DRF、allauth和dj-rest-auth -使用非活动用户进行身份验证,不返回任何用户对象。
DRF、allauth和dj-rest-auth -使用非活动用户进行身份验证,不返回任何用户对象。
提问于 2020-07-10 07:25:41
我正在使用all-auth和dj-rest-auth通过电子邮件实现注册和登录。一切正常,但是在进行测试时,非活动用户返回无效的凭据消息而不是非活动帐户消息。在LoginSerializer中,django.contrib.auth身份验证方法似乎没有返回用户,但没有返回。以下是代码:
settings.py
AUTHENTICATION_BACKENDS = [
"django.contrib.auth.backends.AllowAllUsersModelBackend",
"allauth.account.auth_backends.AuthenticationBackend"
]
REST_AUTH_REGISTER_SERIALIZERS = {
'REGISTER_SERIALIZER': 'user.serializers.RegisterSerializer',
}
REST_AUTH_SERIALIZERS = {
'LOGIN_SERIALIZER': 'user.serializers.LoginSerializer',
'USER_DETAILS_SERIALIZER': 'user.serializers.UserDetailSerializer',
}serializers.py
class LoginSerializer(serializers.Serializer):
email = serializers.EmailField(required=True, allow_blank=False)
password = serializers.CharField(style={'input_type': 'password'})
def authenticate(self, **kwargs):
return authenticate(self.context['request'], **kwargs)
def _validate_email(self, email, password):
user = None
if email and password:
user = self.authenticate(email=email, password=password)
else:
msg = _('Must include "email" and "password".')
raise exceptions.ValidationError(msg)
return user
def validate(self, attrs):
email = attrs.get('email')
password = attrs.get('password')
user = None
if 'allauth' in settings.INSTALLED_APPS:
from allauth.account import app_settings
# Authentication through email
if app_settings.AUTHENTICATION_METHOD == app_settings.AuthenticationMethod.EMAIL:
user = self._validate_email(email, password)
# Did we get back an inactive user?
if user:
if not user.is_active:
msg = _('User account is disabled.')
raise exceptions.ValidationError(msg)
else:
msg = _('Unable to log in with provided credentials.')
raise exceptions.ValidationError(msg)
# If required, is the email verified?
if 'dj_rest_auth.registration' in settings.INSTALLED_APPS:
from allauth.account import app_settings
if app_settings.EMAIL_VERIFICATION == app_settings.EmailVerificationMethod.MANDATORY:
try:
email_address = user.emailaddress_set.get(email=user.email)
except:
raise serializers.ValidationError(_('E-mail is not registered.'))
else:
if not email_address.verified:
raise serializers.ValidationError(_('E-mail is not verified.'))
attrs['user'] = user
return attrstests.py
########################################################################
# LOG IN WITH INACTIVE USER
login_data = {
'email': 'inactive@inactive.com',
'password': '9I8u7Y6t5R4e'
}
response = self.client.post('http://localhost:8000/api/auth/login/', login_data)
self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
expected_error = {
'non_field_errors': 'User account is disabled.'
}
response_error = {
'non_field_errors': response.data['non_field_errors'][0]
}
self.assertEqual(response_error, expected_error)我错过了什么吗?
提前谢谢。
回答 1
Stack Overflow用户
发布于 2020-07-11 07:47:03
如果有人感兴趣,我发现了问题: allauth身份验证后端覆盖django模型后端。为了解决这个问题,我创建了一个从allauth后端继承的类,并添加了允许所有用户登录的函数:
backend.py
from allauth.account.auth_backends import AuthenticationBackend
class AllowAllUsersModelBackend(AuthenticationBackend):
def user_can_authenticate(self, user):
return True然后将其添加到设置中:
settings.py
AUTHENTICATION_BACKENDS = [
"user.backends.AllowAllUsersModelBackend",
]页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/62829268
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号