def get(self, request): # 1. 获取code code = request.GET.get('code') if code is None: return JsonResponse({'code': 400, 'errmsg': '没有code参数'}) QQ_CLIENT_ID = '101474184' QQ_CLIENT_SECRET = 'c6ce949e04e12ecc909ae6a8b09b637c' QQ_REDIRECT_URI = 'http://www.meiduo.site:8080/oauth_callback.html' qq = OAuthQQ(client_id=QQ_CLIENT_ID, client_secret=QQ_CLIENT_SECRET, redirect_uri=QQ_REDIRECT_URI) # 2. 通过 coke 换取 token access_token = qq.get_access_token(code) # 3. 通过 token 获取 openid openid = qq.get_open_id(access_token) # 4. 根据 openid 进行数据查询 try: qquser = OAuthQQUser.objects.get(openid=openid) except OAuthQQUser.DoesNotExist: return JsonResponse({'code': 300, 'access_token': openid}) else: login(request, qquser.user) response = JsonResponse({'code': 0, 'errmsg': 'ok'}) response.set_cookie('username', qquser.user.username, 14 * 24 * 3600) return response
def wrapper(request, *args, **kwargs): if request.session.get( "uid") is None or request.session.get_expiry_age() <= 1: # 如果未登陆状态,或者会话过期执行此分支 # 获取用户登陆前访问的网址,用于登陆后,返回 # 获取用户登陆前的url full_path = request.get_full_path() # 如果直接登陆,则转到首页 if full_path == "/user/login": full_path = "/" # 判断是否通过AJAX访问 if request.is_ajax(): json = JsonResponse({ 'redirect': '1', 'address': '/user/login' }) json.set_cookie('url', full_path) return json else: red = HttpResponseRedirect("/user/login") red.set_cookie('url', full_path) return red else: # 更新会话 request.session.modified = True return func(request, *args, **kwargs)
def post(self, request): # 1. 接收参数 data = json.loads(request.body.decode()) # 2. 提取参数 mobile = data.get('mobile') password = data.get('password') sms_code = data.get('sms_code') access_token = data.get('access_token') openid = check_openid(access_token) # 3. 验证参数 # 4. 根据手机号判断用户信息 try: user = User.objects.get(mobile=mobile) except: user = User.objects.create(username=mobile, password=password, mobile=mobile) else: if not user.check_password(password): return JsonResponse({"code": 400, 'errmsg': '绑定失败'}) # 5. 绑定用户信息 OAuthQQUser.objects.create(openid=openid, user=user) login(request, user) response = JsonResponse({'code': 0, 'errmsg': 'ok'}) response.set_cookie('username', user.username, max_age=14 * 24 * 3600) return response
def post(self, request): data = json.loads(request.body.decode()) username = data.get('username') password = data.get('password') remembered = data.get('remembered') if not all([username, password]): return JsonResponse({'code': 400, 'errrmsg': '账号或密码不能为空'}) if re.match('1[3-9]\d{9}', username): User.USERNAME_FIELD = 'mobile' else: User.USERNAME_FIELD = 'username' from django.contrib.auth import authenticate user = authenticate(username=username, password=password) if user is None: return JsonResponse({'code': 400, 'errmsg': '账号或密码错误'}) login(request, user) if remembered: request.session.set_expiry(None) else: request.session.set_expiry(0) response = JsonResponse({'code': 0, 'errmsg': 'ok'}) response.set_cookie('username', username, 14 * 24 * 3600) return response
def process_response(request: HttpRequest, response): if isinstance(response, HttpResponseBase): return response response = JsonResponse({'result': response}) if 'student' in request.session and 'student' not in request.COOKIES: response.set_cookie('student', request.session['student']) return response
def post(self, request, pk): obj = self.get_obj(pk) obj.like += 1 obj.save(update_fields=[ 'like', ]) response = JsonResponse({'code': 0, 'msg': obj.like}) # 7天内不允许重复点赞 response.set_cookie(pk, 'true', expires=60 * 60 * 24 * 7) return response
def post_json(request): json_str = request.body # json_str = json_str.decode() print(json_str) req_data = json.loads(json_str) print(req_data) # print(request.META) response = JsonResponse(req_data) response.set_cookie('best1','python1',max_age=3600) return response
def throw_cookie_ajax(request): data = {} data['gdpr'] = render_to_string(template_name='gdpr/gdpr_ajax.html', request=request, context=data ) return_obj = JsonResponse(data) return_obj.set_cookie("gdpr", 'accept') request.session.set_test_cookie() return return_obj
def post(self, request, pk): """ 点赞, 异步任务来做 """ obj = m.Blog.objects.filter(pk=pk).first() response = JsonResponse({'code': 0, 'msg': obj.like + 1}) # 7天内不允许重复点赞 response.set_cookie(pk, 'true', expires=60 * 60 * 24 * 7) # 异步更新数据库 update_art_like.delay(pk) return response
def login(request): # md5 = hashlib.md5() account = request.POST.get('account') password = request.POST.get('password') try: user = User.objects.get(phone=account, password=password) response = JsonResponse({"status": 'ok', "name": user.name}) response.set_cookie('name', user.name, max_age=1800) return response except: return JsonResponse({'status': 'error', "name": "登录失败"})
def get(self, request): """ 1. 获取code 2. 通过code换取access_token 3. 通过access_token换取openid 4. 根据openid进行数据查询 5. 如果不存在 进行注册 6. 如果存在 保存session 7. 设置cookie 8. 返回响应 :param request: :return: """ # 1. 获取code code = request.GET.get('code') if code is None: return JsonResponse({'code': 400, 'errmsg': '没有code参数'}) QQ_CLIENT_ID = '101474184' # 我们申请的 客户端秘钥 QQ_CLIENT_SECRET = 'c6ce949e04e12ecc909ae6a8b09b637c' # 我们申请时添加的: 登录成功后回调的路径 QQ_REDIRECT_URI = 'http://www.meiduo.site:8080/oauth_callback.html' qq = OAuthQQ(client_id=QQ_CLIENT_ID, client_secret=QQ_CLIENT_SECRET, redirect_uri=QQ_REDIRECT_URI) # 2. 通过code换取access_token access_token = qq.get_access_token(code) # 3. 通过access_token换取openid openid = qq.get_open_id(access_token) # 4. 根据openid进行数据查询 try: qquser = OAuthQQUser.objects.get(openid=openid) except: # 5. 如果不存在 进行注册 token = generic_openid(openid) return JsonResponse({'code': 300, 'access_token': token}) else: # 6. 如果存在 保存session login(request, qquser.user) # 7. 设置cookie response = JsonResponse({'code': 0, 'errmsg': 'ok'}) response.set_cookie('username', qquser.user.username, max_age=14 * 24 * 3600) # 8. 返回响应 return response
def changeMail(self, request): query = "select email from registration where email='%s'" % ( '' + request.POST.get('email').lower()) models.cursor.execute(query) email = models.cursor.fetchall() if email: return JsonResponse({'otp': 0}) else: self.email = request.POST.get('email') self.sendOtp() response = JsonResponse({'email': self.email, 'otp': 1}) response.set_cookie('registerMail', self.email) return response
def post(self, request, pk): """ 点赞时先写入redis, 定时任务更新到mysql """ obj = m.Blog.objects.filter(pk=pk).first() cache = caches['four'] key = 'like_{}'.format(pk) real_like = cache.get(key, 0) response = JsonResponse({'code': 0, 'msg': obj.like + real_like + 1}) cache.set(key, real_like + 1, 60 * 60 + 60) # 7天内不允许重复点赞 response.set_cookie(pk, 'true', expires=60 * 60 * 24 * 7) return response
