[Django] User login and logout, determine whether the user is logged in

We can use Django's authentication function to manage user login and logout

1.login() login

The login() function requires two parameters: request and user. It will write the user's information to the session and store the sessionid in the cookie

users.views.py (register, log in after registration)

from django.contrib.auth import login  # 导入登录
from django import http

# 注册，注册完之后即登录
class RegisterView(View):
    def post(self,request):
	# 注册用户
		try:
		    user = User.objects.create_user(username="laowang",password="123456",mobile="10086")
		except Exception as e:
		    return http.JsonResponse({
    
    'code': 400, 'errmsg': '注册失败!'})
		
		# 如果注册成功，让用户保持登录
		login(request, user)
		
		# 一般我们会自己决定登录有效期，比如说14天
		response = http.JsonResponse({
    
    "code":0,"errmsg":"注册成功"})
        response.set_cookie("username",user.username,max_age=3600*24*14)
        return response 

users.views.py (normal login)

# 导入Django的认证模块
from django.contrib.auth import login, authenticate
from django import http

class LoginView(View):
    def post(self, request):
    	 # 校验用户名和密码是否正确
    	 user = authenticate(request,username=username,password=password)
         if user is None:
            return http.JsonResponse({
    
    "code":400,"errmsg":"用户或密码错误"})
	   	 login(request, user)  # 校验完正确性之后登录
	   	 # 判断用户是否勾选记住登录
	   	  if remembered != True:
	           # 如果没有记住，session在关闭浏览器后立刻失效
	           request.session.set_expiry(0)
	      else:
	           # 如果记住，设置session有效期为14天（默认）
	          request.session.set_expiry(None)
	      response = http.JsonResponse({
    
    'code': 0, 'errmsg': 'ok'})
	      # 在cookie中设置用户名，用作前端页面展示
	      response.set_cookie(key='username', value=user.username, max_age=3600 * 24 * 14)
	      return response

The above code uses an authenticate() method for verification, which will only filter and find users based on the username field, so we need to rewrite this method to complete the custom verification function

users/utils.py

from django.contrib.auth.backends import ModelBackend
from django.db.models import Q # 借助Q对象，实现用户名、手机号或email都可以登录
from .models import User

# 继承Django默认的认证后端
class UsernameMobileAuthBackend(ModelBackend):
    def authenticate(self, request, username=None, password=None, **kwargs):
        try:
            user = User.objects.get(
                # username=="18588269037" or mobile=="18588269037"
                Q(username=username) |  Q(mobile=username) | Q(email=username)
            )
        except User.DoesNotExist as e:
            return None # 用户名找不到，返回None表示认证失败

        # 若找到了，再校验密码
        if user.check_password(password):
            return user

Declare the use of a custom authentication backend in the configuration file

# 指定自定义的用户认证后端:
AUTHENTICATION_BACKENDS = [
    'apps.users.utils.UsernameMobileAuthBackend'
]

2.logout() logout

users.views.py

from django.contrib.auth import logout

class LogoutView(View):
	# 前端用DELETE方式发起请求
    def delete(self, request):
        # logout()，会清理 session
        logout(request)
        response = http.JsonResponse({
    
    'code':0, 'errmsg':'ok'})
        # 手动删除返回的cookie
        response.delete_cookie('username')
        return response

3. Determine whether the user is logged in

We can use the LoginRequiredMixin provided by Django to determine whether the user is logged in, but,

The system comes with LoginRequiredMixin in case the user is not logged in, the return is redirected to a login operation, but we are here to develop separate front and rear ends, only to return a json data to the front end can be, so we need to inherit rewrite handle_no_permission ()method

meiduo_mall.utils.views.py

from django.contrib.auth.mixins import LoginRequiredMixin
from django import http

# 继承LoginRequiredMixin类，重写handle_no_permission()方法
class LoginRequiredJSONMixin(LoginRequiredMixin):
	# 若用户未登录，直接返回json给前端
    def handle_no_permission(self):
        return http.JsonResponse({
    
    'code': 400, 'errmsg': '用户未登录'})

users.views.py

from meiduo_mall.utils.views import LoginRequiredJSONMixin

class UserInfoView(LoginRequiredJSONMixin, View):
    def get(self, request):
        return http.JsonResponse({
    
    
            "code":0,
            "errmsg":"ok",
            "info_data":{
    
    
                "username":request.user.username,
                "mobile":request.user.mobile,
                "email":request.user.email,
            }
        })

Supplementary note:

If you do not inherit LoginRequiredMixin, you can also judge whether the user is logged in according to request.user

1.request.user is the user object currently logged in

2. If the user is not logged in, request.user is an AnonymousUser object (anonymous user)

3.request.user.is_authenticated can determine whether you have logged in, the return value is True to indicate that you have logged in, and False is not to log in