Auth用户认证组件
用户认证组件:
功能:用session记录登录验证状态
前提:用户表:django自带的auth-user
python3 manage.py createsuperuser #创建超级用户
补充匿名用户:
API: from django.contrib import auth : 1. #if 验证成功返回user对象,否则返回None user = auth.authenticate(username=user,password=pwd) 2. auth.login(request,user) #request.user 当前登录对象 3. auth.login(request) from django.contrib.auth.models import User #User == auth_user 4. request.user.is_authenticated 5.user = User.objects.create_user(username='',password='',email='') 补充: 匿名用户对象: 匿名用户 class models.AnonymousUser django.contrib.auth.models.AnonymousUser #这个类实现了django.contrib.auth.models.User 借口,但是又几点不同: id永远是None username永远为空字符串 get_username()永远返回空字符串 is_staff和is_superuser永远是False is_active永远是False groups和user_permissions永远为空 is_annonymous()返回True 而不是False is_authenticated()返回时False,而不是True set_password()、check_password()、save()和delete()引发NotImplementedError。 New in Django 1.8: 新增 AnonymouseUser.get_username()以更好的模拟django.contrib.auth.moudels.User
总结:
if not :auth.login(request,user) request.user = AnonymousUser()
else:request.user==登录对象
request.user是一个全局变量
views.py
from django.shortcuts import render, redirect # Create your views here. from django.contrib import auth from django.contrib.auth.models import User from django.contrib.auth.decorators import login_required def login(request): if request.method == 'POST': # 取得账号密码,验证用户对象 user = request.POST.get("user") pwd = request.POST.get("pwd") # if验证成功返回user对象,否则返回NONE user = auth.authenticate(username=user, password=pwd) if user: auth.login(request, user) # request.user:当前登录对象 next_url = request.GET.get("next", "/index/") return redirect(next_url) return render(request, "login.html") # 登录验证装饰器 @login_required def index(request): # 打印匿名用户信息 # print("request.user:",request.user.username) # print("request.user:",request.user.id) # print("request.user:",request.user.is_anonymous) # # #if request.user.is_anonymous: # if not request.user.is_authenticated: # return redirect("/login/") username = request.user.username return render(request, "index.html", {"username": username}) # return render(request,"index.html") @login_required def order(request): if not request.user.is_authenticated: return render(request, "order.html") return render(request,"order.html") # 注销登录 def logout(request): auth.logout(request) return redirect("/login/") # 注册页面 def reg(request): # 取得注册信息 if request.method == "POST": user = request.POST.get("user") pwd = request.POST.get("pwd") # 这种是不对的 # User.objects.create(username=user,password=pwd) user = User.objects.create_user(username=user, password=pwd) return redirect("/login/") return render(request, "reg.html")
settings.py
# LANGUAGE_CODE = 'en-us' LANGUAGE_CODE = 'zh-Hans' # TIME_ZONE = 'UTC' TIME_ZONE = 'Asia/Shanghai' USE_I18N = True USE_L10N = True USE_TZ = True # USE_TZ = False # Static files (CSS, JavaScript, Images) # https://docs.djangoproject.com/en/2.0/howto/static-files/ STATIC_URL = '/static/' LOGIN_URL = "/login/"
urls.py
from django.contrib import admin from django.urls import path from blog import views urlpatterns = [ path('admin/', admin.site.urls), path('login/', views.login), path('index/', views.index), path('order/', views.order), path('logout/', views.logout), path('reg/', views.reg), ]
努力成为一个开发者
个人站点:www.pythonav.cn