Django自帶用戶驗證框架
| 一 分析源碼 User |
Django的標準庫存放在 django.contrib 包中。每個子包都是一個獨立的附加功能包。
這些子包一般是互相獨立的,不過有些django.contrib子包需要依賴其他子包,其中django.contrib.auth 為Django的用戶驗證框架
1. 導入方法
from django.contrib.auth.models import User
2. 分析User繼承鏈
User --> AbstractUser --> (AbstractBaseUser, PermissionsMixin)
UserManger --> BaseUserManager
其中類AbstractUser內部中 username、first_name、last_name、email、is_staff、is_active、objects = UserManager()
類UserManager內部中 create_user()和create_superuser()
類AbstractBaseUser內部中 password、last_login、is_authenticated、set_password()
3. 小結
模仿 AbstractUser繼承 AbstractBaseUser,調用UserManager(),實現賬號定制
| 二 賬號定制 |
# 用來創建用戶 class MyUserManager(BaseUserManager): def create_user(self, email, name, password=None): if not email: raise ValueError(‘Users must have an email address‘) user = self.model( email=self.normalize_email(email), name=name, ) user.set_password(password) user.save(using=self._db) return user def create_superuser(self, email, name, password): user = self.create_user( email, password=password, name=name, ) user.is_admin = True user.save(using=self._db) return user # 定制賬號基本信息 class Account(AbstractBaseUser): email = models.EmailField( verbose_name=‘email address‘, max_length=255, unique=True, ) name = models.CharField(max_length=32) role = models.ForeignKey("Role", blank=True, null=True) customer = models.OneToOneField("Customer", blank=True, null=True) is_active = models.BooleanField(default=True) is_admin = models.BooleanField(default=False) objects = MyUserManager() USERNAME_FIELD = ‘email‘ REQUIRED_FIELDS = [‘name‘] # 其他基本信息......
參考鏈接 https://docs.djangoproject.com/en/1.11/topics/auth/customizing/
| 三 登錄與退出 |
1. 導入方法
from django.contrib.auth.decorators import login_required
from django.contrib.auth import authenticate, login, logout
2. 分析模塊
@login_required 驗證需要登錄的頁面,否則跳轉找配置裏的登錄頁面 LOGIN_URL = ‘/login/‘
authenticate(username=username, password=password),認證通過返回user對象,否則None
login(request, user) 寫入登錄sessioin
logout(request) 清除登錄session
3.3 示例
from django.shortcuts import render, redirect
from django.contrib.auth.decorators import login_required
from django.contrib.auth import authenticate, login, logout
@login_required
def dashboard(request):
return render(request, ‘dashboard.html‘)
def account_login(request):
if request.method == "POST":
username = request.POST.get(‘username‘)
password = request.POST.get(‘password‘)
user = authenticate(username=username, password=password)
if user:
login(request, user)
return redirect(request.GET.get(‘next‘) or ‘/dashboard/‘)
return render(request, ‘login.html‘)
def account_logout(request):
logout(request)
return redirect(‘/login/‘)
Django自帶用戶驗證框架