def validate(self, attrs):
credentials = self._get_credentials(attrs)
if all(credentials.values()):
user = authenticate(**credentials)
if user:
if not user.is_active:
msg = 'User account is disabled.'
raise serializers.ValidationError(msg)
payload = jwt_payload_handler(user)
# Include original issued at time for a brand new token,
# to allow token refresh
if api_settings.JWT_ALLOW_REFRESH:
payload['orig_iat'] = timegm(
datetime.utcnow().utctimetuple()
)
return {
'token': jwt_encode_handler(payload),
'user': user,
}
else:
msg = 'Unable to login with provided credentials.'
raise serializers.ValidationError(msg)
else:
msg = 'credentials is not correct'
raise serializers.ValidationError(msg)
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = serializer.save() # 注册成功,将SQL记录插入语句提交到数据库执行
re_dict = serializer.data
# JWT模块的加密算法得到token,降低服务器的存储压力,并提高安全性
payload = jwt_payload_handler(user)
re_dict["jwt_token"] = jwt_encode_handler(payload)
headers = self.get_success_headers(serializer.data)
return Response(re_dict, status=status.HTTP_201_CREATED, headers=headers)
def create(self,request,*args,**kwargs): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) user = self.perform_create(serializer) re_dict = serializer.data payload = jwt_payload_handler(user) re_dict["token"] = jwt_encode_handler(payload) re_dict["name"] = user.name if user.name else user.username headers = self.get_success_headers(serializer.data) return Response(re_dict, status=status.HTTP_201_CREATED, headers=headers)
def create(self, request, *args, **kwargs):
"""
重载CreateModelMixin的create方法,用户注册完成后返回jwt-token
"""
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = self.perform_create(serializer)
re_dict = serializer.data
payload = jwt_payload_handler(user)
re_dict["token"] = jwt_encode_handler(payload)
re_dict["name"] = user.name if user.name else user.username
headers = self.get_success_headers(serializer.data)
return Response(re_dict,
status=status.HTTP_201_CREATED,
headers=headers)
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
# self.perform_create(serializer)
# 重写生成token
user = self.perform_create(serializer)
re_dict = serializer.data
payload = jwt_payload_handler(user)
re_dict["token"] = jwt_encode_handler(payload)
re_dict["name"] = user.username if user.username else user.mobile
headers = self.get_success_headers(serializer.data)
# return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
return Response(re_dict,
status=status.HTTP_201_CREATED,
headers=headers)
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
print(serializer.initial_data)
serializer.is_valid(raise_exception=True)
user = self.perform_create(serializer)
# 在create 中自定义方法 -> jwt 认证
re_dict = serializer.data
payload = jwt_payload_handler(user)
re_dict['token'] = jwt_encode_handler(payload)
re_dict['name'] = user.name if user.name else user.username
headers = self.get_success_headers(serializer.data)
print(re_dict)
return Response(re_dict,
status=status.HTTP_201_CREATED,
headers=headers)
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = self.perform_create(serializer)
headers = self.get_success_headers(serializer.data)
# 生成token
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
ret_data = {
'nickname': user.nickname,
'userid': user.id,
'token': token
}
ret_data.update(serializer.data)
return Response(ret_data,
status=status.HTTP_201_CREATED,
headers=headers)
def validate(self, attrs):
username = attrs.get('username')
password = attrs.get('password')
user = models.User.objects.filter(username=username,
is_delete=False).first()
if not user:
raise ValidationError('该用户不存在')
if not user.check_password(str(password)):
raise ValidationError('密码错误')
self.user = user
self.user_icon = os.path.join(f'{settings.BASE_URL}/media/',
str(user.user_icon))
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
self.token = token
return attrs
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
now_user = self.perform_create(serializer)
now_payload = jwt_payload_handler(now_user)
now_token = jwt_encode_handler(now_payload)
now_dict = serializer.data
now_dict["token"] = now_token
now_dict[
"name"] = now_user.name if now_user.name else now_user.username
headers = self.get_success_headers(serializer.data)
