Python Django REST框架需要哈希密码才能登录
Django要求我发送散列密码以获取JWT令牌。当我通过邮递员发送以下请求时,我得到一个“CustomUser匹配查询不存在”错误 但是,我可以使用哈希密码运行代码(从管理员处查找密码后),它返回正确的值。如何在发送密码之前发送未加密的密码或散列密码 我使用的是一个自定义用户模型,用电子邮件代替用户名。我尝试使用Python Django REST框架需要哈希密码才能登录,python,django,django-rest-framework,jwt,Python,Django,Django Rest Framework,Jwt,Django要求我发送散列密码以获取JWT令牌。当我通过邮递员发送以下请求时,我得到一个“CustomUser匹配查询不存在”错误 但是,我可以使用哈希密码运行代码(从管理员处查找密码后),它返回正确的值。如何在发送密码之前发送未加密的密码或散列密码 我使用的是一个自定义用户模型,用电子邮件代替用户名。我尝试使用request.META.get(“用户名”)和request.META.get(“密码”)将我的代码指向标题,但我收到一个“字段必填”错误。在将密码发送到API之前,我还试图找出如何在
request.META.get(“用户名”)request.META.get(“密码”)@csrf_exempt
@api_view(["POST"])
@permission_classes((AllowAny,))
def login(request):
username = request.data.get('username')
password = request.data.get('password')
if username is None or password is None:
return Response({'error': 'Please provide your username and password'}, status=HTTP_400_BAD_REQUEST)
user = authenticate(email=username, password=password)
if not user:
return Response({'error': 'Invalid Credentials'},status=HTTP_404_NOT_FOUND)
token, _ = Token.objects.get_or_create(user=user)
return Response({'token': token.key}, status=HTTP_200_OK)
我解决了我的问题。在实现JWT时,我将Django的默认版本身份验证留在了在线状态。我决定删除JWT en,而不是对所有内容进行返工。它现在工作得很好 我解决了我的问题。在实现JWT时,我将Django的默认版本身份验证留在了在线状态。我决定删除JWT en,而不是对所有内容进行返工。它现在工作得很好 你不应该通过
request.data.get('email')user=authenticate(username=username,password=password)request.data.get('email')user=authenticate获取用户名吗(username=username,password=password){“user”:{“email”:me@mysite.com,“用户名”:“我的用户”,“密码”:“我的通行证”}@csrf_exempt
@api_view(["POST"])
@permission_classes((AllowAny,))
def login(request):
username = request.data.get('username')
password = request.data.get('password')
if username is None or password is None:
return Response({'error': 'Please provide your username and password'}, status=HTTP_400_BAD_REQUEST)
user = authenticate(email=username, password=password)
if not user:
return Response({'error': 'Invalid Credentials'},status=HTTP_404_NOT_FOUND)
token, _ = Token.objects.get_or_create(user=user)
return Response({'token': token.key}, status=HTTP_200_OK)
import jwt
from datetime import datetime, timedelta
from django.conf import settings
from django.contrib.auth.models import (
AbstractBaseUser, BaseUserManager, PermissionsMixin
)
from django.db import models
class UserManager(BaseUserManager):
def create_user(self, username, email, password=None):
if username is None:
raise TypeError('Users must have a username')
if email is None:
raise TypeError('Users must have an email address')
user = self.model(username=username, email=self.normalize_email(email))
user.set_password(password)
user.save()
return user
def create_superuser(self, username, email, password):
if password is None:
raise TypeError('Superusers must have a password')
user = self.create_user(username, email, password)
user.is_superuser = True
user.is_staff = True
user.save()
return user
class CustomUser(AbstractBaseUser, PermissionsMixin):
username = models.CharField(db_index=True, max_length=255, unique = True)
email = models.EmailField(db_index=True, unique=True)
is_active = models.BooleanField(default=True)
is_staff = models.BooleanField(default=False)
created_at = models.DateTimeField(auto_now_add=True)
updated_at = models.DateTimeField(auto_now=True)
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = ['username']
objects = UserManager()
def __str__(self):
return self.email
@property
def token(self):
return self._generate_jwt_token()
def get_full_name(self):
return self.username
def get_short_name(self):
return self.username
def _generate_jwt_token(self):
dt = datetime.now()
expr = dt + timedelta(days=60)
dtt = int(expr.timestamp())
token = jwt.encode({
'id':self.pk,
'exp': dtt,
}, settings.SECRET_KEY, algorithm='HS256')
return token.decode('utf-8')