Django rest框架JWT和自定义身份验证后端
我有一个自定义用户模型,并创建了一个自定义身份验证后端。 我使用django rest框架,以及django rest框架JWT进行令牌认证。
用户型号:
class User(AbstractBaseUser, PermissionsMixin):
email = models.EmailField(
unique=True,
max_length=254,
)
first_name = models.CharField(max_length=15)
last_name = models.CharField(max_length=15)
mobile = models.IntegerField(unique=True)
date_joined = models.DateTimeField(default=timezone.now)
is_active = models.BooleanField(default=True)
is_admin = models.BooleanField(default=False)
objects = UserManager()
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = ['first_name', 'last_name', 'mobile']
验证后端:
class EmailOrMobileAuthBackend(object):
def authenticate(self, username=None, password=None):
try:
user = get_user_model().objects.get(email=username)
if user.check_password(password):
return user
except User.DoesNotExist:
if username.isdigit():
try:
user = get_user_model().objects.get(mobile=username)
if user.check_password(password):
return user
except User.DoesNotExist:
return None
else:
return None
def get_user(self, user_id):
try:
return get_user_model().objects.get(pk=user_id)
except User.DoesNotExist:
return None
并已在settings.py中添加:
AUTHENTICATION_BACKENDS = ('accounts.email_mobile_auth_backend.EmailOrMobileAuthBackend',)
登录到django管理员站点时,电子邮件和手机号码在验证用户身份时都能正常工作。 但是,当我尝试使用django rest框架JWT获取用户令牌时,出现错误:
curl -X POST -d "email=admin@gmail.com&password=123123" http://localhost/api-token-auth/
"non_field_errors": [
"Unable to log in with provided credentials."
]
我还在默认身份验证Rest框架中添加了自定义身份验证后端类,但其仍然不起作用:
REST_FRAMEWORK = {
...
'DEFAULT_AUTHENTICATION_CLASSES': (
'accounts.email_mobile_auth_backend.EmailOrMobileAuthBackend',
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
),
}
我错过了什么? 为什么它在登录到django管理站点时工作,但在使用django rest框架jwt获取令牌时出现错误?
更新
我已经建议另一个auth后端,并将其添加到DEFAULT_AUTHENTICATION_CLASSES
,但即使这不起作用。
class DrfAuthBackend(BaseAuthentication):
def authenticate(self, username=None, password=None):
try:
user = get_user_model().objects.get(email=username)
if user.check_password(password):
return user, None
except User.DoesNotExist:
if username.isdigit():
try:
user = get_user_model().objects.get(mobile=username)
if user.check_password(password):
return user, None
except User.DoesNotExist:
return None
else:
return None
设置:
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAdminUser',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'accounts.email_mobile_auth_backend.EmailOrMobileAuthBackend',
'accounts.email_mobile_auth_backend.DrfAuthBackend',
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
),
}
更新
将auth类中的args
从username
更改为email
似乎可以用于获取auth_token
但又不能用于登录管理站点。
class EmailOrMobileAuthBackend(object):
def authenticate(self, email=None, password=None):
try:
user = get_user_model().objects.get(email=email)
if user.check_password(password):
return user
except User.DoesNotExist:
if email.isdigit():
try:
user = get_user_model().objects.get(mobile=email)
if user.check_password(password):
return user
except User.DoesNotExist:
return None
else:
return None
def get_user(self, user_id):
try:
return get_user_model().objects.get(pk=user_id)
except User.DoesNotExist:
return None
您应该检查自定义身份验证后端的DRF文档。
我认为您的自定义身份验证后端正在破坏它,您可以通过从DRF设置中删除您的身份来解决它:
REST_FRAMEWORK = {
...
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
),
}
或者通过修复与Django自定义身份验证基本不相同的你的身份,因为你应该从authentication.BaseAuthentication
扩展,并返回一个元组。
from rest_framework import authentication
class DrfAuthBackend(authentication.BaseAuthentication):
def authenticate(self, email=None, password=None):
try:
user = get_user_model().objects.get(email=email)
if user.check_password(password):
return user, None
except User.DoesNotExist:
if email.isdigit():
try:
user = get_user_model().objects.get(mobile=email)
if user.check_password(password):
return user, None
except User.DoesNotExist:
return None
else:
return None
然后在DRF设置中使用它:
REST_FRAMEWORK = {
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAdminUser',
),
'DEFAULT_AUTHENTICATION_CLASSES': (
'accounts.email_mobile_auth_backend.DrfAuthBackend',
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
),
}
对于Django登录:
class EmailOrMobileAuthBackend(object):
def authenticate(self, username=None, password=None):
try:
user = get_user_model().objects.get(email=username)
if user.check_password(password):
return user
except User.DoesNotExist:
if username.isdigit():
try:
user = get_user_model().objects.get(mobile=username)
if user.check_password(password):
return user
except User.DoesNotExist:
return None
else:
return None
def get_user(self, user_id):
try:
return get_user_model().objects.get(pk=user_id)
except User.DoesNotExist:
return None
然后进行设置:
AUTHENTICATION_BACKENDS = ('accounts.email_mobile_auth_backend.EmailOrMobileAuthBackend',)
链接地址: http://www.djcxy.com/p/33805.html
上一篇: Django rest framework JWT and custom authentication backend