return Response(now_dict,
status=status.HTTP_201_CREATED,
headers=headers)
def post(self, request):
data = request.data # 获取微信数据
code = data.get('code', '')
if not code:
return Response({'msg': '缺少code'}, status=status.HTTP_404_NOT_FOUND)
# url = "https://api.weixin.qq.com/sns/jscode2session?appid={0}&secret={1}&js_code={2}&grant_type=authorization_code" \
# .format(settings.APP_ID, settings.APP_KEY, code)
# r = requests.get(url)
# res = json.loads(r.text)
# session_key = res['session_key'] if 'session_key' in res else None
# res.pop('session_key', None)
# 封装方法:微信返回的json数据
wx = WxLogin()
res = wx.getUserInfo(code)
openid = res['openid'] if 'openid' in res else None
if not openid:
return Response({'message': '微信调用失败'}, status=status.HTTP_503_SERVICE_UNAVAILABLE)
# 判断用户是否第一次登录
try:
user = User.objects.get(openid=openid)
except Exception:
# 微信用户第一次登陆,新建用户
# username = request.data.get('nickname')
# sex = request.data.get('sex')
# 微信传递过来的openid,储存到数据库。
# 微信再次请求,如果有openid就不新建,直接返回token给微信登录
user = User.objects.create(username=openid,openid=openid)
user.set_password(openid)
user.save()
# token
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
resp_data = {
"user_id": user.id,
"username": user.username,
"token": token,
}
return Response(resp_data,status=status.HTTP_201_CREATED)
def demo_post(self, request, *args, **kwargs):
account = request.data.get("account")
pwd = request.data.get("pwd")
if re.match(r'.+@.+', account):
user_obj = User.objects.filter(email=account).first()
elif re.match(r'1[3-9][0-9]{9}', account):
user_obj = User.objects.filter(phone=account).first()
else:
user_obj = User.objects.filter(username=account).first()
if user_obj and user_obj.check_password(pwd):
payload = jwt_payload_handler(user_obj)
token = jwt_encode_handler(payload)
return APIResponse(results={"username:user_obj.username"},
token=token)
return APIResponse(data_message="错误了")
def post(self, request, *args, **kwargs):
params = json.loads(request.body)
username = params['username']
password = params['password']
user_obj = auth.authenticate(username=username, password=password)
if user_obj and user_obj.is_active:
payload = jwt_payload_handler(user_obj)
token = jwt_encode_handler(payload)
token_key = CACHE_PREFIX + token
user_info = {
'username': username,
}
cache.set(token_key, token, CACHE_TIMEOUT)
login() # 爬虫登陆网站
return loginSuccess(user_info=user_info, token=token)
else:
return error('用户名或密码错误!')
def view_sign_in(request):
"""
This view is used for login and generates json for user access.
:param request: contain username and password of user.
:return: json for generate UI dynamically.
"""
response = {}
body = None
try:
body_unicode = request.body.decode('utf-8')
body = ast.literal_eval(body_unicode)
username = body['Username']
password = body['Password']
user = authenticate(username=username, password=password)
if user is not None:
if user.finalized:
user_obj = User.objects.filter(username=user)
locality_obj = locality_mapping.objects.get(user_id=user_obj)
key = locality_obj.locality_key
response["Status"] = 0
response['Username'] = username
response['Locality'] = key
response['UserId'] = (list(user_obj)[0]).id
response['LocalityId'] = locality_obj.id
user = User.objects.get(username=username)
# Generating token for access another view.
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
response["Token"] = token
else:
response = {"Status": 3}
else:
# Not login access.
response = {"Status": 2}
except Exception as e:
response = {"Status": 1}
logger.error("Body of Request is'{0}' and Exception is '{1}'".format(
body, e),
exc_info=True)
return HttpResponse(json.dumps(response), content_type='application/json')
def post(request):
try:
# get
platform = request.query_params['platform']
device_id = request.query_params['device_id']
# post
phone = request.data['phone']
password = request.data['password']
code = request.data['code']
except KeyError:
return error_request(ErrBaseParams)
if not is_phone(phone):
return error_request(ErrBaseParams)
if not is_password(password):
return error_request(ErrBaseParams)
if not is_code(code):
return error_request(ErrBaseParams)
exists = Profile.objects.filter(phone=phone).exists()
if exists:
