from django.contrib.auth import authenticate,login,logout #可以用来做登录验证
from django.contrib.auth.decorators import login_required #装饰器,用于对用户是否登录进行验证
1.简单使用:
def acc_login(request):
error_msg = ''
if request.method == "POST":
username = request.POST.get("username")
password = request.POST.get("password")
user = authenticate(username=username,password=password) #进行用户验证
if user:
login(request,user) #登录状态,添加入session, request.user = user
return redirect(request.GET.get("next","/"))
else:
error_msg = "Wrong Username Or Password"
return render(request,"login.html",{"error_msg":error_msg})
def acc_logout(request):
logout(request) #清除session数据
return redirect("/login.html")
from django.contrib.auth.decorators import login_required
@login_required
def dashboard(request):
return render(request,"Sale/dashboard.html")
注意:使用@login_required需要我们配置
LOGIN_URL = "/login.html" #默认是在accounts/login路由下跳转
2.方法了解
(1)authenticate方法
def authenticate(self, request, username=None, password=None, **kwargs):
if username is None:
username = kwargs.get(UserModel.USERNAME_FIELD)
try:
user = UserModel._default_manager.get_by_natural_key(username) #根据用户名获取用户对象
except UserModel.DoesNotExist:
# Run the default password hasher once to reduce the timing
# difference between an existing and a non-existing user (#20760).
UserModel().set_password(password)
else:
if user.check_password(password) and self.user_can_authenticate(user): #根据密码进行登录验证,以及获取用户的操作权限
return user
UserModel = get_user_model()
def get_user_model(): #返回用户表对象,对象由AUTH_USER_MODEL指定,默认是auth.User默认数据表,我们可以在自己的setting文件中进行覆盖
"""
Returns the User model that is active in this project.
"""
return django_apps.get_model(settings.AUTH_USER_MODEL, require_ready=False)
(2)login方法
def login(request, user, backend=None):
![]()
def login(request, user, backend=None):
"""
Persist a user id and a backend in the request. This way a user doesn't
have to reauthenticate on every request. Note that data set during
the anonymous session is retained when the user logs in.
"""
session_auth_hash = ''
if user is None:
user = request.user
if hasattr(user, 'get_session_auth_hash'):
session_auth_hash = user.get_session_auth_hash()
if SESSION_KEY in request.session:
if _get_user_session_key(request) != user.pk or (
session_auth_hash and
not constant_time_compare(request.session.get(HASH_SESSION_KEY, ''), session_auth_hash)):
# To avoid reusing another user's session, create a new, empty
# session if the existing session corresponds to a different
# authenticated user.
request.session.flush()
else:
request.session.cycle_key()
try:
backend = backend or user.backend
except AttributeError:
backends = _get_backends(return_tuples=True)
if len(backends) == 1:
_, backend = backends[0]
else:
raise ValueError(
'You have multiple authentication backends configured and '
'therefore must provide the `backend` argument or set the '
'`backend` attribute on the user.'
)
request.session[SESSION_KEY] = user._meta.pk.value_to_string(user)
request.session[BACKEND_SESSION_KEY] = backend
request.session[HASH_SESSION_KEY] = session_auth_hash
if hasattr(request, 'user'):
request.user = user
rotate_token(request)
user_logged_in.send(sender=user.__class__, request=request, user=user)
设置session,向request中添加user属性,可以直接使用request.user获取User表对象