Django-rest-auth :如何刷新令牌？

Question

我使用Django-rest进行身份验证(https://django-rest-auth.readthedocs.io)。但是，当我注册一个新帐户时，api会向我发回一个令牌，这个令牌以后永远不会更改。为了获得更多的安全性，我如何在每次登录时都有一个新的令牌？

Answer 1

如果您正在使用API，请以这种方式构造您的代码。

class LoginAPIView(GenericAPIView):
    serializer_class = LoginFormSerializer

    @csrf_exempt
    def post(self, request):
       serializer = LoginFormSerializer(data=request.data)
       if not serializer.is_valid():
          return error_message(message=MessageKey.ERROR_MISSING_USERNAME_OR_PASSWORD.value)

       username = serializer.data['username']
       password = serializer.data['password']
       try:
           user = authenticate(username=username, password=password)
           if not user:
              return error_message(message=MessageKey.ERROR_INVALID_USERNAME_OR_PASSWORD.value)
           if user.record_status == RecordStatus.ACTIVE.name:
              # Create a new auth token using your token service
              auth_token = create_auth_token(user)
            
              user_serializer = UserSerializer(user)
              user_data = user_serializer.data
              user_data['auth_token'] = str(auth_token[0])
              data = generate_user_account_profile(language, user, user_data)
              return success_message(data=data)
           else:
             return error_message(MessageKey.ERROR_INVALID_USERNAME_OR_PASSWORD.value)
        except Exception as ex:
           traceback.print_exc()
           return error_message(MessageKey.ERROR_DEFAULT_ERROR_MESSAGE.value)

所述功能create_auth_token(用户)可构造为折页；

def create_auth_token(user):
    """
    This is used to create or update an auth token
    :param user:
    :return:
    """
    try:
        token = Token.objects.filter(user=user)
        if not token:
            token = Token.objects.get_or_create(user=user)
        else:
            token = Token.objects.filter(user=user)
            new_key = token[0].generate_key()

            # Encrypt random string using SHA1
            sha1_algorithm = hashlib.sha1()
            sha1_algorithm.update(new_key.encode('utf-8'))
            first_level_value = sha1_algorithm.hexdigest()

            # Encrypt random string using MD5
            md5_algorithm = hashlib.md5()
            md5_algorithm.update(first_level_value.encode('utf-8'))
            second_level_value = md5_algorithm.hexdigest()

            token.update(key=second_level_value)
        return token
    except Exception as ex:
        logging.error(msg=f'Failed to create auth token {ex}', stacklevel=logging.CRITICAL)
        pass

注意:这可以调整以适合您选择的任何地方，即您可以调整它以在您的view.py文件、服务等中工作。