我正在使用REST API的django-rest-framework.此外,对于JSON Web令牌身份验证,我使用的是django-rest-framework-jwt.成功登录后,将为用户提供令牌.我已经找到了如何使用api调用验证令牌,但有没有办法在视图中验证令牌并获取该令牌的用户,类似于request.user?
我需要它在使用django-channels时验证消费者内部:
def ws_connect(message):
params = parse_qs(message.content["query_string"])
if b"token" in params:
token = params[b"token"][0]
# validate the token and get the user object
# create an object with that user
我正在尝试创建一个手动令牌,我想添加过期时间。从这里 =>文档
这里=>
from rest_framework_simplejwt.tokens import RefreshToken
refresh = RefreshToken.for_user(user)
refresh.set_exp(lifetime=datetime.timedelta(days=10))
# refresh.lifetime = datetime.timedelta(days=10)
return Response ({
'access': str(refresh.access_token),'refresh':str(refresh),"status":"success"
})
这是setting.py=>
JWT_AUTH = {
# how long the original token is valid for
'ACCESS_TOKEN_LIFETIME': datetime.timedelta(days=2),
# allow refreshing of tokens
'JWT_ALLOW_REFRESH': True,
# this is the maximum time AFTER the token was issued that
# it can be refreshed. exprired tokens can't be refreshed.
'REFRESH_TOKEN_LIFETIME': datetime.timedelta(days=7),
}
但是为什么即使我添加了 10 天,这个访问令牌也会在 5 分钟后过期?如何添加过期时间?
创建此方法是为了使用电子邮件和密码进行身份验证。因为默认身份验证使用用户 ID 和密码。有没有办法在 drf 示例 jwt …
我已经安装了djangorestframework-simplejwt软件包并尝试导入该模块urls.py,views.py但仍然无法正常工作。请指导我解决这个问题。
点值列表
Package Version
----------------------------- -------
asgiref 3.3.1
Django 3.1.4
djangorestframework 3.12.2
djangorestframework-simplejwt 4.6.0
pip 20.2.3
PyJWT 1.7.1
pytz 2020.4
setuptools 49.2.1
sqlparse 0.4.1
设置.py
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'Django_MedicalApp',
'rest_framework',
'rest_framework_simplejwt',]
REST_FRAMEWORK = {'DEFAULT_AUTHENTICATION_CLASSES':
['rest_framework_simplejwt.authentication.JWTAuthentication',],
'DEFAULT_PERMISSION_CLASSES':
('rest_framework.permissions.AllowAny','rest_framework.permissions.IsAuthenticatedOrReadOnly',)}
urls.py
from rest_framework_simplejwt.views import TokenObtainPairView
router = routers.DefaultRouter()
router.register('Company',views.CompanyViewset,basename='Company')
urlpatterns = [
path('admin/', admin.site.urls),
path('api/',include(router.urls),
path('api/token/', TokenObtainPairView.as_view(), name='token_obtain_pair'))]
视图.py
from rest_framework_simplejwt.authentication import JWTAuthentication
class CompanyViewset(viewsets.ViewSet):
authentication_classes = [JWTAuthentication]
请帮助我解决此导入错误。
python django django-rest-framework django-rest-framework-jwt django-rest-framework-simplejwt
我安装了 djangorestframework 如下图:
pip install djangorestframework -jwt
然后,我使用rest_framework_jwt.views如下所示:
from rest_framework_jwt.views import (
obtain_jwt_token,
refresh_jwt_token,
verify_jwt_token
)
...
path('auth-jwt/', obtain_jwt_token),
path('auth-jwt-refresh/',refresh_jwt_token),
path('auth-jwt-verify/', verify_jwt_token),
...
但是,我收到以下错误:
ImportError:无法从“django.utils.translation”导入名称“ugettext”
那么,我该如何解决该错误呢?
Python Django 中的代码:
if len(error) < 1:
return Response(status=HTTP_200_OK)
else:
return Response({"data":error}status=HTTP_400_BAD_REQUEST)
javascript中的代码
if(response.status===200){
alert("ok")
}else if(response.status===400){
alert("not ok")
}
它在 200 ok 时返回代码,但在 400 bad request 时不返回任何内容。事实上,除了 200_ok 代码外,似乎没有任何回复消息。有什么解决办法吗?
