Django:如何使用 is_active of auth_user table?
Django: How do I use is_active of auth_user table?
我不知道什么时候该使用参数。
djangoproject描述如下:
Boolean. Designates whether this user account should be considered active. We recommend that you set this flag to False instead of deleting accounts; that way, if your applications have any foreign keys to users, the foreign keys won’t break.
This doesn’t necessarily control whether or not the user can log in. Authentication backends aren’t required to check for the is_active flag, and the default backends do not. If you want to reject a login based on is_active being False, it’s up to you to check that in your own login view or a custom authentication backend. However, the AuthenticationForm used by the login() view (which is the default) does perform this check, as do the permission-checking methods such as has_perm() and the authentication in the Django admin. All of those functions/methods will return False for inactive users.
readthedocs 描述如下:
Authorization for inactive users
An inactive user is a one that is authenticated but has its attribute is_active set to False. However this does not mean they are not authorized to do anything. For example they are allowed to activate their account.
The support for anonymous users in the permission system allows for a scenario where anonymous users have permissions to do something while inactive authenticated users do not.
Do not forget to test for the is_active attribute of the user in your own backend permission methods.
任何人都可以举一些例子让我知道参数需要注意或如何使用它。
from django.contrib.auth import authenticate
user = authenticate(username='john', password='secret')
if user is not None: #to check whether user is available or not?
# the password verified for the user
if user.is_active:
print("User is valid, active and authenticated")
else:
print("The password is valid, but the account has been disabled!")
else:
# the authentication system was unable to verify the username and password
print("The username and password were incorrect.")
这将有助于您理解 django 身份验证。
非活跃用户是指其 is_active 字段设置为 False 的用户。
从 django 版本 1.10 开始:ModelBackend(默认身份验证后端)和 RemoteUserBackend 身份验证后端禁止这些非活动用户进行身份验证。因此,如果您使用这些后端,则无需使用以下样式:
#authentication has been successful now...
if user.is_active:
login(request,user)
#redirect to success page
else:
#return disabled account error message
如果自定义用户模型没有 is_active 字段,将允许所有用户进行身份验证。
在版本 1.10 之前,ModelBackend 允许非活动用户进行身份验证 - 这首先在您允许用户进行身份验证然后允许用户激活他们的帐户(仅在他们成功通过身份验证后)的情况下很有用。
请注意,@login_required 装饰器不会检查用户的 is_active 标志。 @login_required
检查 AUTHENTICATION_BACKENDS 以查看您正在使用哪些。
见 https://docs.djangoproject.com/en/1.10/topics/auth/customizing/
def MyFormView(request):
if request.method == 'POST':
m_form = myform(request.POST)
a_form = AccountForm(request.POST)
if m_form.is_valid() and a_form.is_valid():
user = m_form.save()
user.is_active = True
a_form.instance.user = user
a_form.save()
messages.success(request,f'Your Account Has Been created')
return redirect('/')
else:
m_form = myform()
a_form = AccountForm()
return render(request, 'app/index.html', {'m_form':m_form, 'a_form':a_form})
我不知道什么时候该使用参数。
djangoproject描述如下:
Boolean. Designates whether this user account should be considered active. We recommend that you set this flag to False instead of deleting accounts; that way, if your applications have any foreign keys to users, the foreign keys won’t break.
This doesn’t necessarily control whether or not the user can log in. Authentication backends aren’t required to check for the is_active flag, and the default backends do not. If you want to reject a login based on is_active being False, it’s up to you to check that in your own login view or a custom authentication backend. However, the AuthenticationForm used by the login() view (which is the default) does perform this check, as do the permission-checking methods such as has_perm() and the authentication in the Django admin. All of those functions/methods will return False for inactive users.
readthedocs 描述如下:
Authorization for inactive users
An inactive user is a one that is authenticated but has its attribute is_active set to False. However this does not mean they are not authorized to do anything. For example they are allowed to activate their account.
The support for anonymous users in the permission system allows for a scenario where anonymous users have permissions to do something while inactive authenticated users do not.
Do not forget to test for the is_active attribute of the user in your own backend permission methods.
任何人都可以举一些例子让我知道参数需要注意或如何使用它。
from django.contrib.auth import authenticate
user = authenticate(username='john', password='secret')
if user is not None: #to check whether user is available or not?
# the password verified for the user
if user.is_active:
print("User is valid, active and authenticated")
else:
print("The password is valid, but the account has been disabled!")
else:
# the authentication system was unable to verify the username and password
print("The username and password were incorrect.")
这将有助于您理解 django 身份验证。
非活跃用户是指其 is_active 字段设置为 False 的用户。
从 django 版本 1.10 开始:ModelBackend(默认身份验证后端)和 RemoteUserBackend 身份验证后端禁止这些非活动用户进行身份验证。因此,如果您使用这些后端,则无需使用以下样式:
#authentication has been successful now...
if user.is_active:
login(request,user)
#redirect to success page
else:
#return disabled account error message
如果自定义用户模型没有 is_active 字段,将允许所有用户进行身份验证。 在版本 1.10 之前,ModelBackend 允许非活动用户进行身份验证 - 这首先在您允许用户进行身份验证然后允许用户激活他们的帐户(仅在他们成功通过身份验证后)的情况下很有用。
请注意,@login_required 装饰器不会检查用户的 is_active 标志。 @login_required
检查 AUTHENTICATION_BACKENDS 以查看您正在使用哪些。 见 https://docs.djangoproject.com/en/1.10/topics/auth/customizing/
def MyFormView(request):
if request.method == 'POST':
m_form = myform(request.POST)
a_form = AccountForm(request.POST)
if m_form.is_valid() and a_form.is_valid():
user = m_form.save()
user.is_active = True
a_form.instance.user = user
a_form.save()
messages.success(request,f'Your Account Has Been created')
return redirect('/')
else:
m_form = myform()
a_form = AccountForm()
return render(request, 'app/index.html', {'m_form':m_form, 'a_form':a_form})