def validate(self, attrs): access_token = attrs['access_token'] openid = OAuthQQ.check_bind_user_access_token(access_token) if not openid: raise serializers.ValidationError('无效的access_token') attrs['openid'] = openid mobile = attrs['mobile'] sms_code = attrs['sms_code'] redis_conn = get_redis_connection('verify_codes') real_sms_code = redis_conn.get('sms_%s' % mobile) if real_sms_code.decode() != sms_code: raise serializers.ValidationError('短信验证码错误') try: user = User.objects.get(mobile=mobile) except User.DoesNotExist: pass else: password = attrs['password'] if not user.check_password(password): raise serializers.ValidationError('密码错误') attrs['user'] = user return attrs
def validate(self, attrs): """校验access_token和短信验证码""" access_token = attrs["access_token"] # 校验access_token是否被篡改,取出用户在QQ上的openid openid = OAuthQQ.check_bind_user_access_token(access_token) if not openid: raise serializers.ValidationError("无效的access_token") attrs["openid"] = openid # 保存到attrs中,验证通过后传递给validated_data # 校验短信验证码 mobile = attrs["mobile"] sms_code = attrs["sms_code"] redis_conn = get_redis_connection("verify_codes") real_sms_code = redis_conn.get("sms_%s" % mobile) if real_sms_code.decode() != sms_code: raise serializers.ValidationError("短信验证码错误") try: user = User.objects.get(mobile=mobile) except User.DoesNotExist as e: logger.error("用户不存在:%s" % e) else: # 如果用户存在,校验密码 password = attrs["password"] # 把用户输入的原始明文密码与数据库保存的加密后密码进行对比 if not user.check_password(password): raise serializers.ValidationError("密码错误") # 密码一致,把用户模型保存到attrs中记录,以便在validated_data可以取出 attrs["user"] = user return attrs
def validate(self, attrs): # 校验access_token access_token = attrs["access_token"] openid = OAuthQQ.check_bind_user_access_token(access_token) if not openid: return serializers.ValidationError("无效的") # 将openid保存到atters中 attrs["openid"] = openid # 校验短信验证码 mobile = attrs["mobile"] sms_code = attrs["sms_code"] redis_conn = get_redis_connection("verify_codes") real_sms_code = redis_conn.get("sms_%s" % mobile) if sms_code != real_sms_code.decode(): raise serializers.ValidationError("短信验证码错误") # 判断用户是否存在,若存在校验密码 try: user = User.objects.get(mobile=mobile) except User.DoesNotExist: pass else: password = attrs["password"] if not user.check_password(password): raise serializers.ValidationError("密码错误") attrs["user"] = user return attrs
def validate(self, data): """ :param data: :return: """ # 1.校验access_token access_token = data["access_token"] # 调用自定义的方法使用isdangerous校验access_token获取其中的openid openid = OAuthQQ.check_bind_user_access_token(access_token) if not openid: raise serializers.ValidationError("无效的access_token") # 如果校验access_token成功,向数据中添加新的元素openid用于创建用户时存数据库 data["openid"] = openid # 2.校验短信 # 连接 redis_conn = get_redis_connection('verify_codes') # 取出前端发送的短信 sms_code = data["sms_code"] # 获取redis中存储的真正的短信 mobile = data['mobile'] real_sms_code = redis_conn.get('sms_%s' % mobile) if real_sms_code is None: raise serializers.ValidationError('无效的短信验证码') # 对比 if sms_code != real_sms_code.decode(): raise serializers.ValidationError('短信验证码错误') # 3.如果用户存在,检查用户密码,最后将user对象返回:用于创建时签发JWT token try: user = User.objects.get(mobile=mobile) except User.DoesNotExist: pass else: password = data["password"] if not user.check_password(password): raise serializers.ValidationError("密码错误") # 密码校验成功,data中添加元素user data["user"] = user # 校验方法最后都将数据返回 return data