table of Contents
Auth authentication module
When performing database migration that two commands, even if we do not build the table, django is not also create a lot of tables? We take a look inside After you create a table called auth_user, since it is a table, it is certainly there should be a corresponding change operation table method
Add auth_user table records
Create a super user (not manually inserted, because the password is encrypted)
Simple to use auth certification
from django.contrib import auth def login(request): if request.method == 'POST': name = request.POST.get('name') pwd = request.POST.get('pwd') user = auth.authenticate(request,username=name,password=pwd) # 类似于user=models.User.objects.filter(username=name,password=pwd).first() if user: return redirect('/home/') return render(request,'login.html')
Simply not verify the information, you also need to save the user's current successful landing of the landing state, before a cookie or by session, it is now, auth also provides you with a more useful method
if user: # 等价于request.session['name']=name auth.login(request,user) # 登陆,其实就把用户信息放到session中,跑一下验证session表
In fact, the above authentication and landing than its highlights, highlights that
# 只要登陆成功执行了auth.login(request,user) # 之后在其他任意的视图函数中都通过request.user获取当前登陆用户对象 # 当没有执行auth.login,request.user打印出来的是匿名用户。将session表数据删除即可演示改效果 # 如何判断request.user用户是否通过auth.login登陆呢?request.user.is_authenticated # 为何执行auth.login之后,其他视图函数中就可以通过request.user拿到当前登陆对象呢?想想django的中间件中有没有一个叫Auth啥的中间件,它干了件什么事,能不能推导一下?取出session去表里面查相应的数据,然后放到request.user中,点进去看一下这个中间件确实如此
Logout
auth.logout(request) # 等价于删除session数据request.session.flush()
Decorator check whether the landing and jump
from django.contrib.auth.decorators import login_required @login_required(login_url='/login/',redirect_field_name='old') # 没登陆会跳转到login页面,并且后面会拼接上你上一次想访问的页面路径/login/?next=/test/,可以通过参数修改next键名 def my_view(request): pass
If all the functions need to decorate my view and jump to the login page, then I need to write a lot of copies
# 可以在配置文件中指定auth校验登陆不合法统一跳转到某个路径 LOGIN_URL = '/login/' # 既可以局部配置,也可以全局配置
Back to the top, we are how to add data to auth_user table? ~ ~ ~ Command line is not reasonable?
from django.contrib.auth.models import User def register(request): User.objects.create() # 不能用这个,因为密码是明文 User.objects.create_user() # 创建普通用户 User.objects.create_superuser() # 创建超级用户
Check passwords, change passwords
request.user.check_password(pwd) # 为什么不直接获取查,因为前端用户输入的是明文数据库密文 request.user.set_password(pwd) request.user.save() # 修改密码
Custom application auth function model table
How to expand auth_user table?
One association (not recommended)
from django.contrib.auth.model s import User class UserDetail(models.Models): phone = models.CharField(max_length=11) user = models.OnoToOneField(to=User)
Object-oriented inheritance
from django.contrib.auth.models import User,AbstractUser class UserInfo(AbstractUser): phone = models.CharField(max_length=32) # 需要在配置文件中,指定我不再使用默认的auth_user表而是使用我自己创建的Userinfo表 AUTH_USER_MODEL = "app名.models里面对应的模型表名" """ 自定义认证系统默认使用的数据表之后,我们就可以像使用默认的auth_user表那样使用我们的UserInfo表了。 库里面也没有auth_user表了,原来auth表的操作方法,现在全部用自定义的表均可实现 """