如何访问(询问)用户登录令牌
如何访问(询问)用户登录令牌
提问于 2016-09-05 15:14:15
我已经将Django Rest框架用于Rest,使用django-oauth工具包进行基于令牌的身份验证。我已经为用户注册设计了api。注册用户时,生成一个令牌并将其保存到数据库中。我要用户从那个令牌登录。我指的是基于令牌的身份验证,因为我想开发一个移动应用程序。在发送登录请求时,我可以使用curl获得access_token,但是如何实现视图,以便应用程序向127.0.0.1:8000/o/令牌发送post请求,请求令牌,以便请求包含用户名、密码、client_id和client_secret。然后,服务器接收凭据,如果它们有效,则返回access_token。其余的时间,它应该使用这个令牌来查询服务器。
views.py
class UserLoginAPI(APIView):
permission_classes = [AllowAny]
serializer_class = UserLoginSerializer
def post(self, request, *args, **kwargs):
access_token = AccessToken.objects.get(token=request.POST.get('access_token'), expires__gt=timezone.now()) # error is shown here. I get None
data = request.data
serializer = UserLoginSerializer(data=data)
if serializer.is_valid(raise_exception=True):
new_data = serializer.data
return Response(new_data, status=status.HTTP_200_OK)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)serializers.py
class UserCreateSerializer(ModelSerializer):
class Meta:
model = User
extra_kwargs = {"password": {"write_only": True}}
def create(self, validated_data):
username = validated_data['username']
first_name = validated_data['first_name']
last_name = validated_data['last_name']
email = validated_data['email']
password = validated_data['password']
confirm_password = validated_data['password']
user_obj = User(
username = username,
first_name = first_name,
last_name = last_name,
email = email
)
user_obj.set_password(password)
user_obj.save()
if user_obj:
expire_seconds = oauth2_settings.user_settings['ACCESS_TOKEN_EXPIRE_SECONDS']
scopes = oauth2_settings.user_settings['SCOPES']
application = Application.objects.get(name="Foodie")
expires = datetime.now() + timedelta(seconds=expire_seconds)
access_token = AccessToken.objects.create(user=user_obj,
application=application,
token = generate_token(),
expires=expires,
scope=scopes)
return validated_data
class UserLoginSerializer(ModelSerializer):
# token = CharField(allow_blank=True, read_only=True)
username = CharField()
class Meta:
model = User
fields = [
'username',
'password',
# 'token',
]
extra_kwargs = {"password":
{"write_only": True}
}回答 1
Stack Overflow用户
发布于 2016-09-06 03:47:54
因此,如果您希望api获得令牌,则取决于用户名和密码,如下所示:
def get_token(request):
username = request.POST.get("username")
password = request.POST.get("password")
.... # other parameters
try:
user = User.objects.get(username=username, password=password)
except ObjectDoesNotExist:
return HttpResponse("Can't find this user")
else:
try:
access_token = AccessToken.objects.get(user=user)
except ObjectDoesNotExist:
return HttpResponse("Haven't set any token")
else:
return HttpResponse(access_token)如果要使用DRF处理此问题,请执行以下操作:
@api_view(['POST'])
def get_token(request):
# get token by query just like above
serializer = TokenSerializer(data=access_token.token) #you can pass more parameters to data if you want, but you also have to edit your TokenSerializer
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)你的TokenSerializer:
class TokenSerializer(ModelSerializer):
class Meta:
model = AccessToken
field = (token,)编辑
那得看情况
- Web上,您可以在cookie中发布您的用户名和密码来登录api,您的浏览器存储会话。
- 移动,您发布您的用户名和密码登录api,服务器响应令牌,然后您将它存储在您的手机,也许是密钥链,当您正在开发IOS app.And发送它作为http报头时,您想访问服务器,how-can-i-get-all-the-request-headers-in-django。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/39333514
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号