Django 在序列化程序中手动验证 AuthenToken
Django validate AuthenToken Manually in a Serializer
所以我有一个可以预订房间的应用程序。但我想在用户预订房间时验证用户。我知道我可以使用 obtain_auth_token 函数来做到这一点。但我想用令牌自己验证用户。
因此,当用户登录网站时,我将令牌保存到用户中,当用户想要预订房间时,我会将令牌作为参数提供给预订 view/serializer。
现在我想验证随预订请求发送的令牌。
这是我的序列化器的样子:
class BuchungSerializer(ModelSerializer):
"""Serializer to map the Model instance into JSON format."""
token = serializers.CharField(required=True, allow_blank=False, write_only=True)
class Meta:
"""Meta class to map serializer's fields with the model fields."""
model = Buchung
fields = ['id', 'user', 'time_choices', 'raum', 'platz', 'datum', 'token']
related_fields = ['user', 'raum', 'platz']
extra_kwargs = {"token": {"write_only": True}}
username = serializers.CharField(source='user.username')
def validate_token(self, value):
user = Mitarbeiter.objects.filter(Q(username = username))
if user.exists() and user.count() == 1:
user_obj = user.first()
user_token = user_obj.usertoken
token = Token.objects.get(key=value)
if token == user_token:
return value
else:
raise ValidationError("Token not Valid")
else:
raise ValidationError("User doesn't exist")
def create(self, validated_data):
reservation = Buchung(
user=validated_data['user'],
time_choices=validated_data['time_choices'],
raum=validated_data['raum'],
platz=validated_data['platz'],
datum=validated_data['datum'],
)
reservation.set_token(validated_data['token'])
reservation.save()
return reservation
我的看法:
class CreateBuchungView(generics.ListCreateAPIView):
queryset = Buchung.objects.all()
serializer_class = BuchungSerializer
#permission_classes = [IsAuthenticated]
def perform_create(self, serializer):
"""Save the post data when creating a new reservation."""
serializer.save()
和我的模特:
class Buchung(models.Model):
TIME_CHOICES = (
('Ganztag', 'Ganztag'),
('Halbtags vor 14', 'Halbtags vor 14'),
('Halbtags nach 14', 'Halbtags nach 14'),
)
cearted_on = models.DateTimeField(auto_now_add=True)
user = models.ForeignKey(Mitarbeiter, on_delete=models.CASCADE, default='')
raum = models.ForeignKey(Raum, on_delete=models.CASCADE, default='')
platz = models.ForeignKey(Platz, on_delete=models.CASCADE, default='')
time_choices = models.CharField(max_length=100, choices=TIME_CHOICES, default='Ganztag')
datum = models.DateField(("Datum"), default=datetime.date.today)
token = models.CharField(max_length=300, default='')
def __str__(self):
return "%s am %s" % (self.user, self.datum)
但我认为问题是序列化程序中的验证器函数不工作或者甚至没有被调用。
谢谢
所以我找到了问题。
问题出在序列化程序中,根本没有调用验证函数。如果我做的这个不安全,请大声疾呼。
这就是我的序列化程序现在的样子。
class BuchungSerializer(ModelSerializer):
"""Serializer to map the Model instance into JSON format."""
def validate(self, data):
username = data.get("username")
user = Mitarbeiter.objects.filter(Q(username = username))
if user.exists() and user.count() == 1:
user_obj = user.first()
input_token = data.get("token")
token = Token.objects.get(user=user_obj)
yay_token = token.key
if yay_token == input_token:
return data
else:
raise ValidationError("UToken not Valid")
else:
raise ValidationError("User doesn't exist")
class Meta:
"""Meta class to map serializer's fields with the model fields."""
model = Buchung
fields = ['id', 'user', 'username', 'time_choices', 'raum', 'platz', 'datum', 'token']
related_fields = ['user', 'raum', 'platz']
extra_kwargs = {"token": {"write_only": True}}
所以我有一个可以预订房间的应用程序。但我想在用户预订房间时验证用户。我知道我可以使用 obtain_auth_token 函数来做到这一点。但我想用令牌自己验证用户。 因此,当用户登录网站时,我将令牌保存到用户中,当用户想要预订房间时,我会将令牌作为参数提供给预订 view/serializer。
现在我想验证随预订请求发送的令牌。
这是我的序列化器的样子:
class BuchungSerializer(ModelSerializer):
"""Serializer to map the Model instance into JSON format."""
token = serializers.CharField(required=True, allow_blank=False, write_only=True)
class Meta:
"""Meta class to map serializer's fields with the model fields."""
model = Buchung
fields = ['id', 'user', 'time_choices', 'raum', 'platz', 'datum', 'token']
related_fields = ['user', 'raum', 'platz']
extra_kwargs = {"token": {"write_only": True}}
username = serializers.CharField(source='user.username')
def validate_token(self, value):
user = Mitarbeiter.objects.filter(Q(username = username))
if user.exists() and user.count() == 1:
user_obj = user.first()
user_token = user_obj.usertoken
token = Token.objects.get(key=value)
if token == user_token:
return value
else:
raise ValidationError("Token not Valid")
else:
raise ValidationError("User doesn't exist")
def create(self, validated_data):
reservation = Buchung(
user=validated_data['user'],
time_choices=validated_data['time_choices'],
raum=validated_data['raum'],
platz=validated_data['platz'],
datum=validated_data['datum'],
)
reservation.set_token(validated_data['token'])
reservation.save()
return reservation
我的看法:
class CreateBuchungView(generics.ListCreateAPIView):
queryset = Buchung.objects.all()
serializer_class = BuchungSerializer
#permission_classes = [IsAuthenticated]
def perform_create(self, serializer):
"""Save the post data when creating a new reservation."""
serializer.save()
和我的模特:
class Buchung(models.Model):
TIME_CHOICES = (
('Ganztag', 'Ganztag'),
('Halbtags vor 14', 'Halbtags vor 14'),
('Halbtags nach 14', 'Halbtags nach 14'),
)
cearted_on = models.DateTimeField(auto_now_add=True)
user = models.ForeignKey(Mitarbeiter, on_delete=models.CASCADE, default='')
raum = models.ForeignKey(Raum, on_delete=models.CASCADE, default='')
platz = models.ForeignKey(Platz, on_delete=models.CASCADE, default='')
time_choices = models.CharField(max_length=100, choices=TIME_CHOICES, default='Ganztag')
datum = models.DateField(("Datum"), default=datetime.date.today)
token = models.CharField(max_length=300, default='')
def __str__(self):
return "%s am %s" % (self.user, self.datum)
但我认为问题是序列化程序中的验证器函数不工作或者甚至没有被调用。 谢谢
所以我找到了问题。
问题出在序列化程序中,根本没有调用验证函数。如果我做的这个不安全,请大声疾呼。 这就是我的序列化程序现在的样子。
class BuchungSerializer(ModelSerializer):
"""Serializer to map the Model instance into JSON format."""
def validate(self, data):
username = data.get("username")
user = Mitarbeiter.objects.filter(Q(username = username))
if user.exists() and user.count() == 1:
user_obj = user.first()
input_token = data.get("token")
token = Token.objects.get(user=user_obj)
yay_token = token.key
if yay_token == input_token:
return data
else:
raise ValidationError("UToken not Valid")
else:
raise ValidationError("User doesn't exist")
class Meta:
"""Meta class to map serializer's fields with the model fields."""
model = Buchung
fields = ['id', 'user', 'username', 'time_choices', 'raum', 'platz', 'datum', 'token']
related_fields = ['user', 'raum', 'platz']
extra_kwargs = {"token": {"write_only": True}}