return error_request(ErrUserDoesExist)
user = Profile.objects.create(
uid=gen_uid(),
phone=phone,
password=make_password(password),
platform=platform,
username='******' + phone,
register_ip=gen_ip(request),
device_id=device_id,
)
Balance.objects.create(user=user, )
return_data = dict_success()
return_data['msg'] = '注册成功'
return_data['data'] = serializer_data(user, ProfileSerializer, request)
return_data['data']['token'] = jwt_encode_handler(
jwt_payload_handler(user))
return success_request(return_data)
def create(self, validated_data):
"""
保存数据的操作。
:param validated_data: 验证后的数据
:return:
"""
# 1.对密码进行加密后存储
print(validated_data, '进行保存数据')
phone = validated_data.get('phone')
password = validated_data.get('password')
# 2.处理用户名,随机字符串或者是phone
user = UserInfo.objects.create(username=phone,
password=make_password(password))
# 3.为注册的用户进行手动生成token
payload = jwt_payload_handler(user)
token = jwt_encode_handler(payload)
user.token = token
return user
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = self.perform_create(serializer)
re_dict = serializer.data
payload = jwt_payload_handler(user)
re_dict["token"] = jwt_encode_handler(payload)
re_dict["name"] = user.name if user.name else user.username
headers = self.get_success_headers(serializer.data)
return Response({
"msg": "注册成功",
"data": re_dict,
"code": 200
},
status=status.HTTP_201_CREATED,
headers=headers)
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = self.perform_create(serializer)
re_dict = serializer.data
print('=====创建用户======', user)
payload = jwt_payload_handler(user)
print('========', payload, '========')
print('========', type(payload), '========')
# 添加token 和name 让用户注册完毕后就登陆
re_dict["token"] = jwt_encode_handler(payload)
re_dict["name"] = user.name if user.name else user.username
headers = self.get_success_headers(serializer.data)
return Response(re_dict,
status=status.HTTP_201_CREATED,
headers=headers)
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
#user = self.perform_create(serializer)
user = User(username=request.data.username,
password=request.data.password,
gender=request.data.gender,
avatarUrl=request.data.avatarUrl)
re_dict = serializer.data
payload = jwt_payload_handler(user)
re_dict["token"] = jwt_encode_handler(payload)
re_dict["name"] = user.name if user.name else user.username
headers = self.get_success_headers(serializer.data)
return Response(re_dict,
status=status.HTTP_201_CREATED,
headers=headers)
def create(self, request, *args, **kwargs):
data = request.data
serializer = UserSerializer(data=data)
if serializer.is_valid():
user = User.objects.create(**serializer.validated_data)
user.set_password(data['password'])
user.save()
payload = jwt_payload_handler(user)
token = {'token': jwt_encode_handler(payload)}
return Response(token, status=status.HTTP_201_CREATED)
return Response(
{
'status':
'Неправильный запрос',
'message':
'Учетная запись не может быть создана с полученными данными'
},
status=status.HTTP_400_BAD_REQUEST)
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = self.perform_create(serializer)
# 为了实现注册完成帮你自动登录,则注册完成后必须返回token,所以要重载CreateModelMixin里面的create函数,
# 原create函数只是保存了当前的model(user),但是并没有返回该model。我们要想获取到user model 就必须重写让它返回model,
# 然后在执行perform_create之后插入我们自己的逻辑。分析jwt的源码实现,找到它哪部分才是生成token的。然后将其找出,并返回
re_dict = serializer.data
payload = jwt_payload_handler(user)
re_dict["token"] = jwt_encode_handler(payload)
re_dict["name"] = user.name if user.name else user.username
headers = self.get_success_headers(serializer.data)
return Response(re_dict,
status=status.HTTP_201_CREATED,
headers=headers)
def create(self, request, *args, **kwargs):
"""
重载函数,再注册完成后返回生成的token完成注册后即登录
"""
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = self.perform_create(serializer)
# 使用jwt取出生成的token
re_dict = serializer.data
payload = jwt_payload_handler(user)
# 可以自定义添加想要返回的任何参数
re_dict["token"] = jwt_encode_handler(payload)
headers = self.get_success_headers(serializer.data)
return Response(re_dict,
status=status.HTTP_201_CREATED,
headers=headers)
def create(self, request, *args, **kwargs):
"""
rewrite the create function
:param request:
:param args:
:param kwargs:
:return: Response:
"""
