Django back-end login configuration Django back-end login configuration D J A n- G O rear end of the registration record with counter
1. Create webauth app
2. Register authweb in settings
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'apps.drf_demo',
'apps.webauth',
]
3. Register a custom user model in models in webauth
pip install django-shortuuidfield -i http://pypi.douban.com/simple/ --trusted-host pypi.douban.com
pip install pyjwt -i http://pypi.douban.com/simple/ --trusted-host pypi.douban.com
#encoding: utf-8
from django.contrib.auth.models import AbstractBaseUser,PermissionsMixin,BaseUserManager
from shortuuidfield import ShortUUIDField
from django.db import models
class UserManager(BaseUserManager):
def _create_user(self,telephone,username,password,**kwargs):
if not telephone:
raise ValueError('请传入手机号码!')
if not username:
raise ValueError('请传入用户名!')
if not password:
raise ValueError('请传入密码!')
user = self.model(telephone=telephone,username=username,**kwargs)
user.set_password(password)
user.save()
return user
def create_user(self,telephone,username,password,**kwargs):
kwargs['is_superuser'] = False
return self._create_user(telephone,username,password,**kwargs)
def create_superuser(self,telephone,username,password,**kwargs):
kwargs['is_superuser'] = True
kwargs['is_staff'] = True
return self._create_user(telephone,username,password,**kwargs)
class User(AbstractBaseUser,PermissionsMixin):
# 我们不使用默认的自增长的主键
# id:100,101,102,103
# uuid/shortuuid
# Shortuuidfield:pip install django-shortuuidfield
uid = ShortUUIDField(primary_key=True)
telephone = models.CharField(max_length=11,unique=True)
email = models.EmailField(unique=True,null=True)
username = models.CharField(max_length=100)
is_active = models.BooleanField(default=True)
is_staff = models.BooleanField(default=False)
data_joined = models.DateTimeField(auto_now_add=True)
USERNAME_FIELD = 'telephone'
# telephone,username,password
REQUIRED_FIELDS = ['username']
EMAIL_FIELD = 'email'
objects = UserManager()
def get_full_name(self):
return self.username
def get_short_name(self):
return self.username
4. Configure AUTH_USER_MODEL in setting
AUTH_USER_MODEL = "webauth.User"
5. Mapping to the database
makemigrations
migrate
6. Realization of background login logic
In the first webauth
after adding weight authentications.py
andserializers.py
import jwt
from django.conf import settings
from rest_framework.authentication import BaseAuthentication,get_authorization_header
from rest_framework import exceptions
from django.contrib.auth import get_user_model
from jwt.exceptions import ExpiredSignatureError
MTUser = get_user_model()
import time
def generate_jwt(user):
expire_time = int(time.time() + 60*60*24*7)
return jwt.encode({
"userid":user.pk,"exp":expire_time},key=settings.SECRET_KEY)
class JWTAuthentication(BaseAuthentication):
keyword = 'JWT'
def authenticate(self, request):
auth = get_authorization_header(request).split()
if not auth or auth[0].lower() != self.keyword.lower().encode():
return None
if len(auth) == 1:
msg = "不可用的JWT请求头!"
raise exceptions.AuthenticationFailed(msg)
elif len(auth) > 2:
msg = '不可用的JWT请求头!JWT Token中间不应该有空格!'
raise exceptions.AuthenticationFailed(msg)
try:
jwt_token = auth[1]
jwt_info = jwt.decode(jwt_token,settings.SECRET_KEY)
userid = jwt_info.get('userid')
try:
# 绑定当前user到request对象上
user = MTUser.objects.get(pk=userid)
return user, jwt_token
except:
msg = '用户不存在!'
raise exceptions.AuthenticationFailed(msg)
except ExpiredSignatureError:
msg = "JWT Token已过期!"
raise exceptions.AuthenticationFailed(msg)
from rest_framework.serializers import ModelSerializer
from .models import User
class UserSerializer(ModelSerializer):
class Meta:
model = User
exclude = ['password']
Write login logic in cms view.py
from rest_framework.views import APIView
from rest_framework.authtoken.serializers import AuthTokenSerializer
from django.utils.timezone import now
from apps.webauth.authentications import generate_jwt
from apps.webauth.serializers import UserSerializer
from rest_framework.response import Response
class LoginView(APIView):
def post(self,request):
serializer = AuthTokenSerializer(data=request.data)
if serializer.is_valid():
user = serializer.validated_data.get('user')
user.last_login = now()
user.save()
token = generate_jwt(user)
user_serializer = UserSerializer(user)
return Response({
"token":token,"user":user_serializer.data})
else:
return Response({
"message":"用户名或密码错误"})
Configure urls
from django.urls import path
from .views import LoginView
app_name = 'cms'
urlpatterns = [
path('login',LoginView.as_view(),name="login")
]
Configure the main urls
from django.contrib import admin
from django.urls import path,include
urlpatterns = [
path('cms/', include("apps.cms.urls")),
path('drf_demo/', include('apps.drf_demo.urls')),
]
Create test data
createsuperuser --username admin --telephone 18896653148
Use PostMan for testing
http://127.0.0.1:8000/cms/login