[英]How to validate and return access and refresh tokens after user.save()
我正在驗證用戶 OTP 以更改密碼,更改密碼后我無法使用 JWT 創建訪問和刷新令牌,
通常,當用戶登錄時,我使用以下方法MyTokenObtainPairView將訪問和刷新令牌以及所有其他內容返回給UserSerializerWithToken 。
class MyTokenObtainPairSerializer(TokenObtainPairSerializer):
def validate(self, attrs):
data = super().validate(attrs)
serializer = UserSerializerWithToken(self.user).data
for k, v in serializer.items():
data[k] = v
return data
class MyTokenObtainPairView(TokenObtainPairView):
serializer_class = MyTokenObtainPairSerializer
我在 set_password 和 user.save() 之后復制了類似的方法以返回UserSerializerWithToken
UserSerializerWithToken 是
class UserSerializerWithToken(UserSerializer):
token = serializers.SerializerMethodField(read_only=True)
class Meta:
model = CustomUser
fields = ['id',
'isAdmin',
'token']
def get_token(self, obj):
token = RefreshToken.for_user(obj)
return str(token.access_token)
有問題的 function 是
@api_view(['PUT'])
def reset_password(request):
data = request.data
email = data['email']
otp_to_verify = data['otp']
new_password = data['password']
user = CustomUser.objects.get(email=email)
serializer = UserSerializerWithToken(user, many=False)
if CustomUser.objects.filter(email=email).exists():
if otp_to_verify == user.otp:
if new_password != '':
user.set_password(new_password)
user.save() # here password gets changed
return Response(serializer.data) #
else:
message = {
'detail': 'Password cant be empty'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
else:
message = {
'detail': 'Something went wrong'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
我收到令牌但無法訪問並刷新令牌以使用它下次登錄。 我假設 user.save() 不在這里創建刷新和訪問令牌。 任何人都可以確定為什么會發生這種情況以及如何解決這個問題
user.save()不創建令牌
token = RefreshToken.for_user(obj) return str(token.access_token)
這些行創建令牌。
在我看來,您在這里不需要序列化程序。
@api_view(['PUT'])
def reset_password(request):
data = request.data
email = data['email']
otp_to_verify = data['otp']
new_password = data['password']
user = CustomUser.objects.get(email=email)
if CustomUser.objects.filter(email=email).exists():
otp_to_verify == user.otp
if new_password != '':
user.set_password(new_password)
user.save() # here password gets changed
token = RefreshToken.for_user(user)
response = { "refresh_token": str(token),
"access_token": str(token.access_token)
}
return Response(response)
else:
message = {
'detail': 'Password cant be empty'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
else:
message = {
'detail': 'Something went wrong'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
保存用戶時,可以發出 post 請求:
access_url = config('BASE_API_URL') + 'token/'
access_response = requests.post(access_url, data=data)
access_token = access_response.json().get('access')
refresh_token = access_response.json().get('refresh')
然后返回,
return Response(
{"access_token": access_token,
"refresh_token" : refresh_token,
"additional_data": messege},
status=status.HTTP_200_OK
)
Django REST:如何使用自定義聲明將 SimpleJWT 訪問和刷新令牌作為 HttpOnly cookies 返回?
[英]Django REST: How do i return SimpleJWT access and refresh tokens as HttpOnly cookies with custom claims?
Django身份驗證問題-user.save()更改密碼哈希
[英]Django authentications problems - user.save() changes password hash
Django user.save() 在列“is_superuser”上失敗不能為空
[英]Django user.save() fails on Column 'is_superuser' cannot be null
用於覆蓋序列化程序類的 save() 方法時,user.save() 無法正常工作
[英]user.save() not working properly when used in overriding serializer class's save() method
如何在 Django 中安全地存儲 OAuth2 訪問和刷新令牌
[英]How to securely store OAuth2 access and refresh tokens in Django
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.