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = self.perform_create(serializer=serializer)
re_dict = serializer.data
payload = jwt_payload_handler(user)
re_dict["token"] = jwt_encode_handler(payload)
headers = self.get_success_headers(serializer.data)
return Response(re_dict,
status=status.HTTP_201_CREATED,
headers=headers)
def register(request):
post = request.data
username = post.get("username", None)
password = post.get("password", None)
email = post.get("email", None)
print(password)
if username is None or password is None or email is None:
return HttpResponseBadRequest()
user = User.objects.create_user(username, email, password)
user.save()
return Response({
"user":
UserSerializer(user, context={
"request": request
}).data,
"token":
jwt_encode_handler(jwt_payload_handler(user))
})
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
if not serializer.is_valid(raise_exception=False):
return JsonResponse({'errmsg': serializer._errors, 'errcode': -1})
user = self.perform_create(serializer)
# 授权信息绑定
state = request.COOKIES.get('state')
if state:
state_dict = eval(base64.b64decode(state).decode('utf-8'))
# 绑定店铺信息
shop, _ = self.get_shop_info(state_dict['access_token'])
state_dict['shop'] = shop
# 商品信息同步,异步任务
task_product_info.apply_async(queue='product_router')
# 绑定用户
state_dict['user'] = user
JdAuthUserModel.objects.update_or_create(uid=state_dict['uid'],
defaults=state_dict)
else:
# 直接注册的用户获取获取授权信息,state为传递绑定的账户
jd_web_auth_obj = JdWebAuthorized(
code='', state=f'username:{user.username}')
redirect_url = jd_web_auth_obj.get_code_url()
re_dict = {}
re_dict["errcode"] = 2
re_dict["errmsg"] = '注册成功'
re_dict["redirect_url"] = redirect_url
return Response(re_dict, status=status.HTTP_200_OK)
re_dict = serializer.data
payload = jwt_payload_handler(user)
re_dict["token"] = jwt_encode_handler(payload)
re_dict["username"] = user.username
re_dict["errmsg"] = '注册成功'
re_dict["errcode"] = 0
headers = self.get_success_headers(serializer.data)
response = Response(re_dict,
status=status.HTTP_201_CREATED,
headers=headers)
# 删除该cookie信息
response.set_cookie('state', '')
return response
def create(self, request, *args, **kwargs):
"""
重载create方法,设置name和token,实现注册后立即登录
:param request:
:param args:
:param kwargs:
:return:
"""
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = self.perform_create(serializer)
re_dict = serializer.data
payload = jwt_payload_handler(user)
re_dict["token"] = jwt_encode_handler(payload)
re_dict["name"] = user.name if user.name else user.username
headers = self.get_success_headers(serializer.data)
return Response(re_dict, status=status.HTTP_201_CREATED, headers=headers)
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
# 接收刚刚登录的用户对象
user = self.perform_create(serializer)
# =====token的定制化
# 获取返回序列化后要的对象
re_dict = serializer.data
# 给登录的用户对象添加token信息
payload = jwt_payload_handler(user)
# 给返回的对象添加token信息
re_dict['token'] = jwt_encode_handler(payload)
re_dict['name'] = user.name if user.name else user.username
# ====结束
headers = self.get_success_headers(serializer.data)
return Response(re_dict,
status=status.HTTP_201_CREATED,
headers=headers)
def validate(self, attrs):
credentials = {
self.username_field: attrs.get(self.username_field),
'password': attrs.get('password')
}
if all(credentials.values()):
user = authenticate(**credentials)
if user:
if not user.is_active:
msg = _('User account is disabled.')
# 用户账户不能使用;
raise serializers.ValidationError(msg)
user.last_login = datetime.now()
payload = jwt_payload_handler(user)
# 【待登陆成功前的处理逻辑】
# from .blacklist.utils import UserCache
# user.token = jwt_encode_handler(payload)
# _stat = UserCache(user=user, remote_addr="a").seccuss_cache_init()
# if _stat["stat"] != 0:
# msg = _('封禁时间段内')
# raise serializers.ValidationError(msg)
## END_USET
return {'token': jwt_encode_handler(payload), 'user': user}
else:
# 【失败登陆的处理逻辑】
# from .blacklist.utils import UserCache
# _stat = UserCache(self.object.get("request")).failed_cache_init()
# if _stat["stat"] == -1:
# msg = _('封禁时间段内')
# raise serializers.ValidationError(msg)
msg = _('Unable to login with provided credentials.')
raise serializers.ValidationError(msg)
else:
# YOU can rewrite this msg, but no active
msg = _('Must include "{username_field}" and "password".')