def post(self, request): """ 1.接收请求数据 2.提取数据 3.验证参数 4.认证登录用户 5.状态保持 6.要根据是否记住登录(类似于 mail.163.com中的 10免登录 本质是设置session过期时间) 7.返回响应 :param request: :return: """ # 1.接收请求数据 data = json.loads(request.body.decode()) # 2.提取数据 username = data.get('username') password = data.get('password') remembered = data.get('remembered') # 3.验证参数 if not all([username, password]): return JsonResponse({'code': 400, 'errmsg': '用户名或密码不能为空'}) if re.match('1[3|4|5|7|8][0-9]{9}', username): User.USERNAME_FIELD = 'mobile' else: User.USERNAME_FIELD = 'username' # 4.认证登录用户 user = authenticate(username=username, password=password) if user is None: return JsonResponse({'code': 400, 'errmsg': '用户名或密码错误'}) # 5.状态保持 login(request, user) # 6.要根据是否记住登录(类似于 mail.163.com中的 10免登录 本质是设置session过期时间) if remembered: request.session.set_expiry(None) else: request.session.set_expiry(0) response = JsonResponse({'code': 0, 'errmsg': 'ok'}) response.set_cookie('username', username, max_age=14 * 24 * 3600) # 7.返回响应 return response
def cookies_demo(request): # 接收参数 response = JsonResponse({'key': 'cookies_values'}) # 设置cookies response.set_cookie('LiBin', '*****@*****.**', max_age=60) # 读取cookies ret = request.COOKIES print(ret) # 删除 cookies response.delete_cookie('LiBin') return response
def login_handler(request): # 登陆后,开启session和客户端交login_hanlder交互 post = request.POST # 取出用户名和密码 try: username = post["username"] userpwd = post["pwd"] except Exception as e: return JsonResponse({"result": 2}) # 取出用户对象 uinfo = UserInfo.objects.filter(uname=username) if len(uinfo) == 0: return JsonResponse({"result": 2}) uinfo = uinfo[0] response = {} # 匹配密码 sha1 = hashlib.sha1() sha1.update(userpwd.encode("utf-8")) upwd = sha1.hexdigest() if uinfo.upasswd == upwd: # 验证成功 # return JsonResponse({"result": "0",}) # 提取用户ID和用户名建立会话 request.session['uid'] = uinfo.id request.session['uname'] = uinfo.uname # 100分钟过期 request.session.set_expiry(6000) # 如果登陆成功,应该返回到用户登陆之前的页面,在处理时,已经保存在cookies中 # 如果cookies中没有,那就跳转到首页 user_url = request.COOKIES.get("url") if user_url is None: user_url = "/" print("用户从url:%s跳转" % (user_url)) response = {"result": 0, "redirect": user_url} else: response = {"result": 1} # 是否记住密码?如果是,则写到用户cookie,如果否,则把cooies重置 recv_data = JsonResponse(response) if post["checked"] == "true": recv_data.set_cookie("username", username) else: recv_data.set_cookie("username", username, expires=-1) # return recv_data
def post(self, request): result = {'ok': False} pub_key = request.POST.get('key') password = request.POST.get('password') if pub_key and password: sec_data = cache.get(pub_key) if isinstance(sec_data, dict): logger = logging.getLogger('system') try_count = sec_data.get('try_count', 0) + 1 sec_data.update(try_count=try_count) cache.set(pub_key, sec_data, 300) if try_count < settings.AUTH_COUNT_LIMIT: sec_data = '{}{}{}'.format( pub_key, settings.IN_PASSWORD, sec_data.get('key')) sha = hashlib.sha256(sec_data.encode()) result.update(ok=password == sha.hexdigest()) else: cache.delete(pub_key) logger.warn( 'Auth count limit! From: {}'.format( get_client_ip(request))) if result.get('ok'): rand = SysRand() key_part1, key_part2, value = rand.create_keys(count=3) result.update(msg=msg.AUTH_OK) result = JsonResponse(result) key = '{}{}'.format(key_part1, key_part2) time_limit = 3600 * settings.AUTH_TIME cache.set( key, {'value': value, 'open': datetime_now().isoformat()}, time_limit) result.set_cookie( settings.AUTH_COOKIE_NAME, value='{}:{}'.format(key, value), max_age=time_limit) logger.info( 'Manager login from {} new key: {}'.format( get_client_ip(request), key)) else: result.update(msg=msg.INCORECT_PASSWORD) result = JsonResponse(result) return result
