Source code analysis
1) first find APIView of dispath (self, request, * args, ** kwargs).
2) into three authentication self.initial (request, * args, ** kwargs) within dispath method.
self.perform_authentication (Request) # authentication component: check users - tourists, legitimate users of illegal users # guests: representatives of the check is passed directly to the next check (check the permissions) # legitimate users: on behalf of verification by the request.user stored in the user, and then enter the next check (check the permissions) # unauthorized users: on behalf of the check fails, an exception is thrown, return 403 permissions abnormal results self.check_permissions (Request) # privilege components: check user rights - must log all user, login to read and write tourists read-only, custom user roles # authentication: You can enter the next check (frequency certification) # authentication failure: an exception is thrown, return 403 permissions abnormal results self.check_throttles ( Request) # frequency components: limiting the number of frequency view of the interface to be accessed - condition (IP, id, a unique key) to limit the frequency cycle time (s, m, h), times (3 / s) frequency # does not reach the limit times: normal access interface # achieve limited time: can not access the restricted hours, the time limit is reached can revisit
3) certified components.
=== Method get method Request class of user attributes> self._authenticate () completes the authentication. user (self) calls the get method; user (self, value) method calls the set.
Certified Rules: # do certification DEF _authenticate (Self): # traversing get one authenticator, authentication # certification class object pile certification class self.authenticators configured to generate a composition List for Authenticator in self.authenticators: the try : # Authorizer (object) calls the authentication method authenticate (certified class object self, request the requested object) # return value: tuple information of the user authentication landing composition # which is try wrapped, on behalf of the method will throw exception, throwing abnormal represents authentication failure user_auth_tuple = authenticator.authenticate (Self) the except exceptions.APIException: self._not_authenticated () the raise # returns the value of the deal ifuser_auth_tuple IS not None: self._authenticator = Authenticator # How to return a value, it will login and login authentication are saved to request.user, request.auth self.user, self.auth = user_auth_tuple return # If the return value is null user_auth_tuple representatives of certification through, but there is no user login authentication and login information, on behalf of tourists self._not_authenticated ()