一、概述

在我的项目开发中很多开发者应用cookiecutter来构建Django我的项目的初始化模版,这样节俭了大量的工夫和精力,能更疾速的开发。然而cookiecutter中设定的用户注册认证登陆模块django-allauth封装了整个模块,对前后端不拆散我的项目更敌对,然而如果前后端我的项目拆散,很多的API无奈应用,对开发造成很大的问题,为了解决这一问题,django-rest-auth应运而生,凋谢出局部API用于用户的治理

  • 特点:

    • 激活用户注册
    • 登入和登出
    • 获取或者更新某一个用户模型~~~~
    • 明码批改
    • 应用email重设明码
    • 社交媒体认证

  • 构造:

    • rest_auth:具备登陆、登出、明码批改和明码重设的基本功能办法
    • rest_auth_registruction:具备注册和社交媒体认证的相干逻辑

二、导入和配置

(一)、只应用django-rest-auth

  • 导入: pipenv install django-rest-auth
  • 把rest_auth注册到THIRD_INSTALLED_APPS或者INSTALLED_APPS中
  • 在我的项目的一级路由中配置对应的路由
url(r'^rest-auth/', include('rest_auth.urls'))
  • 执行数据迁徙:pipenv run python manage.py migrate

(二)、应用allauth中规范的注册性能

  • 导入:pipenv install django-rest-auth[with_social]
这里须要特地留神:如果终端应用的是zsh,必须应用引号把django-rest-auth[with_social]括起来,如果不括起来会报错:zsh: no matches found: django-rest-auth[with_social]
  • 注册django.contrib.sites, allauth, allauth.account, rest_auth和rest_auth.registration到INSTALLED_APPS或者THIRD_INSTALLED_APPS中
  • 并在配置文件中base.py/settings.py中设置SITE_ID = 1
  • 在我的项目一级路由中配置对应的路由
url(r'^rest-auth/', include('rest_auth.urls')),    url(r'^rest-auth/registration/', include('rest_auth.registration.urls'))
留神:路由中的rest_auth名字不是固定的,能够进行批改
  • 执行数据迁徙:pipenv run python manage.py migrate

(三)、注册账户

  • url: rest_auth/registration/

  • parameter:

    • username
    • password1
    • password2
    • email
  • 设置EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
  • request
### RegistrationPOST http://127.0.0.1:8000/auth/registration/ HTTP/2.0Content-Type: application/json{  "username": "liquhua008",  "password1": "liqh930215",  "password2": "liqh930215",  "email": "695762725@234523.com"}
  • Content-Type:application/json必须写上,否则程序会报415谬误
HTTP/1.1 415 Unsupported Media TypeDate: Thu, 03 Dec 2020 02:23:15 GMTServer: WSGIServer/0.2 CPython/3.7.0Content-Type: application/jsonVary: AcceptAllow: POST, OPTIONSX-Frame-Options: DENYContent-Length: 62X-Content-Type-Options: nosniffReferrer-Policy: same-origin{  "detail": "Unsupported media type \"text/plain\" in request."}

  • 报连贯回绝的谬误或者CSRF谬误

    • 起因:没有设置Token权限

    • 解决:设置权限

      • 在INSTALLED APPS中增加'rest_framework.authtoken'
      • 设置REST_FRAMEWORK
REST_FRAMEWORK = {    'DEFAULT_AUTHENTICATION_CLASSES': [        'rest_framework.authentication.TokenAuthentication',    ]}
  • 创立胜利后在终端中打印出邮件内容并返回key

{  "key": "06e7a7767b5da07257297941c29621ac842b0c9e"}

(四)、登陆用户

  • url: rest_auth/login/

  • parameter:

    • username
    • password
    • email
  • Content-Type: application/json
  • 登陆胜利返回key
HTTP/1.1 200 OKDate: Thu, 03 Dec 2020 02:41:39 GMTServer: WSGIServer/0.2 CPython/3.7.0Content-Type: application/jsonVary: Accept, CookieAllow: POST, OPTIONSX-Frame-Options: DENYContent-Length: 50X-Content-Type-Options: nosniffReferrer-Policy: same-originSet-Cookie: csrftoken=vppzMvcQcFpab9kFeNenX3cUVvOzaK59Cfa0JNQIpqkNxw7yiQK8XXJnrQ4YI1cd; expires=Thu, 02 Dec 2021 02:41:39 GMT; Max-Age=31449600; Path=/; SameSite=Lax,sessionid=7ngs826bws34mdjkbb6f60xsuikzjmi1; expires=Thu, 17 Dec 2020 02:41:39 GMT; HttpOnly; Max-Age=1209600; Path=/; SameSite=Lax{  "key": "1abc5ac07aab3395dfe4e832f7507250af4783a9"}

(五)、已登陆用户操作

  • 创立视图,视图设置权限为IsAuthenticated
from rest_framework.views import APIViewfrom rest_framework.response import Responsefrom rest_framework.permissions import IsAuthenticatedclass UserDetailView(APIView):    permission_classes = [IsAuthenticated, ]    def get(self, request, *args, **kwargs):        return Response({"email": request.user.email}, status=200)user_detail_view = UserDetailView.as_view()
  • 增加路由
from django.contrib import adminfrom django.urls import path, include, re_pathfrom .views import (    user_detail_view)urlpatterns = [    path('admin/', admin.site.urls),    re_path(r'^auth/', include('rest_auth.urls')),    re_path(r'^auth/registration/', include('rest_auth.registration.urls')),    path('me/', user_detail_view) # 获取登陆用户的邮箱]
  • 发送申请
### MeGET http://127.0.0.1:8000/me/ HTTP/2.0Content-Type: application/jsonAuthorization: Token 1abc5ac07aab3395dfe4e832f7507250af4783a9
  • http申请中必须蕴含Authorization,内容为 Token 登陆后返回的key,如果不写token key
HTTP/1.1 401 UnauthorizedDate: Thu, 03 Dec 2020 02:50:18 GMTServer: WSGIServer/0.2 CPython/3.7.0Content-Type: application/jsonWWW-Authenticate: TokenVary: AcceptAllow: GET, HEAD, OPTIONSX-Frame-Options: DENYContent-Length: 58X-Content-Type-Options: nosniffReferrer-Policy: same-origin{  "detail": "Authentication credentials were not provided."}
  • 胜利返回须要获取的内容

相干介绍视频:JustDjango的dajngo-rest-auth