 4.2 KB
Raw

官网

Using the authentication system 使用认证系统

User objects

  • Authenticating Users
    authenticate(request=None, **credentials): 使用一系列的backends去认证.如果认证得到了哪个用户,就返回用户.否则返回None
  • create users
from django.contrib.auth.models import User
user = User.objects.create_user('john', 'ramwin@163.com', 'password')
  • create superusers
python manage.py createsuperuser --username=<username> --email=<email>
  • Changing passwords:
u = User.objects.get( username = 'john')
u.set_password( 'new password' )
u.save()
  • 直接生成加密后的密码
    from django.contrib.auth.hashers import make_password

Permissions and Authorization

组 Groups
创建权限
from myapp.models import BlogPost
from django.contrib.auth.models import Permission
from django.contrib.contenttypes.models import ContentType

content_type = ContentType.objects.get_for_model(BlogPost)
permission = Permission.objects.create(
    codename='can_publish',
    name='Can Publish Posts',
    content_type=content_type,
)

Authentication in Web requests 网页里面的认证

How to log a user in 如何让一个用户登录
  • django.contrib.auth.login(request, user, backend=None)
from django.contrih.auth import login, authenticate
def my_view(request):
    user = authenticate(request, username=username, password=password)
    if user is not None:
        login(request, user)
Limiting access to logged-in users
  • the raw way
def my_view(request):
    if not request.user.is_authenticated:
        return redirect("%s?next=%s" % (settings.LOGIN_URL, request.path))
        return render(request, 'myapp/login_error.html')
  • The login_required decorator
  • The LoginRequired mixin 注意这个只校验是否认证,不校验is_active
from django.contrib.auth.mixins import LoginRequiredMixin
class MyView(LoginRequiredMixin, View):
    login_url = '/login/'
    redirect_field_name = 'redirect_to'
  • Limiting access to logged-in users that pass a test
  • The permission_required decorator
  • The PermissionRequiredMixin mixin

API参考

官网

django.contrib.auth

User model

  • Fields
    • username 默认支持的是alphanumeric,_,@,+,.,-, 必填, 默认为空字符串,所以如果是自定义的auth或者接口,务必把username设置好

自定义认证系统

from django.contrib.auth.admin import UserAdmin
@admin.register(user)
class MyUserAdmin(UserAdmin):
    pass

自定义User取代

使用一个app里面的User来替换django的User

引用User

使用settings.AUTH_USER_MODEL会直接返回字符串

from djang.conf import settings
from django.db import models
class Article(models.Model):
    author = models.ForeignKey(
        settings.AUTH_USER_MODEL,
        ob_delete=moedls.CASCADE,
    )

如果在运行时,可以使用

from django.contrib.auth import get_usre_model
User = get_user_model()  这样可以获取User的model
其他
  • reusbale apps and AUTH_USER_MODEL
  • Specifying a custom user model

其他

  • 其他认证来源
  • 自定义权限
  • Extending the exsisting User model 可以创建一个proxy model给User或者创建一个OneToOneField

认证 Users

    from django.contrib.auth import authenticate
    user = authenticate( username = 'john', password = 'secret')
    authenticate(username='ramwin', password='wangx')
    if user    # 有这个账户
    if user.is_active:    # 账户是激活的
    else:     # 认证失败

使用再classbaseview

```
from django.contrib.auth.mixins import LoginRequiredMixin
class View(LoginRequiredMixin, GenericView):
    login_url = 'home/login'
    redirect_field_name = 'redirect_to'
```