在不使用 Django rest 框架的情况下对用户进行身份验证?
Authenticating a User, without using Django rest framework?
大家好,就身份验证而言,我有几个关于重构一些旧 api 端点的问题。我有一个观点,例如...
@csrf_exempt
# PARAMETERS: username, password
def submit_offer(request):
"""Submit an offer"""
username = request.GET.get("username")
password = request.GET.get("password")
# Authenticate user to set instance.user value into BuyerForm
user = authenticate(username=username, password=password)
if not user:
# Always want our potential Buyer to be logged in & authenticated
return JsonResponse({'message': 'Please login to continue.'})
if request.method == 'POST':
form = BuyerForm(request.POST, request.FILES)
if form.is_valid():
instance = form.save(commit=False)
# sets current user as Buyer.user
instance.user = user
instance.save()
return JsonResponse({'success': True}, status=200)
else:
data = form.errors.as_json()
return JsonResponse(data, status=400, safe=False)
else:
return JsonResponse(data={'status': 403})
现在每个使用表单并需要获取 instance.user 的视图在下面都有相同的代码行...现在我认为使用 request.user 可以完成这项工作,但是当以这种方式测试我得到了一个 AnonymousUser,这让我有点困惑?
username = request.GET.get("username")
password = request.GET.get("password")
# Authenticate user to set instance.user value into BuyerForm
user = authenticate(username=username, password=password)
现在有没有更好的方法来对用户进行身份验证,例如在使用 request.user 的常规 django 视图中,而不是必须在每个视图中手动对用户进行身份验证? (已编辑)
password = request.GET.get("password")。
这是设计 Django 应用程序的一种非常脆弱的方式。
请看
顺便说一句,编写一个自定义中间件并将您的代码放在那里。
username = get_username_from_header
password = get_password_from_header
# Authenticate user to set instance.user value into BuyerForm
user = authenticate(username=username, password=password)
# Attach user to request
request.user = user
由于每个请求都通过中间件传递,因此您可以从每个视图访问用户。
大家好,就身份验证而言,我有几个关于重构一些旧 api 端点的问题。我有一个观点,例如...
@csrf_exempt
# PARAMETERS: username, password
def submit_offer(request):
"""Submit an offer"""
username = request.GET.get("username")
password = request.GET.get("password")
# Authenticate user to set instance.user value into BuyerForm
user = authenticate(username=username, password=password)
if not user:
# Always want our potential Buyer to be logged in & authenticated
return JsonResponse({'message': 'Please login to continue.'})
if request.method == 'POST':
form = BuyerForm(request.POST, request.FILES)
if form.is_valid():
instance = form.save(commit=False)
# sets current user as Buyer.user
instance.user = user
instance.save()
return JsonResponse({'success': True}, status=200)
else:
data = form.errors.as_json()
return JsonResponse(data, status=400, safe=False)
else:
return JsonResponse(data={'status': 403})
现在每个使用表单并需要获取 instance.user 的视图在下面都有相同的代码行...现在我认为使用 request.user 可以完成这项工作,但是当以这种方式测试我得到了一个 AnonymousUser,这让我有点困惑?
username = request.GET.get("username")
password = request.GET.get("password")
# Authenticate user to set instance.user value into BuyerForm
user = authenticate(username=username, password=password)
现在有没有更好的方法来对用户进行身份验证,例如在使用 request.user 的常规 django 视图中,而不是必须在每个视图中手动对用户进行身份验证? (已编辑)
password = request.GET.get("password")。
这是设计 Django 应用程序的一种非常脆弱的方式。
请看
顺便说一句,编写一个自定义中间件并将您的代码放在那里。
username = get_username_from_header
password = get_password_from_header
# Authenticate user to set instance.user value into BuyerForm
user = authenticate(username=username, password=password)
# Attach user to request
request.user = user
由于每个请求都通过中间件传递,因此您可以从每个视图访问用户。