我正在尝试在自定义身份验证中覆盖is_authenticated。我有一些简单的东西(开始),像这样:
class MyAuthentication(BasicAuthentication): def __init__(self, *args, **kwargs): super(MyAuthentication, self).__init__(*args, **kwargs) def is_authenticated(self, request, **kwargs): return True
然后在我的ModelResource中
class LoginUserResource(ModelResource): class Meta: resource_name = 'login' queryset = User.objects.all() excludes = ['id', 'email', 'password', 'is_staff', 'is_superuser'] list_allowed_methods = ['post'] authentication = MyAuthentication() authorization = DjangoAuthorization()
我不断收到500错误"error_message": "column username is not unique"。我在数据库中只有一个用户名,这是我要验证的用户。
"error_message": "column username is not unique"
关于它为什么返回此错误的任何想法?我将如何允许api客户端登录?
你的方法将尝试使用你要进行身份验证的用户名创建一个新用户。正如你所注意到的,这将在数据库层冒泡,该用户已经存在。
你想要创建一个UserResource,在其上添加一个方法,用户可以将其发布到并使用通过用户名/密码传递的数据登录。
from django.contrib.auth.models import User from django.contrib.auth import authenticate, login, logout from tastypie.http import HttpUnauthorized, HttpForbidden from django.conf.urls import url from tastypie.utils import trailing_slash class UserResource(ModelResource): class Meta: queryset = User.objects.all() fields = ['first_name', 'last_name', 'email'] allowed_methods = ['get', 'post'] resource_name = 'user' def override_urls(self): return [ url(r"^(?P<resource_name>%s)/login%s$" % (self._meta.resource_name, trailing_slash()), self.wrap_view('login'), name="api_login"), url(r'^(?P<resource_name>%s)/logout%s$' % (self._meta.resource_name, trailing_slash()), self.wrap_view('logout'), name='api_logout'), ] def login(self, request, **kwargs): self.method_check(request, allowed=['post']) data = self.deserialize(request, request.raw_post_data, format=request.META.get('CONTENT_TYPE', 'application/json')) username = data.get('username', '') password = data.get('password', '') user = authenticate(username=username, password=password) if user: if user.is_active: login(request, user) return self.create_response(request, { 'success': True }) else: return self.create_response(request, { 'success': False, 'reason': 'disabled', }, HttpForbidden ) else: return self.create_response(request, { 'success': False, 'reason': 'incorrect', }, HttpUnauthorized ) def logout(self, request, **kwargs): self.method_check(request, allowed=['get']) if request.user and request.user.is_authenticated(): logout(request) return self.create_response(request, { 'success': True }) else: return self.create_response(request, { 'success': False }, HttpUnauthorized)
现在你可以将POST发送到http://hostname/api/user/logindata了 { 'username' : 'me', 'password' : 'l33t' }。
http://hostname/api/user/logindata
{ 'username' : 'me', 'password' : 'l33t' }