【发布时间】:2022-02-12 18:19:09
【问题描述】:
我正在验证用户 OTP 以更改密码,更改密码后我无法使用 JWT 创建访问和刷新令牌,
通常当用户登录时,我使用以下方法 MyTokenObtainPairView 将访问和刷新令牌以及所有其他内容返回给 UserSerializerWithToken。
class MyTokenObtainPairSerializer(TokenObtainPairSerializer):
def validate(self, attrs):
data = super().validate(attrs)
serializer = UserSerializerWithToken(self.user).data
for k, v in serializer.items():
data[k] = v
return data
class MyTokenObtainPairView(TokenObtainPairView):
serializer_class = MyTokenObtainPairSerializer
我复制了类似的方法在 set_password 和 user.save() 之后返回 UserSerializerWithToken
UserSerializerWithToken 是
class UserSerializerWithToken(UserSerializer):
token = serializers.SerializerMethodField(read_only=True)
class Meta:
model = CustomUser
fields = ['id',
'isAdmin',
'token']
def get_token(self, obj):
token = RefreshToken.for_user(obj)
return str(token.access_token)
而有问题的功能是
@api_view(['PUT'])
def reset_password(request):
data = request.data
email = data['email']
otp_to_verify = data['otp']
new_password = data['password']
user = CustomUser.objects.get(email=email)
serializer = UserSerializerWithToken(user, many=False)
if CustomUser.objects.filter(email=email).exists():
if otp_to_verify == user.otp:
if new_password != '':
user.set_password(new_password)
user.save() # here password gets changed
return Response(serializer.data) #
else:
message = {
'detail': 'Password cant be empty'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
else:
message = {
'detail': 'Something went wrong'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
我收到令牌但无法访问并刷新令牌以使用它下次登录。我假设 user.save() 不在这里创建刷新和访问令牌。任何人都可以确定为什么会发生这种情况以及如何解决这个问题
【问题讨论】:
标签: django django-rest-framework django-views jwt django-validation