django rest framework_jwt之认证的源码流程剖析

视图代码

 1 class UserViewset(BaseView):
 2     '''
 3         create:
 4         创建用户
 5         retrieve:
 6 
 7     '''
 8     queryset = User.objects.all()
 9     authentication_classes = (JSONWebTokenAuthentication, authentication.SessionAuthentication) #认证类
10     def get_serializer_class(self):
11         if self.action == "retrieve":
12             return UserDetailSerializer
13         elif self.action == "create":
14             return UserRegSerializer
15 
16         return UserDetailSerializer
17 
18     def get_permissions(self):
19         if self.action == "retrieve":
20             return [permissions.IsAuthenticated()]
21         elif self.action == "create":
22             return []
23 
24         return []
25 
26     def create(self, request, *args, **kwargs):
27         serializer = self.get_serializer(data=request.data)
28         serializer.is_valid(raise_exception=True)
29         user = self.perform_create(serializer)
30         re_dict = serializer.data
31         payload = jwt_payload_handler(user)
32         re_dict["token"] = jwt_encode_handler(payload)
33         re_dict["name"] = user.name if user.name else user.username
34 
35         headers = self.get_success_headers(serializer.data)
36         return Response(re_dict, status=status.HTTP_201_CREATED, headers=headers)
37 
38     def get_object(self):
39         return self.request.user
40 
41     def perform_create(self, serializer):
42         return serializer.save()

认证类JSONWebTokenAuthentication代码:

 1 class JSONWebTokenAuthentication(BaseJSONWebTokenAuthentication):
 2     """
 3     Clients should authenticate by passing the token key in the "Authorization"
 4     HTTP header, prepended with the string specified in the setting
 5     `JWT_AUTH_HEADER_PREFIX`. For example:
 6 
 7         Authorization: JWT eyJhbGciOiAiSFMyNTYiLCAidHlwIj
 8     """
 9     www_authenticate_realm = 'api'
10 
11     def get_jwt_value(self, request):
12         auth = get_authorization_header(request).split() #获取请求里面的token
13         auth_header_prefix = api_settings.JWT_AUTH_HEADER_PREFIX.lower() #获取认证方式
14 
15         if not auth:  #如果没有token就获取其cookie
16             if api_settings.JWT_AUTH_COOKIE:
17                 return request.COOKIES.get(api_settings.JWT_AUTH_COOKIE)
18             return None
19 
20         if smart_text(auth[0].lower()) != auth_header_prefix: #看看是不是jwt认证
21             return None
22 
23         if len(auth) == 1: #认证的字符必须是由空格隔开的字符
24             msg = _('Invalid Authorization header. No credentials provided.')
25             raise exceptions.AuthenticationFailed(msg)
26         elif len(auth) > 2:
27             msg = _('Invalid Authorization header. Credentials string '
28                     'should not contain spaces.')
29             raise exceptions.AuthenticationFailed(msg)
30 
31         return auth[1]
32 
33     def authenticate_header(self, request):
34         """
35         Return a string to be used as the value of the `WWW-Authenticate`
36         header in a `401 Unauthenticated` response, or `None` if the
37         authentication scheme should return `403 Permission Denied` responses.
38         """
39         return '{0} realm="{1}"'.format(api_settings.JWT_AUTH_HEADER_PREFIX, self.www_authenticate_realm) #返回响应

在父类BaseJSONWebTokenAuthentication中做认证判断:

 1 class BaseJSONWebTokenAuthentication(BaseAuthentication):
 2     """
 3     Token based authentication using the JSON Web Token standard.
 4     """
 5 
 6     def authenticate(self, request):  #开始认证
 7         """
 8         Returns a two-tuple of `User` and token if a valid signature has been
 9         supplied using JWT-based authentication.  Otherwise returns `None`.
10         """
11         jwt_value = self.get_jwt_value(request) #获取token
12         if jwt_value is None:
13             return None
14 
15         try:
16             payload = jwt_decode_handler(jwt_value) #获取用户的token的实体
17         except jwt.ExpiredSignature:
18             msg = _('Signature has expired.')
19             raise exceptions.AuthenticationFailed(msg)
20         except jwt.DecodeError:
21             msg = _('Error decoding signature.')
22             raise exceptions.AuthenticationFailed(msg)
23         except jwt.InvalidTokenError:
24             raise exceptions.AuthenticationFailed()
25 
26         user = self.authenticate_credentials(payload) #获取用户
27 
28         return (user, jwt_value)
29 
30     def authenticate_credentials(self, payload):
31         """
32         Returns an active user that matches the payload's user id and email.
33         """
34         User = get_user_model()
35         username = jwt_get_username_from_payload(payload) #获取用户名
36 
37         if not username:
38             msg = _('Invalid payload.')
39             raise exceptions.AuthenticationFailed(msg)
40 
41         try:
42             user = User.objects.get_by_natural_key(username) #获取用户
43         except User.DoesNotExist:
44             msg = _('Invalid signature.')
45             raise exceptions.AuthenticationFailed(msg)
46 
47         if not user.is_active:
48             msg = _('User account is disabled.')
49             raise exceptions.AuthenticationFailed(msg)
50 
51         return user

用户请求进来以后,首先进入dispatch函数:

 1     def dispatch(self, request, *args, **kwargs):
 2         """
 3         `.dispatch()` is pretty much the same as Django's regular dispatch,
 4         but with extra hooks for startup, finalize, and exception handling.
 5         """
 6         self.args = args
 7         self.kwargs = kwargs
 8         request = self.initialize_request(request, *args, **kwargs) #加载添加的认证类
 9         self.request = request
10         self.headers = self.default_response_headers  # deprecate?
11 
12         try:
13             self.initial(request, *args, **kwargs)  #初始化request
14 
15             # Get the appropriate handler method
16             if request.method.lower() in self.http_method_names:
17                 handler = getattr(self, request.method.lower(),
18                                   self.http_method_not_allowed)
19             else:
20                 handler = self.http_method_not_allowed
21 
22             response = handler(request, *args, **kwargs)
23 
24         except Exception as exc:
25             response = self.handle_exception(exc)
26 
27         self.response = self.finalize_response(request, response, *args, **kwargs)
28         return self.response

加载initialize_request:

 1     def initialize_request(self, request, *args, **kwargs):
 2         """
 3         Returns the initial request object.
 4         """
 5         parser_context = self.get_parser_context(request)
 6 
 7         return Request(
 8             request,
 9             parsers=self.get_parsers(),
10             authenticators=self.get_authenticators(),加载添加的认证类
11             negotiator=self.get_content_negotiator(),
12             parser_context=parser_context
13         )

初始化initial:

 1     def initial(self, request, *args, **kwargs):
 2         """
 3         Runs anything that needs to occur prior to calling the method handler.
 4         """
 5         self.format_kwarg = self.get_format_suffix(**kwargs)
 6 
 7         # Perform content negotiation and store the accepted info on the request
 8         neg = self.perform_content_negotiation(request)
 9         request.accepted_renderer, request.accepted_media_type = neg
10 
11         # Determine the API version, if versioning is in use.
12         version, scheme = self.determine_version(request, *args, **kwargs)
13         request.version, request.versioning_scheme = version, scheme
14 
15         # Ensure that the incoming request is permitted
16         self.perform_authentication(request) 开始认证
17         self.check_permissions(request)
18         self.check_throttles(request)

在request中做认证:

 1     def _authenticate(self):
 2         """
 3         Attempt to authenticate the request using each authentication instance
 4         in turn.
 5         """
 6         for authenticator in self.authenticators:
 7             try:
 8                 user_auth_tuple = authenticator.authenticate(self)
 9             except exceptions.APIException:
10                 self._not_authenticated()
11                 raise
12 
13             if user_auth_tuple is not None:
14                 self._authenticator = authenticator
15                 self.user, self.auth = user_auth_tuple
16                 return
17 
18         self._not_authenticated()

 

posted @ 2018-11-19 23:59  盈波秋水泛清涛  阅读(753)  评论(0编辑  收藏  举报