Django 使用tastypie ApiKeyAuthentication时,客户端如何获取api密钥?
我正在使用Django 使用tastypie ApiKeyAuthentication时,客户端如何获取api密钥?,django,tastypie,django-authentication,api-key,Django,Tastypie,Django Authentication,Api Key,我正在使用django-tastype进行REST API,使用ApiKeyAuthentication进行身份验证。我在api.py中有一个CreateUserResource用于创建新用户。现在,在所有教程中都指定,无论何时完成任何GET或POST请求,都必须指定apikey。但是客户端如何接收此apikey 是否在登录时,要对客户端进行身份验证,并向客户端提供一个apikey,该密钥在客户端注销时将被撤销?用于在后台使用Tastypie在单页应用程序中实现基本身份验证: 让用户输入用户名和
django-tastypeApiKeyAuthenticationapi.pyCreateUserResourceapikey是否在登录时,要对客户端进行身份验证,并向客户端提供一个
apikeyfrom django.contrib.auth.models import User
from django.contrib.auth import authenticate, login
from tastypie.http import HttpUnauthorized, HttpForbidden, HttpNotFound
from tastypie.authentication import ApiKeyAuthentication
from django.conf.urls import url
from tastypie.resources import ModelResource
from tastypie.utils import trailing_slash
class AuthenticationResource(ModelResource):
def __get_api_key_for_user(self, user):
return '%s' % (user.api_key.key)
class Meta:
resource_name = 'authentication'
def prepend_urls(self):
return [
url(r"^(?P<resource_name>%s)/login%s$" %
(self._meta.resource_name, trailing_slash()),
self.wrap_view('login'), name="api_login"),
]
def login(self, request, **kwargs):
self.method_check(request, allowed=['post'])
data = self.deserialize(request, request.body, format=request.META.get('CONTENT_TYPE', 'application/json'))
username = data.get('username', '')
password = data.get('password', '')
user = authenticate(username=username, password=password)
if user:
if user.is_active:
last_login = user.last_login
login(request, user) // updates the last login
return self.create_response(request, {
'api_key': self.__get_api_key_for_user(user),
'last_login': last_login,
'username': username
})
else:
return self.create_response(request, {
'success': False,
'reason': 'disabled',
}, HttpForbidden )
else:
return self.create_response(request, {
'success': False,
'reason': 'Incorrect user name or password',
}, HttpUnauthorized )
来自django.contrib.auth.models导入用户
从django.contrib.auth导入身份验证,登录
从tastypie.http导入HttpUnauthorized、HttpForbidden、HttpNotFound
从tastypie.authentication导入ApiKeyAuthentication
从django.conf.url导入url
从tastypie.resources导入ModelResource
从tastypie.utils导入尾部斜杠
类AuthenticationResource(ModelResource):
用户(自身、用户)的定义获取api密钥:
返回“%s%”(user.api\u key.key)
类元:
资源名称='authentication'
def prepend_URL(自身):
返回[
url(r“^(?P%s)/登录名%s$”%
(self.\u meta.resource\u name,尾随的\u斜杠()),
self.wrap_视图('login'),name=“api_login”),
]
def登录(自我、请求、**kwargs):
self.method_check(请求,允许=['post']))
data=self.deserialize(request,request.body,format=request.META.get('CONTENT\u TYPE','application/json'))
username=data.get('username','')
password=data.get('password','')
用户=验证(用户名=用户名,密码=密码)
如果用户:
如果user.u处于活动状态:
last\u login=user.last\u login
登录(请求,用户)//更新上次登录
返回self.create_响应(请求{
“api密钥”:self.\u获取用户的api密钥(用户),
“上次登录”:上次登录,
“用户名”:用户名
})
其他:
返回self.create_响应(请求{
“成功”:错误,
'原因':'已禁用',
},http(禁止)
其他:
返回self.create_响应(请求{
“成功”:错误,
'原因':'用户名或密码不正确',
},http(未经授权)
from django.contrib.auth.models import User
from django.contrib.auth import authenticate, login
from tastypie.http import HttpUnauthorized, HttpForbidden, HttpNotFound
from tastypie.authentication import ApiKeyAuthentication
from django.conf.urls import url
from tastypie.resources import ModelResource
from tastypie.utils import trailing_slash
class AuthenticationResource(ModelResource):
def __get_api_key_for_user(self, user):
return '%s' % (user.api_key.key)
class Meta:
resource_name = 'authentication'
def prepend_urls(self):
return [
url(r"^(?P<resource_name>%s)/login%s$" %
(self._meta.resource_name, trailing_slash()),
self.wrap_view('login'), name="api_login"),
]
def login(self, request, **kwargs):
self.method_check(request, allowed=['post'])
data = self.deserialize(request, request.body, format=request.META.get('CONTENT_TYPE', 'application/json'))
username = data.get('username', '')
password = data.get('password', '')
user = authenticate(username=username, password=password)
if user:
if user.is_active:
last_login = user.last_login
login(request, user) // updates the last login
return self.create_response(request, {
'api_key': self.__get_api_key_for_user(user),
'last_login': last_login,
'username': username
})
else:
return self.create_response(request, {
'success': False,
'reason': 'disabled',
}, HttpForbidden )
else:
return self.create_response(request, {
'success': False,
'reason': 'Incorrect user name or password',
}, HttpUnauthorized )
来自django.contrib.auth.models导入用户
从django.contrib.auth导入身份验证,登录
从tastypie.http导入HttpUnauthorized、HttpForbidden、HttpNotFound
从tastypie.authentication导入ApiKeyAuthentication
从django.conf.url导入url
从tastypie.resources导入ModelResource
从tastypie.utils导入尾部斜杠
类AuthenticationResource(ModelResource):
用户(自身、用户)的定义获取api密钥:
返回“%s%”(user.api\u key.key)
类元:
资源名称='authentication'
def prepend_URL(自身):
返回[
url(r“^(?P%s)/登录名%s$”%
(self.\u meta.resource\u name,尾随的\u斜杠()),
self.wrap_视图('login'),name=“api_login”),
]
def登录(自我、请求、**kwargs):
self.method_check(请求,允许=['post']))
data=self.deserialize(request,request.body,format=request.META.get('CONTENT\u TYPE','application/json'))
username=data.get('username','')
password=data.get('password','')
用户=验证(用户名=用户名,密码=密码)
如果用户:
如果user.u处于活动状态:
last\u login=user.last\u login
登录(请求,用户)//更新上次登录
返回self.create_响应(请求{
“api密钥”:self.\u获取用户的api密钥(用户),
“上次登录”:上次登录,
“用户名”:用户名
})
其他:
返回self.create_响应(请求{
“成功”:错误,
'原因':'已禁用',
},http(禁止)
其他:
返回self.create_响应(请求{
“成功”:错误,
“理由”: