Django不是REST-API用户注册
[英]Django not REST - API user registration
问题描述
I have my first project as junior in my work. 
我有一个大三的第一个项目。 It is old (Django 1.8) and it is normal django framework... not REST. 它很老(Django 1.8),是正常的django框架...不是REST。
It supports web, and mobile. 它支持网络和移动。
I have to create endpoint for mobile to create user. 我必须为移动设备创建端点才能创建用户。
I think it is not a problem (to create) but I want to make sure it will be save. 我认为(创建)这不是问题,但我想确保它可以保存。
First of all I thought that I will create normal ModelForm (RegisterAPIForm based on model=User with full validation (I mean init all fields that are in "backend" not visible for user | cleaned_data for all fields | special overwriten method save() that in addition hashes password, and send email) and in Views I'll add something like this: 首先,我认为我将创建普通的ModelForm(基于model = User的RegisterAPIForm,具有完整验证(我的意思是初始化用户不可见的“后端”中的所有字段|所有字段的cleaned_data |特殊的覆盖方法save())除了散列密码,然后发送电子邮件),然后在“视图”中添加以下内容:
class RegistrationAPITestView(View):
def post(self, request):
form = RegistrationAPIForm(
request.POST
)
if form.is_valid():
form.save()
return JsonResponse({})
else:
#check errors and send error code back
Or I should do it other way, by using User object? 还是我应该通过使用User对象来做其他方式?
class RegistrationAPITestView(View):
def post(self, request):
#check if user does not exist
#password1 and password2 validation
user = User.objects.create()
user.name = request.POST['username']
user.set_password(request.POST['password'])
#init all fields that user can't choose like groups etc
user.save()
What do you think? 你怎么看? Do I need ModelForm that I won't even render? 我需要甚至不渲染的ModelForm吗? It seems to be safer, but maybe I should check it other way? 这似乎更安全,但也许我应该以其他方式检查它? with User object? 与用户对象?
Btw. 顺便说一句。 Registration form already exists for web but there is a lot of "web" stuff that I don't need and I don't have to check and there is another method of saving password, so I believe I should create new one. Web的注册表单已经存在,但是我不需要很多“网络”内容,也不必检查,还有另一种保存密码的方法,因此我认为我应该创建一个新的。
My code will be revieved in 2 weeks (senior vacations) but now I'm alone and want to do my best. 我的代码将在2周内(高级假期)进行修改,但是现在我很孤单,并且想尽我最大的努力。
1 个解决方案
解决方案1
1 2018-07-15 05:57:18
There is nothing wrong with the second option, but here is the problem that you as a junior should avoid. 第二种选择没有什么问题,但是这是您作为初中生应该避免的问题。 This line will make the server return a 500 error request.POST['username'] because python will throw a key error if the user doesn't provide the username, to fix just change to request.POST.get('username', 'value if doesn\\'t exit') also make sure that everything is ready before create the user or you will have records in the database that wont be useful. 此行将使服务器返回一个500错误request.POST['username']因为如果用户不提供用户名,python会抛出一个关键错误,只需将其更改为request.POST.get('username', 'value if doesn\\'t exit')还应确保在创建用户之前一切都准备就绪,否则数据库中将没有有用的记录。 Call validators to the password too and try to cover all possible scenario. 还将验证程序称为密码,并尝试涵盖所有可能的情况。 Remember never trust the user 记住永远不要信任用户
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.