堆栈内存溢出
  繁体   English   中英

Django Graphql 验证未登录用户

[英]Django Graphql Auth not logged in user

 原文  2021-04-25 04:24:10       python/ python-3.x/ django/ graphql/ django-graphql-jwt

问题描述

我在我的 api 中使用 Django Graphql Auth 但是当我想获取当前登录的用户时总是得到匿名。

# settings.py

MIDDLEWARE = [
    # ...
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    # ...
]

AUTH_USER_MODEL = 'base.User'

AUTHENTICATION_BACKENDS = [
    # 'graphql_jwt.backends.JSONWebTokenBackend',
    'graphql_auth.backends.GraphQLAuthBackend',
    'django.contrib.auth.backends.ModelBackend',
]
GRAPHENE = {
    'SCHEMA_INDENT': 4,
    'SCHEMA': 'byt.schema.schema',
    'MIDDLEWARE': [
        'graphql_jwt.middleware.JSONWebTokenMiddleware',
        'graphene_django_extras.ExtraGraphQLDirectiveMiddleware'
    ]
}

GRAPHQL_AUTH = {
    'LOGIN_ALLOWED_FIELDS': ['email', 'username'],
    # ...
}
GRAPHQL_JWT = {
    'JWT_VERIFY_EXPIRATION': True,
    'JWT_LONG_RUNNING_REFRESH_TOKEN': True,
    'ALLOW_LOGIN_NOT_VERIFIED': True,
    'JWT_ALLOW_ARGUMENT': True,
    "JWT_ALLOW_ANY_CLASSES": [
        "graphql_auth.mutations.Register",
        "graphql_auth.mutations.VerifyAccount",
        "graphql_auth.mutations.ResendActivationEmail",
        "graphql_auth.mutations.SendPasswordResetEmail",
        "graphql_auth.mutations.PasswordReset",
        "graphql_auth.mutations.ObtainJSONWebToken",
        "graphql_auth.mutations.VerifyToken",
        "graphql_auth.mutations.RefreshToken",
        "graphql_auth.mutations.RevokeToken",
        "graphql_auth.mutations.VerifySecondaryEmail",
    ],
}
EMAIL_BACKEND = 'sendgrid_backend.SendgridBackend'

# custom user model 

class User(AbstractUser):
    ROLES = (
        ('ADMIN', 'ADMIN'),
        ('USER', 'USER'),
        ('BUSINESS', 'BUSINESS'),
        ('TALENT', 'TALENT')
    )
    first_name = models.CharField(max_length=254, default="John")
    last_name = models.CharField(max_length=254, default="Doe")
    email = models.EmailField(
        blank=False, max_length=254, verbose_name="email address")
    role = models.CharField(max_length=8, choices=ROLES, default="USER")

    USERNAME_FIELD = "username"  # e.g: "username", "email"
    EMAIL_FIELD = "email"  # e.g: "email", "primary_email"

    def __str__(self):
        return self.username


# schema user
import graphene
from graphene_django import DjangoObjectType
from graphql_auth import mutations
from graphql_auth.schema import UserQuery, MeQuery


class AuthMutation(graphene.ObjectType):
    register = mutations.Register.Field()
    verify_account = mutations.VerifyAccount.Field()
    resend_activation_email = mutations.ResendActivationEmail.Field()
    send_password_reset_email = mutations.SendPasswordResetEmail.Field()
    password_reset = mutations.PasswordReset.Field()
    password_change = mutations.PasswordChange.Field()
    archive_account = mutations.ArchiveAccount.Field()
    delete_account = mutations.DeleteAccount.Field()
    update_account = mutations.UpdateAccount.Field()
    send_secondary_email_activation = mutations.SendSecondaryEmailActivation.Field()
    verify_secondary_email = mutations.VerifySecondaryEmail.Field()
    swap_emails = mutations.SwapEmails.Field()

    # django-graphql-jwt inheritances
    token_auth = mutations.ObtainJSONWebToken.Field()
    verify_token = mutations.VerifyToken.Field()
    refresh_token = mutations.RefreshToken.Field()
    revoke_token = mutations.RevokeToken.Field()


class Query(UserQuery, MeQuery, graphene.ObjectType):
    pass


class Mutation(AuthMutation, graphene.ObjectType):
    pass

突变 tokenAuth 返回一个有效的令牌,但是当我尝试在 header 中使用该令牌执行“我”查询时,查询返回 null,因为 info.context.user 是匿名的。

我错过了什么?

2 个解决方案

解决方案1
 2 已采纳  2021-04-27 06:40:16

你是如何传递不记名令牌的? graphql_auth 使用 'JWT' 而不是 'Bearer' 作为令牌前缀。

解决方案2
 1  2021-05-01 03:01:49

您缺少的是 JWT 没有登录它只进行身份验证的用户。 即,它只验证用户名和密码是否有效。

因此,由于 info.context.user,您无法运行 me 查询,如果您删除它将运行。

要返回登录用户,首先必须使用以下命令登录:

    from django.contrib.auth import authenticate, login

    class UserType(DjangoObjectType):
        class Meta:
            model = YourUserModel

    class Query(ObjectType):
        ...
        me = graphene.Field(UserType)

        def resolve_me(self, info, **kwargs):
            username = kwargs.get('username')
            password = kwargs.get('password')
            user = authenticate(username=username, password=password)
            login(user)
            if user.is_anonymous:
                raise Exception('Authentication Failure!')
            return YourUserModel.objects.get(pk=info.context.user)

注意:检查文档

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Django rest auth user_logged_in 信号 使用 Django-two-factor-auth 将用户标记为已登录 django.contrib.auth.login() 函数不返回任何用户登录 在Django中使用all-auth接收到user_logged_in信号后,将用户设置为AnonymousUser Django,请记住用户已登录 如何使用 django-microsoft-auth 获取当前登录用户进行 Microsoft 身份验证? 如何使用 django-graphql-auth 自定义错误? Django信号和用户身份验证 Django中的用户身份验证 如果用户未登录,则显示基本身份验证弹出窗口
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM