[英]How to validate and return access and refresh tokens after user.save()
我正在验证用户 OTP 以更改密码,更改密码后我无法使用 JWT 创建访问和刷新令牌,
通常,当用户登录时,我使用以下方法MyTokenObtainPairView将访问和刷新令牌以及所有其他内容返回给UserSerializerWithToken 。
class MyTokenObtainPairSerializer(TokenObtainPairSerializer):
def validate(self, attrs):
data = super().validate(attrs)
serializer = UserSerializerWithToken(self.user).data
for k, v in serializer.items():
data[k] = v
return data
class MyTokenObtainPairView(TokenObtainPairView):
serializer_class = MyTokenObtainPairSerializer
我在 set_password 和 user.save() 之后复制了类似的方法以返回UserSerializerWithToken
UserSerializerWithToken 是
class UserSerializerWithToken(UserSerializer):
token = serializers.SerializerMethodField(read_only=True)
class Meta:
model = CustomUser
fields = ['id',
'isAdmin',
'token']
def get_token(self, obj):
token = RefreshToken.for_user(obj)
return str(token.access_token)
有问题的 function 是
@api_view(['PUT'])
def reset_password(request):
data = request.data
email = data['email']
otp_to_verify = data['otp']
new_password = data['password']
user = CustomUser.objects.get(email=email)
serializer = UserSerializerWithToken(user, many=False)
if CustomUser.objects.filter(email=email).exists():
if otp_to_verify == user.otp:
if new_password != '':
user.set_password(new_password)
user.save() # here password gets changed
return Response(serializer.data) #
else:
message = {
'detail': 'Password cant be empty'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
else:
message = {
'detail': 'Something went wrong'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
我收到令牌但无法访问并刷新令牌以使用它下次登录。 我假设 user.save() 不在这里创建刷新和访问令牌。 任何人都可以确定为什么会发生这种情况以及如何解决这个问题
user.save()不创建令牌
token = RefreshToken.for_user(obj) return str(token.access_token)
这些行创建令牌。
在我看来,您在这里不需要序列化程序。
@api_view(['PUT'])
def reset_password(request):
data = request.data
email = data['email']
otp_to_verify = data['otp']
new_password = data['password']
user = CustomUser.objects.get(email=email)
if CustomUser.objects.filter(email=email).exists():
otp_to_verify == user.otp
if new_password != '':
user.set_password(new_password)
user.save() # here password gets changed
token = RefreshToken.for_user(user)
response = { "refresh_token": str(token),
"access_token": str(token.access_token)
}
return Response(response)
else:
message = {
'detail': 'Password cant be empty'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
else:
message = {
'detail': 'Something went wrong'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
保存用户时,可以发出 post 请求:
access_url = config('BASE_API_URL') + 'token/'
access_response = requests.post(access_url, data=data)
access_token = access_response.json().get('access')
refresh_token = access_response.json().get('refresh')
然后返回,
return Response(
{"access_token": access_token,
"refresh_token" : refresh_token,
"additional_data": messege},
status=status.HTTP_200_OK
)
Django REST:如何使用自定义声明将 SimpleJWT 访问和刷新令牌作为 HttpOnly cookies 返回?
[英]Django REST: How do i return SimpleJWT access and refresh tokens as HttpOnly cookies with custom claims?
Django身份验证问题-user.save()更改密码哈希
[英]Django authentications problems - user.save() changes password hash
Django user.save() 在列“is_superuser”上失败不能为空
[英]Django user.save() fails on Column 'is_superuser' cannot be null
用于覆盖序列化程序类的 save() 方法时,user.save() 无法正常工作
[英]user.save() not working properly when used in overriding serializer class's save() method
如何在 Django 中安全地存储 OAuth2 访问和刷新令牌
[英]How to securely store OAuth2 access and refresh tokens in Django
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.