我有一个带有示例序列化程序的扩展用户(配置文件是扩展用户,而不是抽象用户)
{
"id": 3,
"url": "http://localhost:8000/api/v1/users/demo/",
"username": "demo",
"first_name": "First",
"last_name": "Demo",
"profile": {
"gender": null,
"location": "Sa Pa",
"date_of_birth": null,
"job_title": null,
"phone_number": null,
"fax_number": "",
"website": "",
"intro": "",
"bio": "",
"interested_in": null,
"languages": null,
"quotes": null,
"nickname": null
}
}
如何自定义上述所有字段的有效负载并获得它axios?现在,它仅获得有效负载:
authUser:Object
email:"test@gmail.com"
exp:1509183691
user_id:1
username:"First Demo"
token:"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImxlY29uZ3RvYW4iLCJ1c2VyX2lkIjoxLCJlbWFpbCI6ImRyYWZ0bGlnb25ncXVhbjdAZ21haWwuY29tIiwiZXhwIjoxNTA5MTgzNjkxfQ.KSEp-7g-SGDbqfspedNwkT1rABFi0UQ45yKDJDTX2zA"
我点击了以下链接:#145但不起作用,请帮助我!
python django django-rest-framework django-rest-framework-jwt
我正在使用Django JWT启动项目中的身份验证系统。另外,我有一个中间件,问题是在内部,该用户由于某种原因是匿名的,而在该视图中,我可以通过访问该正确的用户request.user。这个问题使我发疯,因为前一段时间该代码运行良好!这是JWT的错误,还是我做错了什么?
class TimezoneMiddleware(MiddlewareMixin):
def process_request(self, request):
# request.user is ANONYMOUS HERE !!!!
if not request.user.is_anonymous:
tzname = UserProfile.objects.get(user = request.user).tz_name
if tzname:
timezone.activate(pytz.timezone(tzname))
相关的settings.py模块:
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'rest_framework.authentication.SessionAuthentication',
'rest_framework.authentication.BasicAuthentication',
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
),
'DEFAULT_PERMISSION_CLASSES': (
'rest_framework.permissions.IsAuthenticated',
),
'DEFAULT_RENDERER_CLASSES': (
'djangorestframework_camel_case.render.CamelCaseJSONRenderer',
# Any other renders
),
'DEFAULT_PARSER_CLASSES': (
'djangorestframework_camel_case.parser.CamelCaseJSONParser',
# Any other parsers
),
}
JWT_AUTH = {
'JWT_ENCODE_HANDLER':
'rest_framework_jwt.utils.jwt_encode_handler',
'JWT_DECODE_HANDLER':
'rest_framework_jwt.utils.jwt_decode_handler',
'JWT_PAYLOAD_HANDLER':
'rest_framework_jwt.utils.jwt_payload_handler',
'JWT_PAYLOAD_GET_USER_ID_HANDLER':
'rest_framework_jwt.utils.jwt_get_user_id_from_payload_handler',
'JWT_RESPONSE_PAYLOAD_HANDLER': 'rest_framework_jwt.utils.jwt_response_payload_handler',
# 'rest_authentication.views.jwt_response_payload_handler',
'JWT_SECRET_KEY': SECRET_KEY,
'JWT_PUBLIC_KEY': None,
'JWT_PRIVATE_KEY': None,
'JWT_ALGORITHM': 'HS256', …我正在使用django-rest-framework-simplejwt来获取access token和refresh token。
问题是,refresh token如果我更改用户的密码,它不会变得无效。refresh token基本上,即使用户更改密码后,我也可以继续发送和获取新的访问令牌。
我想要的是要求用户重新提交用户名和新密码以获得一对新的access和refresh tokens。
我将如何实现这个目标?
PS:只是因为我很好奇,这不应该是库的默认行为吗?在什么情况下我们希望保留refresh token凭据更改后的信息?
我想在后端接收刷新令牌以将令牌列入黑名单。
当用户传递访问令牌request.header以调用 API 时,我正在获取访问令牌,是否有任何方法可以在用户未传递标头时获取刷新令牌。
django jwt django-rest-framework django-rest-framework-jwt django-rest-framework-simplejwt
我有一个聊天应用程序,它使用与 WhatsApp 相同的身份验证方法。
通常我会通过以下方式获取 jwt 身份验证令牌:
from rest_framework_simplejwt.views import TokenObtainView
path('api/token/', TokenObtainView.as_view(), name='token_obtain_pair'),
但是,当我的用户模型使用电话号码和验证码时,这需要用户名和密码。有什么办法可以改变这个吗?
