如何在Django中验证有效的超级用户

Question

I have created a superuser in Django. Is there any way I can authenticate the superuser credentials using a REST API like from Postman? or Do I need to write a scripted REST API?

If my question is too broad please let me know. I will update my question.

Regards

Answer 1

Personally, I use django-rest-framework http://www.django-rest-framework.org/ , which has a third-party module called django-rest-auth http://django-rest-auth.readthedocs.io/en/latest/ that provides API endpoints to handle login, registration, and other user access. The documentation is pretty good and has been around for quite some time.

The django.contrib.auth User model has boolean values, is_staff and is_superuser and there is a decorator to check for staff https://docs.djangoproject.com/en/2.0/ref/contrib/admin/#the-staff-member-required-decorator .

example from docs

from django.contrib.admin.views.decorators import staff_member_required

@staff_member_required
def my_view(request):

You could easily create your own decorator by implementing something similar in the style of the following:

def super_user_required(view_func=None, 
                          redirect_field_name=REDIRECT_FIELD_NAME,
                          login_url='admin:login'):
    """
    Decorator for views that checks that the user is logged in and is a superuser
    member, redirecting to the login page if necessary.
    """
    actual_decorator = user_passes_test(
        lambda u: u.is_active and u.is_superuser,
        login_url=login_url,
        redirect_field_name=redirect_field_name
    )
    if view_func:
        return actual_decorator(view_func)
    return actual_decorator

The package provides optional JWT support. https://getblimp.github.io/django-rest-framework-jwt/