Man*_*pta 8 python authentication django
我在看django-otp模块,想在我的项目中实现它.但我面临几个问题.
1)根据文档(它们在文档已经给出的方法)中,有三个级别的身份验证的:Anonymous,Authenticated和Authenticated + Verified.如果用户已经通过django的身份验证系统进行了身份验证,那么他将被要求进行otp验证(双向身份验证).
现在我想跳过它并通过otp验证/验证用户.而不是登录提示用户将输入电话号码并将收到otp进行验证.(我想绕过django的身份验证).
2)我还想在选定的页面上使用otp_required.即我将在我的网站上拥有匿名用户和经过验证的用户.
3)我找不到任何关于实施的例子.
我的问题是如何在我当前的场景中实现它.
编辑:Settings.py
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'home',
'django_otp',
'django_otp.plugins.otp_totp',
'django_otp.plugins.otp_static',
]
MIDDLEWARE_CLASSES = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django_otp.middleware.OTPMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
您可以编写自己的基于类的视图 mixin,例如LoginRequired mixin。
class AuthenticationVerificationMixin(AccessMixin):
"""
CBV mixin which verifies that the current user is authenticated,
and has a placeholder for checking if user verified.
"""
def dispatch(self, request, *args, **kwargs):
if not request.user.is_authenticated:
return self.handle_no_permission()
elif not request.user.is_verified():
# If you need a verification logic it will go here,
# for example here's a redirect if you're not verified...
# return redirect_to_login(self.request.get_full_path(), '/verify/'), self.get_redirect_field_name())
return super().dispatch(request, *args, **kwargs)
然后将这些 mixin 添加到您的视图中,例如
class MyView(AuthenticationVerificationMixin, TemplateView):
...
| 归档时间: |
|
| 查看次数: |
2966 次 |
| 最近记录: |