用户名 ======> 电话号码 密码 ======> 电话号码(验证码)
第二种方法是传递用户实例并以某种方式从中获取身份验证令牌我的登录视图
@api_view(['POST',])
def loginuser(request):
if request.method == 'POST':
phone_number = request.data.get('phone_number')
try:
user = User.objects.get(phone_number=phone_number)
if int(request.data.get('phone_code')) == user.phone_code and user.phone_code:
# user.phone_code = None
# user.save()
return Response({'phone_number': phone_number}, status.HTTP_200_OK)
else:
return Response({'error': "Invalid code"}, status.HTTP_400_BAD_REQUEST)
except Exception as error:
return Response({'error': error}, status.HTTP_500_INTERNAL_SERVER_ERROR)
我的用户模型:
class User(AbstractUser):
phone_number = PhoneNumberField(unique=True)
username = models.CharField(max_length=30)
password = models.CharField(null=True, blank=True, max_length=20) …我正在尝试向注册用户发送电子邮件验证链接,但我不断收到此错误,我不知道为什么,但每当我向此端点发送发布请求时,我总是收到此错误
Internal Server Error: /auth/register
Traceback (most recent call last):
File "/mnt/c/Users/Somtochukwu/Desktop/cultural-exchange/proj/lib/python3.8/site-packages/django/core/handlers/exception.py", line 47, in inner
response = get_response(request)
File "/mnt/c/Users/Somtochukwu/Desktop/cultural-exchange/proj/lib/python3.8/site-packages/django/core/handlers/base.py", line 181, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/mnt/c/Users/Somtochukwu/Desktop/cultural-exchange/proj/lib/python3.8/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
return view_func(*args, **kwargs)
File "/mnt/c/Users/Somtochukwu/Desktop/cultural-exchange/proj/lib/python3.8/site-packages/django/views/generic/base.py", line 70, in view
return self.dispatch(request, *args, **kwargs)
File "/mnt/c/Users/Somtochukwu/Desktop/cultural-exchange/proj/lib/python3.8/site-packages/rest_framework/views.py", line 509, in dispatch
response = self.handle_exception(exc)
File "/mnt/c/Users/Somtochukwu/Desktop/cultural-exchange/proj/lib/python3.8/site-packages/rest_framework/views.py", line 469, in handle_exception
self.raise_uncaught_exception(exc)
File "/mnt/c/Users/Somtochukwu/Desktop/cultural-exchange/proj/lib/python3.8/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception
raise exc
File "/mnt/c/Users/Somtochukwu/Desktop/cultural-exchange/proj/lib/python3.8/site-packages/rest_framework/views.py", line 506, in dispatch
response …python django django-rest-framework django-rest-framework-jwt django-rest-framework-simplejwt
我想做一个“评论”表。在表中,将有一个包含创建评论的 user_id 的字段。与评论表相关的用户来自Django默认用户模型。这是评论模型:
class Comment(models.Model):
user = models.ForeignKey(User, on_delete=models.CASCADE)
content = models.TextField()
pub_date = models.DateTimeField(auto_now_add=True)
这是评论序列化器:
class CommentSerializer(serializers.ModelSerializer):
class Meta:
model = Comment
fields = '__all__'
这是创建新评论的视图集:
class CommentViewSet(mixins.CreateModelMixin, viewsets.GenericViewSet):
queryset = Comment.objects.all()
serializer_class = CommentSerializer
permission_classes = (IsAuthenticated,)
def perform_create(self, serializer):
serializer.save(user=self.request.user)
我还将用户与 django rest jwt 集成以进行授权。这是我发送到 API 的标头和数据。
标题:
授权:持有者{jwt token}
内容类型:application/json
身体:
{ "content": "这是评论" }
但我得到这样的回应:
{ "user": [ "此字段为必填项。" ] }
如何修复序列化器,以便它从令牌(request.user)中检索用户?
django-serializer django-rest-framework django-rest-viewsets django-rest-framework-jwt