4.DRF 认证--Authentication4.DRF 认证--Authentication

创建一个子应用 opt

python manage.py startapp opt

注册子应用

INSTALLED_APPS = [ \'django.contrib.admin\', \'django.contrib.auth\', \'django.contrib.contenttypes\', \'django.contrib.sessions\', \'django.contrib.messages\', \'django.contrib.staticfiles\', \'rest_framework\', \'students\', \'sers\', # 序列化器 \"school\", # 序列化器嵌套 \'req\', # 请求与响应 \'demo\', # 视图 \'opt\', # drf提供的组件使用]

总路由，代码：

from django.contrib import adminfrom django.urls import path, includeurlpatterns = [ path(\'admin/\', admin.site.urls), path(\'students/\', include(\"students.urls\")), path(\'sers/\', include(\"sers.urls\")), path(\'school/\', include(\"school.urls\")), path(\"req/\", include(\"req.urls\")), path(\"demo/\", include(\"demo.urls\")), path(\"opt/\", include(\"opt.urls\")),]

子路由，代码：

from django.urls import pathfrom . import viewsurlpatterns = []

因为接下来的认证组件中需要使用到登陆功能，所以我们使用django内置admin站点并创建一个管理员.

admin运营站点的访问地址：http://127.0.0.1:8000/admin

python manage.py createsuperuser# 如果之前有账号，但是忘了，可以通过终端下的命令修改指定用户的密码，这里的密码必须8位长度以上的python manage.py changepassword 用户名

创建管理员以后，访问admin站点，先修改站点的语言配置

settings.py

LANGUAGE_CODE = \'zh-hans\'TIME_ZONE = \'Asia/Shanghai\'

认证Authentication

可以在配置文件中配置全局默认的认证方案常见的认证方式：cookie、session、token/home/moluo/.virtualenvs/drfdemo/lib/python3.6/site-packages/rest_framework/settings.py 默认配置文件

REST_FRAMEWORK = { # 配置认证方式的选项 \'DEFAULT_AUTHENTICATION_CLASSES\': ( \'rest_framework.authentication.SessionAuthentication\', # session认证 \'rest_framework.authentication.BasicAuthentication\', # 基本认证 )}

也可以在具体的视图类中通过设置authentication_classess类属性来设置单独的不同的认证方式

from rest_framework.authentication import SessionAuthentication, BasicAuthenticationfrom rest_framework.views import APIViewclass ExampleView(APIView): # 类属性 authentication_classes = [SessionAuthentication, BasicAuthentication] def get(self,request): pass

认证失败会有两种可能的返回值，这个需要我们配合权限组件来使用：

• 401 Unauthorized 未认证
• 403 Permission Denied 权限被禁止

自定义认证，drfdemo.authentication代码：

from rest_framework.authentication import BaseAuthenticationfrom django.contrib.auth import get_user_modelclass CustomAuthentication(BaseAuthentication): \"\"\" 自定义认证方式 \"\"\" def authenticate(self, request): \"\"\" 认证方法 request: 本次客户端发送过来的http请求对象 \"\"\" user = request.query_params.get(\"user\") pwd = request.query_params.get(\"pwd\") if user != \"root\" or pwd != \"houmen\": return None # get_user_model获取当前系统中用户表对应的用户模型类 user = get_user_model().objects.first() return (user, None) # 按照固定的返回格式填写 （用户模型对象, None）

视图调用自定义认证，视图代码：

from django.contrib.auth.models import AnonymousUserfrom django.shortcuts import renderfrom rest_framework.views import APIViewfrom rest_framework.response import Responsefrom rest_framework.authentication import SessionAuthenticationfrom drfdemo.authentication import CustomAuthentication# Create your views here.class HomeAPIView(APIView): # authentication_classes = [CustomAuthentication, ] def get(self,request): \"\"\"单独设置认证方式\"\"\" print(request.user) # 在中间件AuthenticationMiddleware中完成用户身份识别的，如果没有登录request.user值为AnonymousUser if request.user.id is None: return Response(\"未登录用户：游客\") else: return Response(f\"已登录用户：{request.user}\")

当然，也可以注释掉上面视图中的配置，改成全局配置。settings.py，代码：

\"\"\"drf配置信息必须全部写在REST_FRAMEWORK配置项中\"\"\"REST_FRAMEWORK = { # 配置认证方式的选项【drf的认证是内部循环遍历每一个注册的认证类，一旦认证通过识别到用户身份，则不会继续循环】 \'DEFAULT_AUTHENTICATION_CLASSES\': ( \'drfdemo.authentication.CustomAuthentication\', # 自定义认证 \'rest_framework.authentication.SessionAuthentication\', # session认证 \'rest_framework.authentication.BasicAuthentication\', # 基本认证 )}