堆棧內存溢出
  簡體   English   中英

Django 無法使用有效憑據登錄

[英]Django can't login with valid credentials

 原文  2020-01-22 05:34:53       python/ django/ django-rest-framework/ django-login

問題描述

Django 沒有登錄我的用戶。 我正在使用 Django REST 調用來執行此操作:

class UserLogin(APIView):

permission_classes = []

def post(self, request, *args, **kwargs):

    if request.method == 'POST':
        user = authenticate(
            username=request.data.get('email'),
            password=request.data.get('password')
        )
        print("User de Authenticate -> %s" % user)
        if user is not None:
            login(request, user, backend='apps.core.api.backends.EmailAuthBackend')

            return HttpResponse("Valid")
        else:
            return HttpResponse("Invalid")

使用我的自定義后端:

class EmailAuthBackend(object):
def authenticate(self, request, username=None, password=None):
    """ Authenticate a user based on email address as the user name. """
    try:
        user = User.objects.get(email=username)
        if bcrypt.checkpw(password.encode('utf-8'), user.password.encode('utf-8')):
            return user
    except User.DoesNotExist:
        try:
            user = User.objects.get(username=username)
            if user.check_password(password):
                return user
        except User.DoesNotExist:
            return None

def get_user(self, user_id):
    try:
        return User.objects.get(pk=user_id)
    except User.DoesNotExist:
        return None

關鍵是如果憑據有效,則身份驗證會返回用戶,因此問題不存在。 登錄功能返回給我 None! 我對打印的登錄進行了一些調試,所以,這里是 django 登錄功能:

def login(request, user, backend=None):
"""
Persist a user id and a backend in the request. This way a user doesn't
have to reauthenticate on every request. Note that data set during
the anonymous session is retained when the user logs in.
"""
session_auth_hash = ''
print("1")
if user is None:
    user = request.user
if hasattr(user, 'get_session_auth_hash'):
    print("2")
    session_auth_hash = user.get_session_auth_hash()

if SESSION_KEY in request.session:
    print("3")
    if _get_user_session_key(request) != user.pk or (
            session_auth_hash and
            not constant_time_compare(request.session.get(HASH_SESSION_KEY, ''), session_auth_hash)):
        # To avoid reusing another user's session, create a new, empty
        # session if the existing session corresponds to a different
        # authenticated user.
        print("4")
        request.session.flush()
else:
    print("5")
    request.session.cycle_key()

try:
    print("6")
    backend = backend or user.backend
except AttributeError:
    print("7")
    backends = _get_backends(return_tuples=True)
    print("LOS BACKENDS -> %s" % backends)
    if len(backends) == 1:
        print("8")
        _, backend = backends[0]
    else:
        print("9")
        raise ValueError(
            'You have multiple authentication backends configured and '
            'therefore must provide the `backend` argument or set the '
            '`backend` attribute on the user.'
        )
else:
    print("10")
    if not isinstance(backend, str):
        print("11")
        raise TypeError('backend must be a dotted import path string (got %r).' % backend)

print("12")
request.session[SESSION_KEY] = user._meta.pk.value_to_string(user)
request.session[BACKEND_SESSION_KEY] = backend
request.session[HASH_SESSION_KEY] = session_auth_hash
print(request.session[SESSION_KEY])
if hasattr(request, 'user'):
    print("13")
    request.user = user
rotate_token(request)
user_logged_in.send(sender=user.__class__, request=request, user=user)

以及打印的調試:1
2 5 6 10 12 9 13

我看到它引發了后端的值錯誤,但是我在登錄調用中傳遞了后端,並且我也將它導入到 settings.py 中。 不知道為什么 django 無法登錄我的用戶。 有人有解決方案嗎? 編輯,了解更多信息:我的用戶 ->

class User(AbstractUser):

name = models.CharField(max_length=30, null=False, blank=False)
surnames = models.CharField(max_length=30, null=False, blank=False)
email = models.EmailField(max_length=60)
password = models.CharField(max_length=100, null=False, blank=False)
country = CountryField()
phonenumber = PhoneNumberField()
postalCode = models.CharField(max_length=5)

def __str__(self):
    return self.email

使用 AUTH_USER_MODEL = 'core.User' 實現。 和我的用戶創建方法,我手動散列密碼:

  def post(self, request, *args, **kwargs):
    request.data["password"] = 
    bcrypt.hashpw(request.data["password"].encode(), bcrypt.gensalt()).decode()
    request.data["username"] = request.data["name"]
    print(request.data["username"])
    print(request.data["password"])
    return self.create(request, *args, **kwargs)

2 個解決方案

解決方案1
 0  2020-01-22 05:58:13

更正你的縮進

def post(self, request, *args, **kwargs):
    if request.method == 'POST':
        user = authenticate(
            username=request.data.get('email'),
            password=request.data.get('password')
        )
        print("User de Authenticate -> %s" % user)
        if user is not None:
            login(request, user, backend='apps.core.api.backends.EmailAuthBackend')
            return HttpResponse("Valid")
   else:
       return HttpResponse("Invalid")

解決方案2
 0  2020-01-23 10:44:43

顯然您無法使用 Django REST 的方法登錄,因此我將登錄代碼更改為普通的 Django 方法,並且使用相同的代碼我能夠登錄。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 注冊用戶無法使用憑據登錄 django rest 框架 為什么我無法使用有效憑據登錄 Django 用戶,但可以登錄我原來的超級用戶? 如何使用 praw 檢查登錄憑據是否有效 Django:無法使用 Allauth 登錄 django-無法使用用戶憑證登錄 無法使用 praw 登錄。 已經檢查了憑據 django驗證使用有效憑據返回無類型 無法登錄 Django /admin 界面 保存后Django無法登錄 無法在django網站上配置facebook登錄
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM