django项目前准备：三、方式二：Django JWT Token RestfulAPI用户认证

一般情况下我们Django默认的用户系统是满足不了我们的需求的，那么我们会对他做一定的扩展。

rest_framwork_jwt中的token认证，带过期时间。

1.创建用户项目

python manage.py users

 

2.配置用户项目，添加项目apps，在settings.py中

INSTALLED_APPS = [
    ...
    'users.apps.UsersConfig',

]
# 添加AUTH_USRE_MODEL 替换默认的user
AUTH_USER_MODEL = 'users.UserProfile'


# 如果说想用全局认证需要在配置文件中添加
# 全局认证from rest_framework.authentication import TokenAuthentication,BasicAuthentication,SessionAuthentication
REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        # 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', # 方式一：全局认证，开源jwt
        'rest_framework.authentication.BasicAuthentication',
        'rest_framework.authentication.SessionAuthentication',
        # 'rest_framework.authentication.TokenAuthentication', # 方式二：全局认证drf 自带的

    )
}

# settings.py文件

 

3.扩展User model，在models.py文件中

from django.contrib.auth.models import AbstractUser
from django.db import models


class UserProfile(AbstractUser):
    """
    用户
    """
    name = models.CharField(max_length=30, null=True, blank=True, verbose_name="姓名")
    birthday = models.DateField(null=True, blank=True, verbose_name="出生年月")
    gender = models.CharField(max_length=6, choices=(("male", u"男"), ("female", "女")), default="female", verbose_name="性别")
    mobile = models.CharField(null=True, blank=True, max_length=11, verbose_name="电话")
    email = models.EmailField(max_length=100, null=True, blank=True, verbose_name="邮箱")

    class Meta:
        verbose_name = "用户"
        verbose_name_plural = verbose_name

    def __str__(self):
        return self.username

 

4.编写serializers.py文件

from rest_framework import serializers
from users.models import VerifyCode   # 此文件在哪里？

class VerifyCodeSerializer(serializers.ModelSerializer):
    class Meta:
        model = VerifyCode
        fields = "__all__"

 

5. 编写views 动态验证不同的请求使用不同的验证

from django.shortcuts import render
from rest_framework import mixins, viewsets
from rest_framework.views import APIView
from users.models import VerifyCode

from .serializers import VerifyCodeSerializer
# Create your views here.
from rest_framework.authentication import TokenAuthentication,BasicAuthentication,SessionAuthentication
from rest_framework_jwt.authentication import JSONWebTokenAuthentication

class VerifyCodeListViewSet(mixins.ListModelMixin,mixins.RetrieveModelMixin, viewsets.GenericViewSet):
    """
    验证码列表
    """
    queryset = VerifyCode.objects.all()
    serializer_class = VerifyCodeSerializer
    # authentication_classes = [TokenAuthentication, ]
    # authentication_classes = [JSONWebTokenAuthentication, ]
    # JWT 认证 加密，过期时间
    def get_authenticators(self):
        """
        Instantiates and returns the list of authenticators that this view can use.
        # 修改验证
        """
        # 动态认证
        print(self.authentication_classes)
        print([JSONWebTokenAuthentication, ])
        if self.action_map['get'] == "retrieve":
            self.authentication_classes = [BasicAuthentication,SessionAuthentication,]
        elif self.action_map['get'] == "list":
            self.authentication_classes = [JSONWebTokenAuthentication,]
        return [auth() for auth in self.authentication_classes]

    # DRF 自带的认证 不过期，易发生xss攻击
    # def get_authenticators(self):
    #     """
    #     Instantiates and returns the list of authenticators that this view can use.
    #     # 修改验证
    #     """
    #     print(self.authentication_classes)
    #     print([JSONWebTokenAuthentication, ])
    #     if self.action_map['get'] == "retrieve":
    #         self.authentication_classes = [BasicAuthentication,SessionAuthentication,]
    #     elif self.action_map['get'] == "list":
    #         self.authentication_classes = [JSONWebTokenAuthentication,]
    #     return [auth() for auth in self.authentication_classes]

    def get_queryset(self):
　　　　 # 取出认证信息
        print(self.request.auth)
        # print(self.action)
        return self.queryset
 # url

"""untitled URL Configuration

The `urlpatterns` list routes URLs to views. For more information please see:
    https://docs.djangoproject.com/en/1.10/topics/http/urls/
Examples:
Function views
    1. Add an import:  from my_app import views
    2. Add a URL to urlpatterns:  url(r'^$', views.home, name='home')
Class-based views
    1. Add an import:  from other_app.views import Home
    2. Add a URL to urlpatterns:  url(r'^$', Home.as_view(), name='home')
Including another URLconf
    1. Import the include() function: from django.conf.urls import url, include
    2. Add a URL to urlpatterns:  url(r'^blog/', include('blog.urls'))
"""
from rest_framework.authtoken import views
from rest_framework_jwt.views import obtain_jwt_token

from django.conf.urls import url, include
from django.contrib import admin
from rest_framework import routers
from users.views import VerifyCodeListViewSet

router   = routers.DefaultRouter()
router.register(r'codes', VerifyCodeListViewSet, 'codes')

urlpatterns = [
    url(r'^admin/', admin.site.urls),
    url(r'^api-auth/', include('rest_framework.urls'))

]
urlpatterns += [
    # drf 自带的
    url(r'^api-token-auth/', views.obtain_auth_token),
    # jwt 认证
    url(r'^jwt_auth/', obtain_jwt_token),
]
urlpatterns += router.urls

# views.py