def signIn(request): # 登陆 if request.method == 'POST': username = request.POST.get('username') password = request.POST.get('password') remember_me = request.POST.get('remember_me') print("get SignIn Post", username, password, remember_me) user = authenticate(username=username, password=password) try: if user is not None: # 存在该用户 login(request, user) msg = {'userID': user.get_username()} code = 0 resp = {'code': code, 'detail': msg} response = JsonResponse(resp) # 判断用户是否勾选记住登录 if remember_me == "on": # 设置session有效期为14天(默认) request.session.set_expiry(None) else: # 如果没有记住,session在关闭浏览器后立刻失效 request.session.set_expiry(0) response.set_cookie(key='username', value=user.username, max_age=3600 * 24 * 14) return response else: code = 100 msg = 'email or password wrong!' except: code = 400 msg = 'signIn error!' finally: resp = {'code': code, 'detail': msg} else: code = 403 msg = 'error' resp = {'code': code, 'detail': msg} return JsonResponse(resp)
def post(self, request): """登录校验""" # 接收数据 response = {'code': 1, 'data': [], 'msg': ''} username = request.POST.get('username') password = request.POST.get('pwd') if not all([username, password]): response['msg'] = '数据不完整' return JsonResponse(response) try: user = User.objects.get(username=username) except User.DoesNotExist: user = None if user is not None: pwd = user.password if check_password(password, pwd): if user.is_active: login(request, user) next_url = request.GET.get('next', reverse('goods:index')) response['code'] = 0 response['msg'] = '登录成功' response['data'] = [{'next': next_url}] # 判断是否需要记住用户名 remember = request.POST.get('remember') res = JsonResponse(response) if remember == 'on': res.set_cookie('username', username, max_age=7 * 24 * 3600) else: res.delete_cookie('username') return res # 记录用户的登录状态 else: response['msg'] = '账号未激活' return JsonResponse(response) else: response['msg'] = '密码不正确' return JsonResponse(response) else: response['msg'] = '用户不存在' return JsonResponse(response)
def signIn(request): if request.method == 'POST': userID = request.POST.get('userID') password = request.POST.get('password') try: cursor = connection.cursor() cursor.execute("select password from users where userID='%s';" % (userID)) row = cursor.fetchone() row = row[0] cursor.close() if row != password: # 密码错误 msg = 'wrong user password!' code = 1001 resp = {'code': code, 'detail': msg} else: # 登录成功 code = 0 msg = 'user login success' resp = {'code': code, 'detail': msg} # 设置cookie response = JsonResponse(resp) response.set_cookie(key='userID', value=userID, max_age=3600 * 24 * 14) return response except Exception as e: code = 400 msg = "signIn error" resp = {'code': code, 'detail': msg} print(e) return JsonResponse(resp) return HttpResponse("ERROR")
