1.1、什么是Django自带的用户系统?
Django内置了强大的用户认证系统–auth
1.2、使用该系统有什么优势?
①、快速的进行用户注册、用户登录、用户认证、修改密码等功能。
②、缩减代码,提高效率。
1.3如何来使用自带的用户系统,(写出重要方法或配置)
第一步:系统配置用户表
在 models.py 创建用户表,导包
from django.contrib.auth.models import AbstractUser
创建用户表(用户名/密码 字段 AbstractUser自带, 根据需求添加字段)
class User(AbstractUser):
phone = models.CharField('手机号', max_length=20, null=True) # 手机号
img = models.ImageField(upload_to='user', null=True) # 短信验证码
nick_name = models.CharField('昵称', max_length=20, null=True) # 用户名称
address = models.CharField('地址', max_length=255, null=True) # 地址
email = models.CharField('邮箱', max_length=255, null=True) # 邮箱
class Meta:
db_table = 'tb_user'
在settings中指定系统验证使用的表(models)
AUTH_USER_MODEL = "表所在的文件夹名.表名"
配置完成后,便可以迁移数据库了
第二步:用户注册和登录验证功能
用户注册
## ---------------------- views.py --------------------------- ##
from rest_framework.response import Response
from rest_framework.views import APIView
from userapp.sers import *
from django_redis import get_redis_connection
class RegisterView(APIView):
def post(self, request):
username = request.data.get("username")
password = request.data.get("password")
phone = request.data.get("phone")
code = request.data.get("code")
# 验证参数
if not all([username, password, phone, code]):
return Response({"code": 4003, "msg": "参数不完整"})
# 逻辑与入库
# 3.1 验证手机验证码
redis_cli = get_redis_connection("img_code")
redis_phone_code = redis_cli.get(phone).decode("utf-8")
if int(redis_phone_code) != int(code):
return Response({"code": 4005, "msg": "参数不正确"})
# 3.2创建用户
data = request.data
ser_obj = RegisterSer(data=data)
ser_obj.is_valid()
ser_obj.save()
# 返回
return Response({"code": 0, "msg": "注册成功", "data": ser_obj.data})
# 判断 用户名和手机号是否存在
class CheckUserInfoNew(APIView):
def post(self, request):
# 获取数据
type = request.data.get("type")
data = request.data.get("data")
print(type, data)
# 数据验证
if not all([type, data]):
return Response({"code": 4009, "msg": "参数不完整"})
# 逻辑与入库
if type == "username":
count = User.objects.filter(username=data).count()
elif type == "phone":
count = User.objects.filter(phone=data).count()
else:
return Response({"code": 4005, "msg": "参数传递错误"})
# 返回
return Response({"code": 0, "msg": "查询成功", "data": {"type": type, "count": count}})
# ------------------------serializers.py -------------------- -----------#
from rest_framework import serializers
from rest_framework_jwt.settings import api_settings
from userapp.models import *
class RegisterSer(serializers.ModelSerializer):
class Meta:
model = User
fields = '__all__'
def create(self, data):
user = User.objects.create(**data)
user.set_password(data.get('password'))
user.save()
# 补充生成记录登录状态的token
jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
user.token = token
return user
用户登录
# ----------------------------- views.py ------------------------------------#
def Hqdsj(token, user=None, request=None):
'''
:param token: jwt生成的token值
:param user: User对象
:param request: 请求
'''
return {
'token': token,
'password': user.password,
'username': user.username,
'phone': user.phone,
'id': user.id
}
# ------------------------------------ settings.py --------------------------------#
REST_FRAMEWORK = {
# 身份认证
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
),
# 全局配置JWT验证设置
'DEFAULT_PERMISSION_CLASSES': (
# 'rest_framework.permissions.IsAuthenticated',
),
}
JWT_AUTH = {
'JWT_AUTH_HEADER_PREFIX': 'JWT',
'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1),
'JWT_RESPONSE_PAYLOAD_HANDLER':
'userapp.views.Hqdsj', # 重新login登录返回函数 返回的数据
}
1.4列举几个用户系统的常用方法,比如:制作密码,检查密码,登陆登陆等方法
快速的进行用户注册、用户登录、用户认证、修改密码等功能。
1.5登陆的时候如何扩充其登陆方式,**(写出重要方法或配置)
# ------------------------------------views------------------------ #
from django.db.models import Q
from django.contrib.auth.backends import ModelBackend # 验证基类
class UsernameMobileAuthBackend(ModelBackend):
# 重写验证方式
def authenticate(self, request, username=None, password=None, **kwargs):
user = User.objects.get(Q(username=username) | Q(phone=username))
if user is not None and user.check_password(password):
return user
1.6使用DRF做权限校验的时候,如何扩充权限类别,**(写出重要方法或配置)
from rest_framework.permissions import BasePermission
# 权限
class Class_2003Amision(BasePermission):
message = "你的名字需要包含666"
def has_permission(self, request, view):
# 获取 id
id = request.user.id
if id:
user_obj = User.objects.get(id=id)
if user_obj.nick_name == "666":
return True
else:
return False
else:
return False
from rest_framework.permissions import IsAuthenticated, AllowAny, IsAdminUser
class LoginUserView(APIView):
permission_classes = [IsAdminUser]
def get(self, request):
data = {
"msg": "超级管理员用户才可以访问"
}
return Response(data)
class LoginUserView1(APIView):
permission_classes = [AllowAny]
def get(self, request):
data = {
"msg": "所有用户可以访问"
}
return Response(data)
class LoginUserView2(APIView):
permission_classes = [IsAuthenticated]
def get(self, request):
data = {
"msg": "登录用户可以访问"
}
return Response(data)
class LoginUserView3(APIView):
permission_classes = [Class_2003Amision]
def get(self, request):
data = {
"msg": "权限通过"
}
return Response(data)
版权声明:本文为wen_mei原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。