django身份验证和密码重置

Question

So, i am currently working on a web application project and i implemented authentication and password confirmation successfully.

But my issue is that i did it using html templates and now the requirement came up that we have to develop our application using api's for the backened.

Now, i am new to api and really confused how to use the authentication system i built (as we have to provide template to the in-built implemented class and they accept the values from their itself)

Is it possible to actually see and manage the registered users from the code-behind while still using there in-built mechanism

Answer 1

For password change you can use this generic view using the inbuilt Django auth framework

@login_required
def change_password(request):
    if request.method == "POST":
        form = PasswordChangeForm(request.user, request.POST)
        if form.is_valid():
            user = form.save()
            # Important to update the session otherwise user will have to login again
            update_session_auth_hash(request, user)
            # Server side alert
            print("Password changed for {0}".format(user.username))
            return redirect('/index/')
        else:
            print(form.errors)
    else:
        form = PasswordChangeForm(request.user)
    return render(request, 'website/changepassword.html', {'form': form})

You need to use djangorestframework , and use the decorator @apiview(['GET', 'POST']) to create a RestAPI

Answer 2

You can use TokenAuthentication available in django rest framework. See what documentation says:

TokenAuthentication

This authentication scheme uses a simple token-based HTTP Authentication scheme. Token authentication is appropriate for client-server setups, such as native desktop and mobile clients.

To use the TokenAuthentication scheme you'll need to configure the authentication classes to include TokenAuthentication, and additionally include rest_framework.authtoken in your INSTALLED_APPS setting:

INSTALLED_APPS = (
...
'rest_framework.authtoken'

)

Note: Make sure to run manage.py migrate after changing your settings. The rest_framework.authtoken app provides Django database migrations.

You'll also need to create tokens for your users.

from rest_framework.authtoken.models import Token

token = Token.objects.create(user=...)
print token.key

For clients to authenticate, the token key should be included in the Authorization HTTP header. The key should be prefixed by the string literal "Token", with whitespace separating the two strings. For example:

Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b

Note: If you want to use a different keyword in the header, such as Bearer, simply subclass TokenAuthentication and set the keyword class variable.

If successfully authenticated, TokenAuthentication provides the following credentials.

• request.user will be a Django User instance.
• request.auth will be a rest_framework.authtoken.models.Token instance.

Unauthenticated responses that are denied permission will result in an HTTP 401 Unauthorized response with an appropriate WWW-Authenticate header. For example:

WWW-Authenticate: Token

The curl command line tool may be useful for testing token authenticated APIs. For example:

curl -X GET http://127.0.0.1:8000/api/example/ -H 'Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b'

Note: If you use TokenAuthentication in production you must ensure that your API is only available over https.

Source: http://www.django-rest-framework.org/api-guide/authentication/#tokenauthentication