使用Django REST框架的JWT身份验证，使用otp获取api令牌

Question

我有一个自定义的用户登录，我使用移动动态口令验证，而不是通过我的project.need使用任何django用户模型通过动态口令验证jwt django restframework。请帮我弄一下这个。谢谢

Answer 1

首先发送动态口令，然后将其保存到数据库中。

class LoginView(APIView):
    def post(self, request, format=None):
        data = request.data
        response = Response()       
        username = data.get('username', None)
        password = data.get('password', None)
        user = authenticate(username=username,password=password)
        if user is not None:
            if user.is_active:
                if user.two_step_verification:

                    GENERATE OTP HERE AND SAVE THIS IN USER MODEL...

                    user.otp = 'YOUR OTP'
                    user.save(update_fields=['otp',]) 
                    
                    SEND OTP HERE...                       
             
                    return Response({"send":"Two step verification OTP successfully send!!!"},status = status.HTTP_200_OK) 
            else:
                return Response({"No active" : "This account is not active!!"},status=status.HTTP_404_NOT_FOUND)
        else:
            return Response({"Invalid" : "Invalid username or password!!"},status=status.HTTP_404_NOT_FOUND)

然后验证这一点。这里我使用的是rest_framework_simplejwt

from rest_framework_simplejwt.tokens import RefreshToken

@api_view(['POST'])
@permission_classes([AllowAny,])
def two_step_otp_Verify(request,otp):
    try:
        user = User.objects.get(otp = otp,is_active = True)
        verify = 'VERIFY YOUR OTP HERE'
        if verify:
            response = Response()
            user.otp = None
            user.last_login = timezone.now()
            user.save()
            refresh = RefreshToken.for_user(user)
            
            response.set_signed_cookie(
                       key = 'ACCESS_TOKEN', 
                       value = str(refresh.access_token),
                       .....
                       )
            #ORRRRRRRRRRRRRRRRRRRRRRR
            login(request, user)
            
            response.data = {"Success" : "Login successfully"}
            return response
        else:
            return Response({"Time out" : "Given otp is expired!!"}, status=status.HTTP_408_REQUEST_TIMEOUT)
    except:
        return Response({"No User" : "Invalid otp OR No any active user found for given otp"}, status=status.HTTP_400_BAD_REQUEST)