def is_login(request): try: user = User.objects.get(uid=request.COOKIES.get("uid")) if request.COOKIES.get("token") != user.token: return RESPONSE_TOKEN_NOT_MATCH # 403 T-DNM if user.expired_date < datetime.now(): return RESPONSE_TOKEN_EXPIRE # 403 T-EXP if not user.is_active: return RESPONSE_INACTIVE_USER_JSON({"uid": user.uid}) response = JsonResponse({"uid": user.uid}) # 200 # refresh token user.token = token_urlsafe(TOKEN_LENGTH) user.expired_date = datetime.now() + timedelta(days=TOKEN_DURING_DAYS) user.save() response.set_cookie("token", user.token, max_age=SESSION_AGE) response.set_cookie("is_login", "true", max_age=SESSION_AGE) response.set_cookie("uid", user.uid, max_age=SESSION_AGE) return response except User.DoesNotExist: return RESPONSE_USER_DO_NOT_EXIST # 404 U-DNE except: raise
def post(self, request): """ 1. 接收参数 2. 提取参数 3. 验证参数 (省略--作业) 3.0 mobile,password,sms_code,access_token(openid) 必须都有值 3.1 手机号是否符合规则 3.2 密码是否符合规格 3.3 短信验证码是否正确 4. 根据手机号判断用户信息 如果没有查询到,则新增一个用户 如果查询到,则验证密码是否正确 5. 绑定用户信息 6. 状态保持 7. 设置cookie 8. 返回响应 :param request: :return: """ # 1. 接收参数 --JSON import json data = json.loads(request.body.decode()) # 2. 提取参数 mobile = data.get('mobile') password = data.get('password') sms_code = data.get('sms_code') access_token = data.get('access_token') #解密数据 from apps.oauth.utils import check_token openid = check_token(access_token) if openid is None: return JsonResponse({'code': 400, 'errmsg': '绑定失败'}) # 3. 验证参数 (省略--作业) # 3.0 mobile,password,sms_code,access_token(openid) 必须都有值 # 3.1 手机号是否符合规则 # 3.2 密码是否符合规格 # 3.3 短信验证码是否正确 # 4. 根据手机号判断用户信息 from apps.users.models import User try: user = User.objects.get(mobile=mobile) except User.DoesNotExist: # 如果没有查询到,则新增一个用户 # username 为什么 等于 mobile 因为绑定的时候 只让用户输入了手机号.我们就让 手机号和用户名 同名 user = User.objects.create_user(username=mobile, mobile=mobile, password=password) else: # 如果查询到,则验证密码是否正确 # user.check_password 是 父类的一个方法,系统为我们提供的 验证密码的方法 if not user.check_password(password): #密码不正确,我们返回错误的响应 return JsonResponse({'code': 400, 'errmsg': '绑定失败'}) # 5. 绑定用户信息 (数据入库) from apps.oauth.models import OAuthQQUser OAuthQQUser.objects.create(openid=openid, user=user) # 6. 状态保持 from django.contrib.auth import login login(request, user) # 7. 设置cookie response = JsonResponse({'code': 0, 'errmsg': 'ok'}) response.set_cookie('username', user.username, max_age=14 * 24 * 3600) # 8. 返回响应 return response
def login(request): uid = json.loads(request.body)['uid'] print(uid) response = JsonResponse({'succ': True}) response.set_cookie('uid', uid) return response
def post(self, request): """ 1. 接收参数 2. 提取参数 3. 验证参数 (省略--作业) 3.0 mobile,password,sms_code,access_token(openid) 必须都有值 3.1 手机号是否符合规则 3.2 密码是否符合规格 3.3 短信验证码是否正确 4. 根据手机号判断用户信息 如果没有查询到,则新增一个用户 如果查询到,则验证密码是否正确 5. 绑定用户信息 6. 状态保持 7. 设置cookie 8. 返回响应 :param request: :return: """ # 1. 接收参数 data = json.loads(request.body.decode()) # 2. 提取参数 mobile = data.get('mobile') password = data.get('password') sms_code = data.get('sms_code') access_token = data.get('access_token') openid = check_token(access_token) # 3. 验证参数 (省略--作业) # 3.0 mobile,password,sms_code,access_token(openid) 必须都有值 if not all([mobile, password, sms_code, openid]): return JsonResponse({"code": 400, 'errmsg': '参数不全'}) # 3.1 手机号是否符合规则 if not re.match('1[3|4|5|7|8][0-9]{9}', mobile): return JsonResponse({'code': 400, 'errmsg': '手机号格式错误'}) # 3.2 密码是否符合规格 if not re.match('[a-zA-Z0-9_-]{8,20}', password): return JsonResponse({'code': 400, 'errmsg': '密码格式错误'}) # 3.3 短信验证码是否正确 redis_cli = get_redis_connection('code') redis_sms_code = redis_cli.get(mobile) if sms_code != redis_sms_code: return JsonResponse({'code': 400, 'errmsg': '短信验证码错误'}) # 4. 根据手机号判断用户信息 try: user = User.objects.get(mobile=mobile) except: # 如果没有查询到,则新增一个用户 user = User.objects.create_user(name=mobile, password=password, mobile=mobile) else: # 如果查询到,则验证密码是否正确 if not user.check_password(password): return JsonResponse({'code': 400, 'errmsg': '绑定错误'}) # 5. 绑定用户信息 OAuthQQUser.objects.create(openid=openid, user=user) # 6. 状态保持 login(request, user) # 7. 设置cookie response = JsonResponse({'code': 0, 'errmsg': 'ok'}) response.set_cookie('username', user.username, max_age=14 * 24 * 3600) # 8. 返回响应 return response
