Django 自定义用户表DRF实现simple-jwt详细说明。
一、设计自定义用户表:
user/models.py 这里使用uuid4对id设置。
class UUIDTools(object):
return uuid.uuid4().hex
class User(AbstractBaseUser):
id = models.UUIDField(primy_key = True, auto_created = True, default = UUIDTools.uuid4_hex, editable = False)
username = models.CharField(max_length = 40, unique = True, verbose_name = '用户名')
password = models.CharField(max_length = 255,verbose_name = '用户密码')
is_super = models.BooleanField(default=False, verbose_name = '是否超级用户')
phone = models.CharField(max_length = 18,verbose_name = '手机号')
email =models.CharField(max_length = 32,verbose_name = '邮箱')
EMAIL_FIELD = ‘email’
REQUIRED_FIELDS = []
USERNAME_FIELD = 'username'
@property
def is_authenticated(self):
return True
def set_password(self,password):
self.password = encrypt_password(password)
class Meta:
managed = True
db_table = 'user_info'
verbose_name = '用户管理'
verbose_name_plural = verbose_name
def __str__(self):
return str(self.username)
在user下新建serializers.py 文件
class UserSerializer(serializer.ModelSerializer):
password = serializer.CharField(style={'input_type': 'password'}, write_only=True, max_length = 256)
class Meta:
model = User
fields = '__all__'
def create(self, validated_data):
user = super().create(validated_data)
user.set_password(vaildated_data['password'])
user.save()
return user
进行数据迁移 python manage migrate,修改setting文件
AUTH_USER_MODEL = "user.User"
pip下载simple-jwt ,修改setting文件
REST_FRAMEWORK = {
'DEFAULT_RENDERER_CLASSES': (
'rest_framework.permissions.IsAuthenticated'
)
'DEFAULT_AUTHENTICATION_CLASSES':(
'rest_framework_simplejwt.authentication.JWTAuthentication',
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication'
)
}
设置token有效时间
SIMPLE_JWT = {
'ACCESS_TOKEN_LIFETIME' : dateime.timedelta(days=1),
'REFRESH_TOKEN_LIFETIME' : datetime.timedelta(days=1)
}
二、用户注册:
在user/urls.py添加路由
from .views import RegisterView
urlpatterns = [
path('register/', RegisterView.as_view(), name='用户注册')
]
编写加密文件encrypt_password.py,这里和网上大都一样,下面会用到
import hashlib
def encrypt_password(password):
md5 = hashlib.md5()
sign_str = password + '#@%^&*'
sign_bytes_utf8 = sign_str.encode(enconding='utf-8')
md5.update(sign_bytes_utf8)
encrypted_password = md5.hexdigest()
return encrypted_password
编写user/views.py添加路由
from utils.encrypt_password import encrypt_password
class RegisterView(GenericAPIView)
def post(self, request):
data["username"] = request.POST.get('username')
data["password"] = request.POST.get('password')
user = UserSerializer(data = data)
user.is_vaild(raise_exception=True)
user.save()
ret = user['id'].value.replace('-', '')
response_data = {
"status": 200
"message": f"用户注册成功"
"data":{
id = ret,
username: user['username'].value,
password: user['password'].value
}
}
return Response(response_data, status=status.HTTP_200_OK)
def put(self, request):
username = request.data.get('username')
password = request.data.get('password')
user = User.objects.filter(username=username)
user["password"] = encrypt_password(password)
ret = user['id'].value.replace('-', '')
response_data = {
"status": 200
"message": f"用户注册成功"
"data":{
id = ret,
username: user['username'].value,
}
}
return Response(response_data, status=status.HTTP_200_OK)
def delete(self, request)
username = request.data.get('username')
user = User.objects.filter(username=username)
user.delete()
response_data = {
"status": 200
"message": f"用户已删除"
"data":[]
}
return Response(response_data, status=status.HTTP_200_OK)
三、登录认证:
编写文件,utils/Authentication.py
from rest_framework_simplejwt.authentication import JWTAuthentication
from rest_framework_simplejwt.exceptions import InvalidToken, AuthenticationFailed
from rest_framework_simplejwt.serializers import TokenObtainPairSerializer
from rest_framework_simplejwt.views import TokenObtainPairView
from rest_framework import exceptions
from django.utils.translation import gettext_lazy as _
from user.models import User
class MyTokenObtainPairSerializer(TokenObtainPairSerializer):
username_field = 'username'
def validate(self, attrs):
attrs['password'] = encrypt_password(attrs['password'])
authenticate_kwargs = {self.username_field: attrs[self.username_field], 'password': attrs['password']}
try:
user = User.objects.get(**authenticate_kwargs)
except Exception as e:
raise exceptions.NotFound(e.args[0])
refresh = self.get_token(user)
data = {"userId": user.id, "token": str(refresh.access_token), "refresh": str(refresh)}
return data
class MyTokenObtainPairView(TokenObtainPairView):
serializer_class = MyTokenObtainPairSerializer
class MyJWTAuthentication(JWTAuthentication):
def get_user(self, vaildated_token):
try:
user_id = validated_token['user_id']
except KeyError:
raise InvalidToken(_('Token contained no recognizable user identification'))
try:
user = User.objects.get(**{'id': user_id})
except User.DoesNotExist:
raise AuthenticationFailed(_('User not found'), code='user_not_found')
return user
在user/urls.py中显示
from .views import RegisterView
from django.url import path
from utils.Authentication import MyTokenObtainPairView
urlpatterns = [
path('register/', RegisterView.as_view(), name='用户注册')
path('login/', MyTokenObtainPairView.as_view(), name='用户登录')
]
在其他app视图函数前内加入表示必须登录后才可以使用功能,注释调表示不登录也可使用
permission_classes = [IsAuthenticated]