[英]How to access(ask) token for user login
我已經使用Django Rest Framework for Rest API和django-oauth-toolkit進行基於令牌的身份驗證。 我已經為用戶注冊設計了api。 注冊用戶后,將生成令牌並將其保存到數據庫。 我希望用戶從該令牌登錄。 我的意思是基於令牌的身份驗證,因為我想開發移動應用程序。 我可以在發送登錄請求時使用curl獲取access_token,但是如何在視圖中實現,以便應用將發布請求發送至127.0.0.1:8000/o/token要求令牌,以便該請求包含用戶名,密碼,client_id和client_secret。 然后,服務器會收到憑據,如果憑據有效,則它將返回access_token。 其余時間,它將使用該令牌查詢服務器。
views.py
class UserLoginAPI(APIView):
permission_classes = [AllowAny]
serializer_class = UserLoginSerializer
def post(self, request, *args, **kwargs):
access_token = AccessToken.objects.get(token=request.POST.get('access_token'), expires__gt=timezone.now()) # error is shown here. I get None
data = request.data
serializer = UserLoginSerializer(data=data)
if serializer.is_valid(raise_exception=True):
new_data = serializer.data
return Response(new_data, status=status.HTTP_200_OK)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
serializers.py
class UserCreateSerializer(ModelSerializer):
class Meta:
model = User
extra_kwargs = {"password": {"write_only": True}}
def create(self, validated_data):
username = validated_data['username']
first_name = validated_data['first_name']
last_name = validated_data['last_name']
email = validated_data['email']
password = validated_data['password']
confirm_password = validated_data['password']
user_obj = User(
username = username,
first_name = first_name,
last_name = last_name,
email = email
)
user_obj.set_password(password)
user_obj.save()
if user_obj:
expire_seconds = oauth2_settings.user_settings['ACCESS_TOKEN_EXPIRE_SECONDS']
scopes = oauth2_settings.user_settings['SCOPES']
application = Application.objects.get(name="Foodie")
expires = datetime.now() + timedelta(seconds=expire_seconds)
access_token = AccessToken.objects.create(user=user_obj,
application=application,
token = generate_token(),
expires=expires,
scope=scopes)
return validated_data
class UserLoginSerializer(ModelSerializer):
# token = CharField(allow_blank=True, read_only=True)
username = CharField()
class Meta:
model = User
fields = [
'username',
'password',
# 'token',
]
extra_kwargs = {"password":
{"write_only": True}
}
因此,如果您想讓api依靠用戶名和密碼來獲取令牌,則將如下所示:
def get_token(request):
username = request.POST.get("username")
password = request.POST.get("password")
.... # other parameters
try:
user = User.objects.get(username=username, password=password)
except ObjectDoesNotExist:
return HttpResponse("Can't find this user")
else:
try:
access_token = AccessToken.objects.get(user=user)
except ObjectDoesNotExist:
return HttpResponse("Haven't set any token")
else:
return HttpResponse(access_token)
如果要使用DRF處理此問題:
@api_view(['POST'])
def get_token(request):
# get token by query just like above
serializer = TokenSerializer(data=access_token.token) #you can pass more parameters to data if you want, but you also have to edit your TokenSerializer
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
您的TokenSerializer:
class TokenSerializer(ModelSerializer):
class Meta:
model = AccessToken
field = (token,)
這取決於
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.