Django Tastypie请求用户在注销方法时是匿名的
使用tastypieapi并为用户资源实现一些功能(下面是示例代码:),我想知道如何存放经过身份验证的用户,或者如何以正确的方式访问它。在测试登录方法时:Django Tastypie请求用户在注销方法时是匿名的,django,api,tastypie,basic-authentication,Django,Api,Tastypie,Basic Authentication,使用tastypieapi并为用户资源实现一些功能(下面是示例代码:),我想知道如何存放经过身份验证的用户,或者如何以正确的方式访问它。在测试登录方法时: curl -u "user:pw" -H "Content-Type: application/json" -X POST --data '{"username" : "user", "password": "pw"}' http://localhost:8000/api/user/login/?format=json 一切正常;但是
curl -u "user:pw" -H "Content-Type: application/json" -X POST --data '{"username" : "user", "password": "pw"}' http://localhost:8000/api/user/login/?format=json
一切正常;但是注销方法将request.user视为匿名用户。如何将经过身份验证的正确用户传递给注销方法?非常感谢
来自api.py的代码片段
class UserResource(ModelResource):
class Meta:
queryset = AppUser.objects.all()
resource_name = 'user'
fields = ['first_name', 'last_name', 'username', 'email', 'is_staff']
allowed_methods = ['get', 'post', 'patch']
always_return_data = True
authentication = BasicAuthentication()
authorization = Authorization()
def prepend_urls(self):
params = (self._meta.resource_name, trailing_slash())
return [
url(r"^(?P<resource_name>%s)/login%s$" % params, self.wrap_view('login'), name="api_login"),
url(r"^(?P<resource_name>%s)/logout%s$" % params, self.wrap_view('logout'), name="api_login")
]
def login(self, request, **kwargs):
"""
Authenticate a user, create a CSRF token for them, and return the user object as JSON.
"""
self.method_check(request, allowed=['post'])
data = self.deserialize(request, request.raw_post_data, format=request.META.get('CONTENT_TYPE', 'application/json'))
username = data.get('username', '')
password = data.get('password', '')
if username == '' or password == '':
return self.create_response(request, {
'success': False,
'error_message': 'Missing username or password'
})
user = authenticate(username=username, password=password)
if user:
if user.is_active:
login(request, user)
response = self.create_response(request, {
'success': True,
'username': user.username
})
response.set_cookie("csrftoken", get_new_csrf_key())
return response
else:
return self.create_response(request, {
'success': False,
'reason': 'disabled',
}, HttpForbidden )
else:
return self.create_response(request, {
'success': False,
'error_message': 'Incorrect username or password'
})
def logout(self, request, **kwargs):
"""
Attempt to log a user out, and return success status.
"""
self.method_check(request, allowed=['get'])
if request.user and request.user.is_authenticated():
logout(request)
return self.create_response(request, { 'success': True })
else:
return self.create_response(request, { 'success': False, 'error_message': 'You are not authenticated, %s' % request.user.is_authenticated() })
类用户资源(ModelResource):
类元:
queryset=AppUser.objects.all()
资源名称='user'
字段=[“名字”、“姓氏”、“用户名”、“电子邮件”、“是工作人员”]
允许的_方法=['get','post','patch']
始终返回数据=真
身份验证=基本身份验证()
授权=授权()
def prepend_URL(自身):
params=(self.\u meta.resource\u name,尾随的\u斜杠())
返回[
url(r“^(?P%s)/login%s$%params,self.wrap_视图('login'),name=“api_login”),
url(r“^(?P%s)/logout%s$%params,self.wrap_视图('logout'),name=“api_login”)
]
def登录(自我、请求、**kwargs):
"""
对用户进行身份验证,为他们创建CSRF令牌,并将用户对象作为JSON返回。
"""
self.method_check(请求,允许=['post']))
data=self.deserialize(request,request.raw\u post\u data,format=request.META.get('CONTENT\u TYPE','application/json'))
username=data.get('username','')
password=data.get('password','')
如果用户名==''或密码=='':
返回self.create_响应(请求{
“成功”:错误,
“错误消息”:“缺少用户名或密码”
})
用户=验证(用户名=用户名,密码=密码)
如果用户:
如果user.u处于活动状态:
登录(请求、用户)
响应=自我。创建\u响应(请求{
"成功":对,,
“用户名”:user.username
})
response.set_cookie(“csrftoken”,get_new_csrf_key())
返回响应
其他:
返回self.create_响应(请求{
“成功”:错误,
'原因':'已禁用',
},http(禁止)
其他:
返回self.create_响应(请求{
“成功”:错误,
“错误消息”:“用户名或密码不正确”
})
def注销(自我、请求、**kwargs):
"""
尝试注销用户,并返回成功状态。
"""
self.method_check(请求,允许=['get']))
如果request.user和request.user.经过身份验证():
注销(请求)
返回self.create_响应(请求,{'success':True})
其他:
返回self.create_响应(请求,{'success':False,'error_message':'您未通过身份验证,%s'%request.user.is_authenticated())
如果要创建自己的自定义Tastype URL,则需要自己调用Tastype身份验证,然后才能正确填充request.user对象
def logout(self, request, **kwargs):
"""
Attempt to log a user out, and return success status.
"""
self.method_check(request, allowed=['get'])
# Run tastypie's BasicAuthentication
self.is_authenticated(request)
if request.user and request.user.is_authenticated():
logout(request)
return self.create_response(request, { 'success': True })
else:
return self.create_response(request, { 'success': False, 'error_message': 'You are not authenticated, %s' % request.user.is_authenticated() })