我如何使用tastypielogin到Django
我想重写is_authenticated在我的自定义身份validation。 我有一些简单的(开始)像这样:
class MyAuthentication(BasicAuthentication): def __init__(self, *args, **kwargs): super(MyAuthentication, self).__init__(*args, **kwargs) def is_authenticated(self, request, **kwargs): return True 然后在我的ModelResource中
class LoginUserResource(ModelResource): class Meta: resource_name = 'login' queryset = User.objects.all() excludes = ['id', 'email', 'password', 'is_staff', 'is_superuser'] list_allowed_methods = ['post'] authentication = MyAuthentication() authorization = DjangoAuthorization()
我一直得到一个500错误返回"error_message": "column username is not unique" 。 我只有一个用户名在数据库中,这是我想要validation的用户。
任何想法,为什么它返回这个错误? 我将如何让api客户端login?
谢谢您的帮助。
您的方法将尝试使用您正在进行身份validation的用户名创build新用户。 正如你所注意到的,这将会在数据库层出现,这样的用户已经存在。
你想要的是创build一个UserResource ,在其上添加一个方法,用户可以发送和使用用户名/密码传递的数据login。
from django.contrib.auth.models import User from django.contrib.auth import authenticate, login, logout from tastypie.http import HttpUnauthorized, HttpForbidden from django.conf.urls import url from tastypie.utils import trailing_slash class UserResource(ModelResource): class Meta: queryset = User.objects.all() fields = ['first_name', 'last_name', 'email'] allowed_methods = ['get', 'post'] resource_name = 'user' def override_urls(self): return [ url(r"^(?P<resource_name>%s)/login%s$" % (self._meta.resource_name, trailing_slash()), self.wrap_view('login'), name="api_login"), url(r'^(?P<resource_name>%s)/logout%s$' % (self._meta.resource_name, trailing_slash()), self.wrap_view('logout'), name='api_logout'), ] def login(self, request, **kwargs): self.method_check(request, allowed=['post']) data = self.deserialize(request, request.raw_post_data, format=request.META.get('CONTENT_TYPE', 'application/json')) username = data.get('username', '') password = data.get('password', '') user = authenticate(username=username, password=password) if user: if user.is_active: login(request, user) return self.create_response(request, { 'success': True }) else: return self.create_response(request, { 'success': False, 'reason': 'disabled', }, HttpForbidden ) else: return self.create_response(request, { 'success': False, 'reason': 'incorrect', }, HttpUnauthorized ) def logout(self, request, **kwargs): self.method_check(request, allowed=['get']) if request.user and request.user.is_authenticated(): logout(request) return self.create_response(request, { 'success': True }) else: return self.create_response(request, { 'success': False }, HttpUnauthorized)
现在你可以发送一个POST到http://hostname/api/user/login with data { 'username' : 'me', 'password' : 'l33t' } 。
此更新消除了GET方法的安全问题。 适用于Django 1.5.4。
class UserResource(ModelResource): class Meta: queryset = User.objects.all() resource_name = 'user' allowed_methods = ['post'] def prepend_urls(self): return [ url(r"^user/login/$", self.wrap_view('login'), name="api_login"), url(r"^user/logout/$", self.wrap_view('logout'), name='api_logout'), ] def login(self, request, **kwargs): self.method_check(request, allowed=['post']) data = self.deserialize(request, request.raw_post_data, format=request.META.get('CONTENT_TYPE', 'application/json')) username = data.get('username', '') password = data.get('password', '') user = authenticate(username=username, password=password) if user: if user.is_active: login(request, user) return self.create_response(request, { 'success': True }) else: return self.create_response(request, { 'success': False, 'reason': 'disabled', }, HttpForbidden ) else: return self.create_response(request, { 'success': False, 'reason': 'incorrect', }, HttpUnauthorized ) def logout(self, request, **kwargs): self.method_check(request, allowed=['post']) if request.user and request.user.is_authenticated(): logout(request) return self.create_response(request, { 'success': True }) else: return self.create_response(request, { 'success': False }, HttpUnauthorized)
