Django JWT Token RestfulAPI用户认证详解_Python

一般情况下我们Django默认的用户系统是满足不了我们的需求的，那么我们会对他做一定的扩展

创建用户项目

				?

									python manage.py startapp users

添加项目apps

settings.py

				?

									INSTALLED_APPS = [

									 ...

									 'users.apps.UsersConfig',

									]

									添加AUTH_USRE_MODEL 替换默认的user

									AUTH_USER_MODEL = 'users.UserProfile'

									如果说想用全局认证需要在配置文件中添加

									# 全局认证from rest_framework.authentication import TokenAuthentication,BasicAuthentication,SessionAuthentication

									REST_FRAMEWORK = {

									 'DEFAULT_AUTHENTICATION_CLASSES': (

									  # 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', # 全局认证，开源jwt

									  'rest_framework.authentication.BasicAuthentication',

									  'rest_framework.authentication.SessionAuthentication',

									  # 'rest_framework.authentication.TokenAuthentication', #全局认证drf 自带的

									 )

									}

编写model

扩展User model

				?

									from django.contrib.auth.models import AbstractUser

									from django.db import models

									class UserProfile(AbstractUser):

									 """

									 用户

									 """

									 name = models.CharField(max_length=30, null=True, blank=True, verbose_name="姓名")

									 birthday = models.DateField(null=True, blank=True, verbose_name="出生年月")

									 gender = models.CharField(max_length=6, choices=(("male", u"男"), ("female", "女")), default="female", verbose_name="性别")

									 mobile = models.CharField(null=True, blank=True, max_length=11, verbose_name="电话")

									 email = models.EmailField(max_length=100, null=True, blank=True, verbose_name="邮箱")

									 class Meta:

									  verbose_name = "用户"

									  verbose_name_plural = verbose_name

									 def __str__(self):

									  return self.username

编写serializers.py

				?

									from rest_framework import serializers

									from users.models import VerifyCode

									class VerifyCodeSerializer(serializers.ModelSerializer):

									 class Meta:

									  model = VerifyCode

									  fields = "__all__"

编写views 动态验证不同的请求使用不同的验证

views.py测试

				?

									from django.shortcuts import render

									from rest_framework import mixins, viewsets

									from rest_framework.views import APIView

									from users.models import VerifyCode

									from .serializers import VerifyCodeSerializer

									# Create your views here.

									from rest_framework.authentication import TokenAuthentication,BasicAuthentication,SessionAuthentication

									from rest_framework_jwt.authentication import JSONWebTokenAuthentication

									class VerifyCodeListViewSet(mixins.ListModelMixin,mixins.RetrieveModelMixin, viewsets.GenericViewSet):

									 """

									 验证码列表

									 """

									 queryset = VerifyCode.objects.all()

									 serializer_class = VerifyCodeSerializer

									 # authentication_classes = [TokenAuthentication, ]

									 # authentication_classes = [JSONWebTokenAuthentication, ]

									 # JWT 认证 加密，过期时间

									 def get_authenticators(self):

									  """

									  Instantiates and returns the list of authenticators that this view can use.

									  # 修改验证

									  """

									  # 动态认证

									  print(self.authentication_classes)

									  print([JSONWebTokenAuthentication, ])

									  if self.action_map['get'] == "retrieve":

									   self.authentication_classes = [BasicAuthentication,SessionAuthentication,]

									  elif self.action_map['get'] == "list":

									   self.authentication_classes = [JSONWebTokenAuthentication,]

									  return [auth() for auth in self.authentication_classes]

									 # DRF 自带的认证 不过期，易发生xss攻击

									 # def get_authenticators(self):

									 #  """

									 #  Instantiates and returns the list of authenticators that this view can use.

									 #  # 修改验证

									 #  """

									 #  print(self.authentication_classes)

									 #  print([JSONWebTokenAuthentication, ])

									 #  if self.action_map['get'] == "retrieve":

									 #   self.authentication_classes = [BasicAuthentication,SessionAuthentication,]

									 #  elif self.action_map['get'] == "list":

									 #   self.authentication_classes = [JSONWebTokenAuthentication,]

									 #  return [auth() for auth in self.authentication_classes]

									 def get_queryset(self):

									　　　　 # 取出认证信息

									  print(self.request.auth)

									  # print(self.action)

									  return self.queryset

									 # url

									"""untitled URL Configuration

									The `urlpatterns` list routes URLs to views. For more information please see:

									 https://docs.djangoproject.com/en/1.10/topics/http/urls/

									Examples:

									Function views

									 1. Add an import: from my_app import views

									 2. Add a URL to urlpatterns: url(r'^$', views.home, name='home')

									Class-based views

									 1. Add an import: from other_app.views import Home

									 2. Add a URL to urlpatterns: url(r'^$', Home.as_view(), name='home')

									Including another URLconf

									 1. Import the include() function: from django.conf.urls import url, include

									 2. Add a URL to urlpatterns: url(r'^blog/', include('blog.urls'))

									"""

									from rest_framework.authtoken import views

									from rest_framework_jwt.views import obtain_jwt_token

									from django.conf.urls import url, include

									from django.contrib import admin

									from rest_framework import routers

									from users.views import VerifyCodeListViewSet

									router = routers.DefaultRouter()

									router.register(r'codes', VerifyCodeListViewSet, 'codes')

									urlpatterns = [

									 url(r'^admin/', admin.site.urls),

									 url(r'^api-auth/', include('rest_framework.urls'))

									]

									urlpatterns += [

									 # drf 自带的

									 url(r'^api-token-auth/', views.obtain_auth_token),

									 # jwt 认证

									 url(r'^jwt_auth/', obtain_jwt_token),

									]

									urlpatterns += router.urls