如何在 user.save() 之后验证并返回访问和刷新令牌
[英]How to validate and return access and refresh tokens after user.save()
问题描述
I'm verifying the user OTP to change password and after change password I'm unable to create access and refresh token using JWT,
我正在验证用户 OTP 以更改密码,更改密码后我无法使用 JWT 创建访问和刷新令牌,
Normally when user get log in I use following method MyTokenObtainPairView which return both access and refresh token with all other stuff to UserSerializerWithToken .通常,当用户登录时,我使用以下方法MyTokenObtainPairView将访问和刷新令牌以及所有其他内容返回给UserSerializerWithToken 。
class MyTokenObtainPairSerializer(TokenObtainPairSerializer):
def validate(self, attrs):
data = super().validate(attrs)
serializer = UserSerializerWithToken(self.user).data
for k, v in serializer.items():
data[k] = v
return data
class MyTokenObtainPairView(TokenObtainPairView):
serializer_class = MyTokenObtainPairSerializer
I coppied similar appraoch to return UserSerializerWithToken after set_password and user.save()我在 set_password 和 user.save() 之后复制了类似的方法以返回UserSerializerWithToken
UserSerializerWithToken is UserSerializerWithToken 是
class UserSerializerWithToken(UserSerializer):
token = serializers.SerializerMethodField(read_only=True)
class Meta:
model = CustomUser
fields = ['id',
'isAdmin',
'token']
def get_token(self, obj):
token = RefreshToken.for_user(obj)
return str(token.access_token)
and the problematic function is有问题的 function 是
@api_view(['PUT'])
def reset_password(request):
data = request.data
email = data['email']
otp_to_verify = data['otp']
new_password = data['password']
user = CustomUser.objects.get(email=email)
serializer = UserSerializerWithToken(user, many=False)
if CustomUser.objects.filter(email=email).exists():
if otp_to_verify == user.otp:
if new_password != '':
user.set_password(new_password)
user.save() # here password gets changed
return Response(serializer.data) #
else:
message = {
'detail': 'Password cant be empty'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
else:
message = {
'detail': 'Something went wrong'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
I receive the toke but not getting access and refresh toke to use it to login next time.我收到令牌但无法访问并刷新令牌以使用它下次登录。 I'm assuming user.save() dosnt create refresh and access token here.我假设 user.save() 不在这里创建刷新和访问令牌。 Can anybody identify why this is happening and how to fix that任何人都可以确定为什么会发生这种情况以及如何解决这个问题
2 个解决方案
解决方案1
2 已采纳 2022-02-11 15:23:25
user.save() does not create the tokens user.save()不创建令牌
token = RefreshToken.for_user(obj) return str(token.access_token) token = RefreshToken.for_user(obj) return str(token.access_token)
These lines create the token.这些行创建令牌。
In my opinion, you dont need the serializer here.在我看来,您在这里不需要序列化程序。
@api_view(['PUT'])
def reset_password(request):
data = request.data
email = data['email']
otp_to_verify = data['otp']
new_password = data['password']
user = CustomUser.objects.get(email=email)
if CustomUser.objects.filter(email=email).exists():
otp_to_verify == user.otp
if new_password != '':
user.set_password(new_password)
user.save() # here password gets changed
token = RefreshToken.for_user(user)
response = { "refresh_token": str(token),
"access_token": str(token.access_token)
}
return Response(response)
else:
message = {
'detail': 'Password cant be empty'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
else:
message = {
'detail': 'Something went wrong'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
解决方案2
0 2022-09-01 05:36:54
When you save user, you can make a post request:保存用户时,可以发出 post 请求:
access_url = config('BASE_API_URL') + 'token/'
access_response = requests.post(access_url, data=data)
access_token = access_response.json().get('access')
refresh_token = access_response.json().get('refresh')
Then return,然后返回,
return Response(
{"access_token": access_token,
"refresh_token" : refresh_token,
"additional_data": messege},
status=status.HTTP_200_OK
)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.