rest_framework认证流程
发布时间:2020-12-20 10:45:32 所属栏目:Python 来源:网络整理
导读:安装 pip3 install djangorestframework ? 使用 基于cbv使用rest_framework框架 from rest_framework.views import APIView # rest_framework框架,继承View class ApiTest(APIView): pass 当用户请求进来,执行父类的as_view方法,返回view函数,执行dispatc
安装pip3 install djangorestframework ? 使用基于cbv使用rest_framework框架from rest_framework.views import APIView # rest_framework框架,继承View class ApiTest(APIView): pass
当用户请求进来,执行父类的as_view方法,返回view函数,执行dispatch方法,由于继承了APIView,会执行此类下边的dispatch方法def dispatch(self,request,*args,**kwargs): self.args = args self.kwargs = kwargs # 这里用initalize_request方法对原生的request进行加工 request = self.initialize_request(request,**kwargs) self.request = request self.headers = self.default_response_headers # deprecate? try: # 对加工之后的request处理,看下这里边的逻辑 self.initial(request,**kwargs) if request.method.lower() in self.http_method_names: handler = getattr(self,request.method.lower(),self.http_method_not_allowed) else: handler = self.http_method_not_allowed response = handler(request,**kwargs) except Exception as exc: response = self.handle_exception(exc) self.response = self.finalize_response(request,response,**kwargs) return self.response 可以看到,APIView类下的dispatch方法相比于View中的dispatch方法,除了反射请求还多了一些操作比如,对本来的request用initialize_request方法进行了一些加工,封装了一些其他的属性,点开看,def initialize_request(self,**kwargs): """ Returns the initial request object. """ parser_context = self.get_parser_context(request) return Request( request,parsers=self.get_parsers(),authenticators=self.get_authenticators(),negotiator=self.get_content_negotiator(),parser_context=parser_context ) 是利用Request类生成了一个新的对象,新的对象包含了原有的request属性,还有一些其他的属性,这里看下authenticators,这个属性是用来认证的属性,def get_authenticators(self): """ Instantiates and returns the list of authenticators that this view can use. """ return [auth() for auth in self.authentication_classes] 返回了一个列表生成式,生成的里边是一个个的对象,self.authentication_classes点开之后是读取的rest_frame的配置文件class APIView(View): # The following policies may be set at either globally,or per-view. renderer_classes = api_settings.DEFAULT_RENDERER_CLASSES parser_classes = api_settings.DEFAULT_PARSER_CLASSES authentication_classes = api_settings.DEFAULT_AUTHENTICATION_CLASSES #这里 throttle_classes = api_settings.DEFAULT_THROTTLE_CLASSES permission_classes = api_settings.DEFAULT_PERMISSION_CLASSES content_negotiation_class = api_settings.DEFAULT_CONTENT_NEGOTIATION_CLASS metadata_class = api_settings.DEFAULT_METADATA_CLASS versioning_class = api_settings.DEFAULT_VERSIONING_CLASS 如果我们在我们自己的类里边写入authentication_classes参数,就可以读取我们自己设置的,不用APIView下边的from rest_framework.authentication import BasicAuthentication class ApiTest(APIView): authentication_classes = [BasicAuthentication] 到这里,我们已经大概知道dispatch对request进行了一些封装,接下来看下边的代码def dispatch(self,**kwargs) self.request = request # 赋值 self.headers = self.default_response_headers # deprecate? ?try下边的initial方法,把封装了数据之后的request当参数,我们点开这个方法def initial(self,**kwargs): """ Runs anything that needs to occur prior to calling the method handler. """ self.format_kwarg = self.get_format_suffix(**kwargs) ? 发现有一个perform_authentication方法,点开这个方法里边执行了user属性方法@property def user(self): """ Returns the user associated with the current request,as authenticated by the authentication classes provided to the request. """ if not hasattr(self,‘_user‘): with wrap_attributeerrors(): self._authenticate() # 查看下这个方法 return self._user ? authenticatedef _authenticate(self): """ Attempt to authenticate the request using each authentication instance in turn. """ for authenticator in self.authenticators: # 之前封装的认证对象 try: user_auth_tuple = authenticator.authenticate(self) # 认证是否登录的方法,成功返回元组,失败报错 except exceptions.APIException: self._not_authenticated() raise if user_auth_tuple is not None: self._authenticator = authenticator self.user,self.auth = user_auth_tuple return self._not_authenticated() ? ? 修改authentacate方法,实现验证功能from django.shortcuts import HttpResponse import json from rest_framework.views import APIView # rest_framework框架,继承View from rest_framework.authentication import BasicAuthentication from rest_framework import exceptions # 验证失败触发异常 class Myauthentication(object): def authenticate(self,request): username = request._request.GET.get("username") # 验证成功返回元组 if not username: raise exceptions.AuthenticationFailed("用户名未登录") # 无返回验证失败,触发异常 return ("status",1) def authenticate_header(self,val): pass class ApiTest(APIView): authentication_classes = [Myauthentication] # 通过自定义的类做认证 def get(self,**kwargs): # 用于处理get请求 print(request) res = { "code": 1000,"msg": "hello world" } return HttpResponse(json.dumps(res)) def post(self,**kwargs): return HttpResponse("post") def put(self,**kwargs): return HttpResponse("put") def delete(self,**kwargs): return HttpResponse("delete") (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |