Python Django简单身份验证应用程序
我需要一个项目,一个具有以下功能的简单后端(所有工作都必须通过API完成,因为这将被另一个程序访问):Python Django简单身份验证应用程序,python,django,django-authentication,Python,Django,Django Authentication,我需要一个项目,一个具有以下功能的简单后端(所有工作都必须通过API完成,因为这将被另一个程序访问): 如果用户未经身份验证,则无法执行任何操作 为了获得身份验证,用户知道“默认用户”凭据 2.1用户尝试使用“默认用户”凭据登录 2.2应用程序使用随机密码和用户名(或令牌)创建一个新用户,并将其返回给用户,以便用户以后可以使用这些新凭据向服务器进行身份验证 经过身份验证的用户将只能在数据库中创建1个条目或更新他们创建的条目 在过去的几天里,我一直在尝试这样做,但是,我为django-REST-F
from django.conf.urls import url
from rest_framework.urlpatterns import format_suffix_patterns
from api import views
from api.serializers import UserSerializer
urlpatterns = [
url(r'^api-classes/$', views.UserStatisticsList.as_view()),
url(r'^api/$', views.userStatistics_list),
url(r'^users/$', views.UserList.as_view()),
]
urlpatterns = format_suffix_patterns(urlpatterns)
from rest_framework import serializers
from api.models import UserStatistics
from django.contrib.auth.models import User
class UserStatisticsSerializer(serializers.ModelSerializer):
user = serializers.ReadOnlyField(source='user.username')
class Meta:
model = UserStatistics
fields = ('id','user', 'last_modified', 'statistics_json',)
def create(self, validated_data):
"""
Create and return a new `UserStatistics` instance, given the validated data.
"""
return UserStatistics.objects.create(**validated_data)
def update(self, instance, validated_data):
"""
Update and return an existing `UserStatistics` instance, given the validated data.
"""
instance.last_modified = validated_data.get('last_modified', instance.last_modified)
instance.statistics_json = validated_data.get('statistics_json', instance.statistics_json)
instance.save()
return instance
class UserSerializer(serializers.ModelSerializer):
# userStat = serializers.PrimaryKeyRelatedField(many=False, queryset=UserStatistics.objects.all())
class Meta:
model = User
fields = ('id', 'username',)
# fields = ('id', 'username', 'userStat')
from rest_framework import status
from rest_framework.decorators import api_view
from rest_framework.response import Response
from api.models import UserStatistics
from api.serializers import UserStatisticsSerializer, UserSerializer
from rest_framework import permissions
@api_view(['GET', 'POST'])
def userStatistics_list(request, format=None):
"""
List all code snippets, or create a new snippet.
"""
if request.method == 'GET':
userStat = UserStatistics.objects.all()
serializer = UserStatisticsSerializer(userStat, many=True)
return Response(serializer.data)
elif request.method == 'POST':
serializer = UserStatisticsSerializer(data=request.data)
if serializer.is_valid():
serializer.save()
return Response(serializer.data, status=status.HTTP_201_CREATED)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
from rest_framework import mixins
from rest_framework import generics
class UserStatisticsList(
mixins.ListModelMixin,
mixins.CreateModelMixin,
generics.GenericAPIView):
"""
List all UserStatistics, or create a new UserStatistics.
"""
queryset = UserStatistics.objects.all()
serializer_class = UserStatisticsSerializer
permission_classes = (permissions.IsAuthenticatedOrReadOnly,)
def get(self, request, *args, **kwargs):
return self.list(request, *args, **kwargs)
def post(self, request, *args, **kwargs):
return self.create(request, *args, **kwargs)
def perform_create(self, serializer):
serializer.save(user=self.request.user)
# def get(self, request, format=None):
# userStat = UserStatistics.objects.all()
# serializer = UserStatisticsSerializer(userStat, many=True)
# return Response(serializer.data)
# def post(self, request, format=None):
# serializer = UserStatisticsSerializer(data=request.data)
# if serializer.is_valid():
# serializer.save()
# return Response(serializer.data, status=status.HTTP_201_CREATED)
# return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
from django.contrib.auth.models import User
class UserList(generics.ListAPIView):
queryset = User.objects.all()
serializer_class = UserSerializer
# Create your models here.
class UserStatistics(models.Model):
last_modified = models.DateTimeField(auto_now_add=True)
statistics_json = JSONField()
user = models.OneToOneField(User, related_name="creator")
class Meta:
ordering = ('last_modified','statistics_json',)
import string
import random
from django.contrib.auth.models import User, check_password, ModelBackend
class SettingsBackend(ModelBackend):
"""
Authenticate against the settings ADMIN_LOGIN and ADMIN_PASSWORD.
Use the login name, and a hash of the password. For example:
ADMIN_LOGIN = 'admin'
ADMIN_PASSWORD = 'sha1$4e987$afbcf42e21bd417fb71db8c66b321e9fc33051de'
"""
ANDROID_LOGIN_USERNAME = "android"
ANDROID_LOGIN_PASSWORD = "android"
def authenticate(self, username=None, password=None):
login_valid = (ANDROID_LOGIN_USERNAME == username)
pwd_valid = check_password(password, ANDROID_LOGIN_PASSWORD)
if login_valid and pwd_valid:
# try:
# user = User.objects.get(username=username)
# except User.DoesNotExist:
# return None
# Create a new user. Note that we can set password
# to anything, because it won't be checked; the password
# from settings.py will.
user = User(username=random_string_generator(), password=random_string_generator())
user.save()
return user
return None
def random_string_generator(size=6, chars=string.ascii_uppercase + string.digits):
return ''.join(random.choice(chars) for _ in range(size))
def has_perm(self, user_obj, perm, obj=None):
if user_obj.username == settings.ANDROID_LOGIN_USERNAME:
return True
else:
return False
def get_user(self, user_id):
try:
return User.objects.get(pk=user_id)
except User.DoesNotExist:
return None
谢谢你我在试着理解你想做什么。什么是“默认用户凭据”,用户无法注册?什么是“经过身份验证的用户只能在数据库中创建一个条目或更新他们创建的条目”。这意味着什么?这种设置背后的想法是,最终一个Android应用程序将在django服务器后面向数据库提交数据,django应用程序就像一个安全警卫。Android应用程序将提交json字符串,这些字符串需要存储在db中以供以后查看(我将db更改为mongoDB,因为行之间没有关系)。每个安卓设备都可以多次提交数据,但我只需要每个设备一条记录,因此我需要对它们进行身份验证,但我不希望用户手动进行验证,这样他们就不会误以为安卓中有用户配置文件。我正在试着理解你想做什么。什么是“默认用户凭据”,用户无法注册?什么是“经过身份验证的用户只能在数据库中创建一个条目或更新他们创建的条目”。这意味着什么?这种设置背后的想法是,最终一个Android应用程序将在django服务器后面向数据库提交数据,django应用程序就像一个安全警卫。Android应用程序将提交json字符串,这些字符串需要存储在db中以供以后查看(我将db更改为mongoDB,因为行之间没有关系)。每个安卓设备都可以多次提交数据,但我只需要每个设备一条记录,因此我需要对它们进行身份验证,但我不希望用户手动提交数据,这样他们就不会误以为安卓中有用户配置文件。