一、概述
在我的项目开发中很多开发者应用 cookiecutter 来构建 Django 我的项目的初始化模版,这样节俭了大量的工夫和精力,能更疾速的开发。然而 cookiecutter 中设定的用户注册认证登陆模块 django-allauth 封装了整个模块,对前后端不拆散我的项目更敌对,然而如果前后端我的项目拆散,很多的 API 无奈应用,对开发造成很大的问题,为了解决这一问题,django-rest-auth 应运而生,凋谢出局部 API 用于用户的治理
-
特点:
- 激活用户注册
- 登入和登出
- 获取或者更新某一个用户模型~~~~
- 明码批改
- 应用 email 重设明码
- 社交媒体认证
-
构造:
- rest_auth:具备登陆、登出、明码批改和明码重设的基本功能办法
- rest_auth_registruction:具备注册和社交媒体认证的相干逻辑
二、导入和配置
(一)、只应用 django-rest-auth
- 导入:pipenv install django-rest-auth
- 把 rest_auth 注册到 THIRD_INSTALLED_APPS 或者 INSTALLED_APPS 中
- 在我的项目的一级路由中配置对应的路由
url(r'^rest-auth/', include('rest_auth.urls'))
- 执行数据迁徙:pipenv run python manage.py migrate
(二)、应用 allauth 中规范的注册性能
- 导入:pipenv install django-rest-auth[with_social]
这里须要特地留神:如果终端应用的是 zsh,必须应用引号把 django-rest-auth[with_social] 括起来,如果不括起来会报错:zsh: no matches found: django-rest-auth[with_social]
- 注册 django.contrib.sites, allauth, allauth.account, rest_auth 和 rest_auth.registration 到 INSTALLED_APPS 或者 THIRD_INSTALLED_APPS 中
- 并在配置文件中 base.py/settings.py 中设置 SITE_ID = 1
- 在我的项目一级路由中配置对应的路由
url(r'^rest-auth/', include('rest_auth.urls')),
url(r'^rest-auth/registration/', include('rest_auth.registration.urls'))
留神:路由中的 rest_auth 名字不是固定的,能够进行批改
- 执行数据迁徙:pipenv run python manage.py migrate
(三)、注册账户
- url: rest_auth/registration/
-
parameter:
- username
- password1
- password2
- 设置 EMAIL_BACKEND = ‘django.core.mail.backends.console.EmailBackend’
- request
### Registration
POST http://127.0.0.1:8000/auth/registration/ HTTP/2.0
Content-Type: application/json
{
"username": "liquhua008",
"password1": "liqh930215",
"password2": "liqh930215",
"email": "695762725@234523.com"
}
- Content-Type:application/json 必须写上,否则程序会报 415 谬误
HTTP/1.1 415 Unsupported Media Type
Date: Thu, 03 Dec 2020 02:23:15 GMT
Server: WSGIServer/0.2 CPython/3.7.0
Content-Type: application/json
Vary: Accept
Allow: POST, OPTIONS
X-Frame-Options: DENY
Content-Length: 62
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
{"detail": "Unsupported media type \"text/plain\"in request."}
-
报连贯回绝的谬误或者 CSRF 谬误
- 起因:没有设置 Token 权限
-
解决:设置权限
- 在 INSTALLED APPS 中增加 ’rest_framework.authtoken’
- 设置 REST_FRAMEWORK
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': ['rest_framework.authentication.TokenAuthentication',]
}
- 创立胜利后在终端中打印出邮件内容并返回 key
{"key": "06e7a7767b5da07257297941c29621ac842b0c9e"}
(四)、登陆用户
- url: rest_auth/login/
-
parameter:
- username
- password
- Content-Type: application/json
- 登陆胜利返回 key
HTTP/1.1 200 OK
Date: Thu, 03 Dec 2020 02:41:39 GMT
Server: WSGIServer/0.2 CPython/3.7.0
Content-Type: application/json
Vary: Accept, Cookie
Allow: POST, OPTIONS
X-Frame-Options: DENY
Content-Length: 50
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Set-Cookie: csrftoken=vppzMvcQcFpab9kFeNenX3cUVvOzaK59Cfa0JNQIpqkNxw7yiQK8XXJnrQ4YI1cd; expires=Thu, 02 Dec 2021 02:41:39 GMT; Max-Age=31449600; Path=/; SameSite=Lax,sessionid=7ngs826bws34mdjkbb6f60xsuikzjmi1; expires=Thu, 17 Dec 2020 02:41:39 GMT; HttpOnly; Max-Age=1209600; Path=/; SameSite=Lax
{"key": "1abc5ac07aab3395dfe4e832f7507250af4783a9"}
(五)、已登陆用户操作
- 创立视图,视图设置权限为 IsAuthenticated
from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework.permissions import IsAuthenticated
class UserDetailView(APIView):
permission_classes = [IsAuthenticated,]
def get(self, request, *args, **kwargs):
return Response({"email": request.user.email}, status=200)
user_detail_view = UserDetailView.as_view()
- 增加路由
from django.contrib import admin
from django.urls import path, include, re_path
from .views import (user_detail_view)
urlpatterns = [path('admin/', admin.site.urls),
re_path(r'^auth/', include('rest_auth.urls')),
re_path(r'^auth/registration/', include('rest_auth.registration.urls')),
path('me/', user_detail_view) # 获取登陆用户的邮箱
]
- 发送申请
### Me
GET http://127.0.0.1:8000/me/ HTTP/2.0
Content-Type: application/json
Authorization: Token 1abc5ac07aab3395dfe4e832f7507250af4783a9
- http 申请中必须蕴含 Authorization,内容为 Token 登陆后返回的 key,如果不写 token key
HTTP/1.1 401 Unauthorized
Date: Thu, 03 Dec 2020 02:50:18 GMT
Server: WSGIServer/0.2 CPython/3.7.0
Content-Type: application/json
WWW-Authenticate: Token
Vary: Accept
Allow: GET, HEAD, OPTIONS
X-Frame-Options: DENY
Content-Length: 58
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
{"detail": "Authentication credentials were not provided."}
- 胜利返回须要获取的内容
相干介绍视频:JustDjango 的 dajngo-rest-auth