msg = msg.format(username_field=self.username_field)
raise serializers.ValidationError(msg)
def validate(self, attrs):
if not attrs.get('name'):
msg = _('必须提供App名字。')
raise serializers.ValidationError(msg)
apps = AppVersion.objects.filter(
app_name=attrs.get('name')).order_by('-date_pub')
if not apps:
raise serializers.ValidationError('对象不存在。', 'dose_not_exit')
payload = {
'app_name': apps[0].app_name,
'ver_code': apps[0].ver_code,
'exp': timezone.now() + settings.JWT_AUTH['APP_TOKEN_EXP_DELTA']
}
return {
'token': jwt_encode_handler(payload),
'app_version': AppVersionSerializer(apps[0]).data
}
def post(self, request, format=None):
params = request.query_params if len(
request.data) == 0 else request.data
company = request.headers["company"]
username = params.get("email", None)
password = params.get("password", None)
company_obj = Company.objects.filter(sub_domain=company).first()
if not company_obj:
company_field = "doesnot exit"
msg = _("company with this subdomin {company_field}")
msg = msg.format(company_field=company_field)
return Response({"status": "failure", "message": msg}, status=400)
# raise APIException(msg)
if not username:
username_field = "User Name/Email"
msg = _('Must include "{username_field}"')
msg = msg.format(username_field=username_field)
return Response({"status": "failure", "message": msg}, status=400)
# raise APIException(msg)
user = User.objects.filter(email=username, company=company_obj).first()
if not user:
return Response(
{
"status": "failure",
"message": "user not avaliable in our records"
},
status=400,
)
if user.check_password(password):
payload = jwt_payload_handler(user)
response_data = {
"token": jwt_encode_handler(payload),
"status": "success",
"company": user.company.id,
"subdomin": company_obj.sub_domain,
}
return Response(response_data)
else:
password_field = "doesnot match"
msg = _("Email and password {password_field}")
msg = msg.format(password_field=password_field)
return Response({"status": "failure", "message": msg}, status=400)
def validate(self, attrs):
username = attrs.get("username")
password = attrs.get("password")
if re.match(r'.+@.+', username, re.I):
user = UserInfo.objects.filter(email=username).first()
elif re.match(r'1[3-9][0-9]{9}', username):
user = UserInfo.objects.filter(mobile=username).first()
else:
user = UserInfo.objects.filter(username=username).first()
if user and user.check_password(password):
# 签发token
payload = jwt_payload_handler(user)
self.token = jwt_encode_handler(payload)
return attrs
raise serializers.ValidationError({'data': '数据有误'})
def test_other_user_permission_api(self):
data = self.create_item()
data_id = data.get('id')
user = User.objects.create(username='******')
payload = jwt_payload_handler(user)
print(payload)
token = jwt_encode_handler(payload)
print(token)
self.client.credentials(HTTP_AUTHORIZATION='JWT ' + token)
rud_url = api_reverse('api-status:detail', kwargs={'id': data_id})
rud_data = {
'content': 'permission test'
}
get_ = self.client.get(rud_url, format='json')
put_ = self.client.put(rud_url, rud_data, format='json')
delete_ = self.client.delete(rud_url, format='json')
self.assertEqual(get_.status_code, status.HTTP_200_OK)
self.assertEqual(put_.status_code, status.HTTP_403_FORBIDDEN)
self.assertEqual(delete_.status_code, status.HTTP_403_FORBIDDEN)
def create(self, request, *args, **kwargs):
"""
用户注册(注意username填写手机号)
覆写,以将token加入response给用户(实现注册完自动登录)
"""
serializer = self.get_serializer(data=request.data)
# Serializer中做验证并可能抛出异常,出错时将自动返回相应的HTTP状态码
serializer.is_valid(raise_exception=True)
user = self.perform_create(serializer)
print("用户保存化好了")
re_dict = serializer.data
payload = jwt_payload_handler(user)
re_dict["token"] = jwt_encode_handler(payload)
re_dict["name"] = user.name if user.name else user.username
print("返回的字典做好了")
headers = self.get_success_headers(serializer.data)
return Response(re_dict,
status=status.HTTP_201_CREATED,
headers=headers)
def update(self, request, *args, **kwargs):
partial = kwargs.pop('partial', False)
instance = self.get_object()
serializer = self.get_serializer(instance,
data=request.data,
partial=partial)
serializer.is_valid(raise_exception=True)
user = self.perform_update(serializer)
re_dict = serializer.data
payload = jwt_payload_handler(user)
re_dict['token'] = jwt_encode_handler(payload)
if getattr(instance, '_prefetched_objects_cache', None):
# If 'prefetch_related' has been applied to a queryset, we need to
# forcibly invalidate the prefetch cache on the instance.
instance._prefetched_objects_cache = {}
return Response(re_dict)
def validate(self, attrs):
username = attrs.get('username').lower()
password = attrs.get('password')
user = plex_authentication(username=username, password=password)
if user:
if not user[0].is_active:
logger.warn('The user {} attempted to login, but their account is disabled'.format(username))
msg = 'User account is disabled.'
raise serializers.ValidationError(msg)
payload = jwt_payload_handler(user[0])
return {
'token': jwt_encode_handler(payload)
}
else:
msg = 'Unable to login with provided credentials.'
raise serializers.ValidationError(msg)
def get_token(self, obj):
return jwt_encode_handler(jwt_payload_handler(obj))
def login(self, request, *args, **kwargs):
# payload = jwt_payload_handler(user)
return Response({'jwt': jwt_encode_handler(payload), 'username': user.username}) # 回傳JWT token及使用者帳號