[英]Django can't login with valid credentials
Django 沒有登錄我的用戶。 我正在使用 Django REST 調用來執行此操作:
class UserLogin(APIView):
permission_classes = []
def post(self, request, *args, **kwargs):
if request.method == 'POST':
user = authenticate(
username=request.data.get('email'),
password=request.data.get('password')
)
print("User de Authenticate -> %s" % user)
if user is not None:
login(request, user, backend='apps.core.api.backends.EmailAuthBackend')
return HttpResponse("Valid")
else:
return HttpResponse("Invalid")
使用我的自定義后端:
class EmailAuthBackend(object):
def authenticate(self, request, username=None, password=None):
""" Authenticate a user based on email address as the user name. """
try:
user = User.objects.get(email=username)
if bcrypt.checkpw(password.encode('utf-8'), user.password.encode('utf-8')):
return user
except User.DoesNotExist:
try:
user = User.objects.get(username=username)
if user.check_password(password):
return user
except User.DoesNotExist:
return None
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
關鍵是如果憑據有效,則身份驗證會返回用戶,因此問題不存在。 登錄功能返回給我 None! 我對打印的登錄進行了一些調試,所以,這里是 django 登錄功能:
def login(request, user, backend=None):
"""
Persist a user id and a backend in the request. This way a user doesn't
have to reauthenticate on every request. Note that data set during
the anonymous session is retained when the user logs in.
"""
session_auth_hash = ''
print("1")
if user is None:
user = request.user
if hasattr(user, 'get_session_auth_hash'):
print("2")
session_auth_hash = user.get_session_auth_hash()
if SESSION_KEY in request.session:
print("3")
if _get_user_session_key(request) != user.pk or (
session_auth_hash and
not constant_time_compare(request.session.get(HASH_SESSION_KEY, ''), session_auth_hash)):
# To avoid reusing another user's session, create a new, empty
# session if the existing session corresponds to a different
# authenticated user.
print("4")
request.session.flush()
else:
print("5")
request.session.cycle_key()
try:
print("6")
backend = backend or user.backend
except AttributeError:
print("7")
backends = _get_backends(return_tuples=True)
print("LOS BACKENDS -> %s" % backends)
if len(backends) == 1:
print("8")
_, backend = backends[0]
else:
print("9")
raise ValueError(
'You have multiple authentication backends configured and '
'therefore must provide the `backend` argument or set the '
'`backend` attribute on the user.'
)
else:
print("10")
if not isinstance(backend, str):
print("11")
raise TypeError('backend must be a dotted import path string (got %r).' % backend)
print("12")
request.session[SESSION_KEY] = user._meta.pk.value_to_string(user)
request.session[BACKEND_SESSION_KEY] = backend
request.session[HASH_SESSION_KEY] = session_auth_hash
print(request.session[SESSION_KEY])
if hasattr(request, 'user'):
print("13")
request.user = user
rotate_token(request)
user_logged_in.send(sender=user.__class__, request=request, user=user)
以及打印的調試:1
2 5 6 10 12 9 13
我看到它引發了后端的值錯誤,但是我在登錄調用中傳遞了后端,並且我也將它導入到 settings.py 中。 不知道為什么 django 無法登錄我的用戶。 有人有解決方案嗎? 編輯,了解更多信息:我的用戶 ->
class User(AbstractUser):
name = models.CharField(max_length=30, null=False, blank=False)
surnames = models.CharField(max_length=30, null=False, blank=False)
email = models.EmailField(max_length=60)
password = models.CharField(max_length=100, null=False, blank=False)
country = CountryField()
phonenumber = PhoneNumberField()
postalCode = models.CharField(max_length=5)
def __str__(self):
return self.email
使用 AUTH_USER_MODEL = 'core.User' 實現。 和我的用戶創建方法,我手動散列密碼:
def post(self, request, *args, **kwargs):
request.data["password"] =
bcrypt.hashpw(request.data["password"].encode(), bcrypt.gensalt()).decode()
request.data["username"] = request.data["name"]
print(request.data["username"])
print(request.data["password"])
return self.create(request, *args, **kwargs)
更正你的縮進
def post(self, request, *args, **kwargs):
if request.method == 'POST':
user = authenticate(
username=request.data.get('email'),
password=request.data.get('password')
)
print("User de Authenticate -> %s" % user)
if user is not None:
login(request, user, backend='apps.core.api.backends.EmailAuthBackend')
return HttpResponse("Valid")
else:
return HttpResponse("Invalid")
顯然您無法使用 Django REST 的方法登錄,因此我將登錄代碼更改為普通的 Django 方法,並且使用相同的代碼我能夠登錄。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.