如何使用Django REST框架使用电子邮件和密码通过REST对用户进行身份验证
我有一个非常简单的愿望:通过REST验证(登录)用户。我需要使用电子邮件和密码 settings.py:如何使用Django REST框架使用电子邮件和密码通过REST对用户进行身份验证,django,django-rest-framework,Django,Django Rest Framework,我有一个非常简单的愿望:通过REST验证(登录)用户。我需要使用电子邮件和密码 settings.py: INSTALLED_APPS = [ 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.sites'
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.sites',
'django.contrib.staticfiles',
'rest_framework',
'modeltranslation',
'corsheaders',
'django_s3_storage',
'rest_framework.authtoken',
'rest_auth',
'allauth',
'allauth.account'
]
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.SessionAuthentication',
),
ACCOUNT_AUTHENTICATION_METHOD = 'email'
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_USERNAME_REQUIRED = False
AUTHENTICATION_BACKENDS = (
"django.contrib.auth.backends.ModelBackend",
"allauth.account.auth_backends.AuthenticationBackend",
)
AUTH_USER_MODEL = 'myapps.CustomUser'
URL.py:
re_path(r'^rest-auth/', include('rest_auth.urls')),
当我这样做时:
curl \
-X POST \
-H "Content-Type: application/json" \
-d '{"email": "admin@test.com", "password": "zyzzyx' \
http://localhost:8000/rest-auth/login/
错误消息为:无法使用提供的凭据登录
编辑:
我正在使用自定义用户模型:
class CustomUser(AbstractUser):
created = models.DateTimeField(auto_now_add=True)
username = models.CharField(max_length=100, unique=True)
email = models.EmailField(max_length=200, unique=True)
company = models.ForeignKey(Company, on_delete=models.CASCADE, related_name='%(class)s_company')
role = models.CharField(
max_length=100,
choices=ROLE_CHOICES,
default='admin',
)
class Meta:
ordering = ('created',)
db_table = "custom_user"
def __str__(self):
return self.username
User = get_user_model()
在settings.py中:
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.sites',
'django.contrib.staticfiles',
'rest_framework',
'modeltranslation',
'corsheaders',
'django_s3_storage',
'rest_framework.authtoken',
'rest_auth',
'allauth',
'allauth.account'
]
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.SessionAuthentication',
),
ACCOUNT_AUTHENTICATION_METHOD = 'email'
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_USERNAME_REQUIRED = False
AUTHENTICATION_BACKENDS = (
"django.contrib.auth.backends.ModelBackend",
"allauth.account.auth_backends.AuthenticationBackend",
)
AUTH_USER_MODEL = 'myapps.CustomUser'
为了使用
django\u rest\u framwork
的内置方法进行令牌身份验证,您应该调用acquire\u auth\u token
方法
因此,您的url.py将类似于
from django.urls import path
from rest_framework.authtoken.views import obtain_auth_token # <-- Here
from myapi.core import views
urlpatterns = [
path('rest-auth/', obtain_auth_token, name='api_token_auth'), # <-- And here
]
从django.url导入路径
从rest_framework.authtoken.views导入获取_auth_token#我最后也在用户名字段中存储了电子邮件地址。您的curl
请求看起来不错。可能是凭据错误或登录控制器出现问题。凭据正确。我可以使用该密码和用户名admin登录Django admin。我想我可以处理会话身份验证,而不是令牌。你能分享你的rest\u auth
设置吗?我看到软件包正在根据设置处理django_登录。你可以看到源代码,我想我现在所有关于rest的设置都包含在原始问题中,如果我跟在你后面的话。我遗漏了什么吗?您应该将会话身份验证的REST\u SESSION\u LOGIN
设置为True
。REST\u SESSION\u LOGIN的默认值为True。