def post(self, request): """添加购物车""" # 获取参数 json_dict = json.loads(request.body.decode()) sku_id = json_dict.get('sku_id') count = json_dict.get('count') selected = json_dict.get('selected', True) # 校验数据 # 判断数据是否齐全 if not all([sku_id, count]): return HttpResponseForbidden('缺少必传参数') # 判断sku_id是否存在 try: models.SKU.objects.get(id=sku_id) except models.SKU.DoesNotExist: return HttpResponseForbidden('sku_id 不存在') # 判断count是否为数字 try: count = int(count) except Exception: return HttpResponseForbidden('count不是整数') # 判断selected是否为bool if selected: if not isinstance(selected, bool): return HttpResponseForbidden('selected不是bool类型') # 判断用户是否登录 # user = request.user if not request.user.is_authenticated: # 如果未登录使用cookie # 首先从cookie中获取参数 cart_str = request.COOKIES.get('carts') # 判断购物车中是否已经有了要加入购物车的数据 if cart_str: # 有的话,count++ cart_str_bytes = cart_str.encode() cart_bytes = base64.b16decode(cart_str_bytes) cart_dict = pickle.loads(cart_bytes) # 没有的话,准备一个空的字典 else: cart_dict = {} if sku_id in cart_dict: origin_count = cart_dict[sku_id][count] count += origin_count cart_dict[sku_id] = { 'sku_id': sku_id, 'count': count, } cookie_set_str = base64.b64encode(pickle.dumps(cart_dict)).decode() # 创建响应对象 response = JsonResponse({'code': RETCODE.OK, 'errmsg': 'OK'}) response.set_cookie('carts', cookie_set_str) return response else: # 实例化redis对象 redis_conn = get_redis_connection('carts') pl = redis_conn.pipeline() # 添加数据到购物车 pl.hincrby('carts_%s' % request.user.id, sku_id, count) # 添加selected状态 if selected: pl.sadd('selected_%s' % selected, sku_id) pl.execute() return JsonResponse({'code': RETCODE.OK, 'errmsg': 'OK'})
def indexCookie(request): from django.http.response import JsonResponse response = JsonResponse({'key:', 'cookie'}, safe=False) response.set_cookie('heima', 'lsc', max_age=160) return response # 研究可响应对象 # def indexresponse(resquest): # # response = HttpResponse() # # response.content = '操作属性 ' # # return response # dict_data = { # 'name':'cxk', # 'age':'38' # # } # from django.http.response import JsonResponse # return JsonResponse(dict_data) # # 加列表 后面加上safe = False # # def header_request(request): # request_headers = request.META # # print(request_headers) # # print(request_headers['CONTENT_TYPE']) # print('请求方式:',request.method) # print('用户:',request.user) # print('路径:',request.path) # print('编码:',request.encoding) # return HttpResponse('解析请求头参数') # # def indexBodyNotForm(request): # # body_data = request.body # print(body_data) # body_str = body_data.decode() # print(body_str) # return HttpResponse('非表单啊') # def indexBodyForm(request): # form_data = request.POST # print(form_data) # print(form_data.get('a','默认值')) # print(form_data.get('c','默认值')) # print(form_data.getlist('a')) # # return HttpResponse('请求体啊') # # # # def indexQueryPramas(request): # # 解析查询的属性 # Pramas = request.GET # print(Pramas) # print(Pramas.get('a')) # print(Pramas.get('b')) # print(Pramas.getlist('a')) # # return HttpResponse('查询特么的参数') # # # def indexJoinPramas(request,city,year): # print('城市:', city) # print('年份:', year) # # return HttpResponse('shenyang/2019') # # # # def index(request): # return HttpResponse('ouhehe')
