[英]How to validate and return access and refresh tokens after user.save()
I'm verifying the user OTP to change password and after change password I'm unable to create access and refresh token using JWT,我正在验证用户 OTP 以更改密码,更改密码后我无法使用 JWT 创建访问和刷新令牌,
Normally when user get log in I use following method MyTokenObtainPairView
which return both access and refresh token with all other stuff to UserSerializerWithToken
.通常,当用户登录时,我使用以下方法
MyTokenObtainPairView
将访问和刷新令牌以及所有其他内容返回给UserSerializerWithToken
。
class MyTokenObtainPairSerializer(TokenObtainPairSerializer):
def validate(self, attrs):
data = super().validate(attrs)
serializer = UserSerializerWithToken(self.user).data
for k, v in serializer.items():
data[k] = v
return data
class MyTokenObtainPairView(TokenObtainPairView):
serializer_class = MyTokenObtainPairSerializer
I coppied similar appraoch to return UserSerializerWithToken
after set_password and user.save()我在 set_password 和 user.save() 之后复制了类似的方法以返回
UserSerializerWithToken
UserSerializerWithToken is UserSerializerWithToken 是
class UserSerializerWithToken(UserSerializer):
token = serializers.SerializerMethodField(read_only=True)
class Meta:
model = CustomUser
fields = ['id',
'isAdmin',
'token']
def get_token(self, obj):
token = RefreshToken.for_user(obj)
return str(token.access_token)
and the problematic function is有问题的 function 是
@api_view(['PUT'])
def reset_password(request):
data = request.data
email = data['email']
otp_to_verify = data['otp']
new_password = data['password']
user = CustomUser.objects.get(email=email)
serializer = UserSerializerWithToken(user, many=False)
if CustomUser.objects.filter(email=email).exists():
if otp_to_verify == user.otp:
if new_password != '':
user.set_password(new_password)
user.save() # here password gets changed
return Response(serializer.data) #
else:
message = {
'detail': 'Password cant be empty'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
else:
message = {
'detail': 'Something went wrong'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
I receive the toke but not getting access and refresh toke to use it to login next time.我收到令牌但无法访问并刷新令牌以使用它下次登录。 I'm assuming user.save() dosnt create refresh and access token here.
我假设 user.save() 不在这里创建刷新和访问令牌。 Can anybody identify why this is happening and how to fix that
任何人都可以确定为什么会发生这种情况以及如何解决这个问题
user.save()
does not create the tokens user.save()
不创建令牌
token = RefreshToken.for_user(obj)
return str(token.access_token)
token = RefreshToken.for_user(obj)
return str(token.access_token)
These lines create the token.这些行创建令牌。
In my opinion, you dont need the serializer here.在我看来,您在这里不需要序列化程序。
@api_view(['PUT'])
def reset_password(request):
data = request.data
email = data['email']
otp_to_verify = data['otp']
new_password = data['password']
user = CustomUser.objects.get(email=email)
if CustomUser.objects.filter(email=email).exists():
otp_to_verify == user.otp
if new_password != '':
user.set_password(new_password)
user.save() # here password gets changed
token = RefreshToken.for_user(user)
response = { "refresh_token": str(token),
"access_token": str(token.access_token)
}
return Response(response)
else:
message = {
'detail': 'Password cant be empty'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
else:
message = {
'detail': 'Something went wrong'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
When you save user, you can make a post request:保存用户时,可以发出 post 请求:
access_url = config('BASE_API_URL') + 'token/'
access_response = requests.post(access_url, data=data)
access_token = access_response.json().get('access')
refresh_token = access_response.json().get('refresh')
Then return,然后返回,
return Response(
{"access_token": access_token,
"refresh_token" : refresh_token,
"additional_data": messege},
status=status.HTTP_200_OK
)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.