def post(self, request): """ 1.接收请求数据 2.提取数据 3.验证参数 4.认证登录用户 5.状态保持 6.要根据是否记住登录(类似于 mail.163.com中的 10免登录 本质是设置session过期时间) 7.返回响应 :param request: :return: """ # 1.接收请求数据 data = json.loads(request.body.decode()) # 2.提取数据 username = data.get('username') password = data.get('password') remembered = data.get('remembered') # 应该在这里改 # 我们根据 username 的值 来判断 if re.match('1[3-9]\d{9}', username): # 如果username 的值为 手机号,我们进行mobile的判断 User.USERNAME_FIELD = 'mobile' else: # 如果username 的值不为手机号,我们进行username的判断 User.USERNAME_FIELD = 'username' # 3.验证参数 # 用户名和密码是必须要传递的!!! if not all([username, password]): return JsonResponse({'code': 400, 'errmsg': '参数不全'}) # 3.1 用户名规格(作业) # 3.2 密码规格(作业) # 4.认证登录用户 # django 自带 admin后台. admin 可以验证用户名和密码 # django 实现了 用户名和密码的验证方法 from django.contrib.auth import authenticate # authenticate 把用户名和密码传递过去之后,会帮助我们验证 用户名和密码是否正确 # 如果正确,则返回 username对应的 模型对象 # 如果不正确,则返回 None # 设置关键字参数 user = authenticate(username=username, password=password) if user is None: # user is None 说明 用户名或密码不正确 # 我们千万不要告诉 前端 准确的错误信息 return JsonResponse({'code': 400, 'errmsg': '用户名或密码不正确'}) # user 不为None 说明登录成功继续执行后续代码 # 5.状态保持 from django.contrib.auth import login login(request, user) # 6.要根据是否记住登录(类似于 mail.163.com中的 10免登录 本质是设置session过期时间) if remembered: # remembered 用户 判断 是否勾选 记住登录状态 # 如果勾选 ,则让 session有效期为 2周(14天) request.session.set_expiry(None) else: # 如果未勾选,则 让 session有效期为 浏览会话结束之后 request.session.set_expiry(0) # 7.返回响应 response = JsonResponse({'code': 0, 'errmsg': 'ok'}) #设置cookie, # 注意: key 必须是 username 因为前端写死了 response.set_cookie('username', username, max_age=14 * 24 * 3600) return response
def get(self, request): # 1. **获取code**, code = request.GET.get('code') if code is None: return JsonResponse({'code': 400, 'errmsg': '没有code参数'}) # client_id = None, 我们在创建应用的时候的 id # client_secret = None, 我们在创建应用的时候的 秘钥 # redirect_uri = None, 当我们用户扫描同意之后,跳转的页面的url # QQ登录参数 # 我们申请的 客户端id QQ_CLIENT_ID = '101474184' # 我们申请的 客户端秘钥 QQ_CLIENT_SECRET = 'c6ce949e04e12ecc909ae6a8b09b637c' # 我们申请时添加的: 登录成功后回调的路径 QQ_REDIRECT_URI = 'http://www.meiduo.site:8080/oauth_callback.html' qq = OAuthQQ(client_id=QQ_CLIENT_ID, client_secret=QQ_CLIENT_SECRET, redirect_uri=QQ_REDIRECT_URI) # 2. **通过code换取access_token**, access_token = qq.get_access_token(code) # 3. **再通过access_token换取openid** openid = qq.get_open_id(access_token) # 'CBCF1AA40E417CD73880666C3D6FA1D6' # 4. 根据 openid 进行 数据查询 from apps.oauth.models import OAuthQQUser try: qquser = OAuthQQUser.objects.get(openid=openid) except OAuthQQUser.DoesNotExist: # 如果不存在 应该 返回 openid 让用户绑定 # 注意!!!!!!!!!!!!! # code 必须是 300 # 才会显示绑定页面 # 对openid 进行加密 from apps.oauth.utils import generic_openid token = generic_openid(openid) return JsonResponse({'code': 300, 'access_token': token}) else: # 如果 存在 在进行自动登录(状态保持)操作 # ① 状态保持 from django.contrib.auth import login # login 的第二个参数 应该是 User 模型的实例对象 # qquser.属性 # OAuthQQUser 有 user 的属性 login(request, qquser.user) # ② 设置cookie response = JsonResponse({'code': 0, 'errmsg': 'ok'}) # qquser.user 就是只的 User 的实例对象 response.set_cookie('username', qquser.user.username, max_age=14 * 24 * 3600) return response