从 Django Rest Framework 中的令牌获取经过身份验证的用户 [英] Get Authenticated user from token in Django Rest Framework

问题描述

我是 Django 新手，我设法使用 DRF 构建了一个小型 API.我有我的 angular.js 客户端发布用户身份验证详细信息，DRF 返回一个令牌，如下所示:

I am new in Django and I have managed to build a small API using DRF. I have my angular.js client end posting user auth details and DRF returns a token which looks like this:

{ 'token' : '9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b' }

基于教程，我应该从请求中检索详细信息.user但我不知道在哪里做这个.我觉得它令人困惑，因为它没有给出一个很好的例子.任何人都知道如何解决它?非常感谢您的意见.

Based on the tutorial, I am supposed to retrieve the details from request.user But I don't know where to do this. I find it confusing since it doesn't give a good example. Anyone with an idea on how go around it? Your input is highly appreciated.

下面是我的视图和序列化器的代码.

Below is the code of my view and serializer.

from serializers import ExampleSerializer
from models import Example
from rest_framework import viewsets

class ExampleViewSet(viewsets.ModelViewSet):
    """
    Example api description
    """
    queryset = Example.objects.all()
    serializer_class = ExampleSerializer    

序列化器

 from models import Example
 from rest_framework import serializers

 class ExampleSerializer(serializers.ModelSerializer):
      class Meta:
        model = Example
        fields = ('id', 'field_one', 'field_two', 'created_at', 'updated_at')
        depth = 1

推荐答案

请记住，我也是 Angular 和 DRF 的新手...

Keeping in mind that I am also new to Angular and DRF...

如果您已经收到令牌，那么在 angularjs 方面，您需要在后续请求的标头中包含令牌.也许像这个来自身份验证请求的缩写代码:

If you are already receiving the token, then on the angularjs side, you need to be including the token in the headers of your subsequent requests. Perhaps like this abbreviated code from the authentication request:

$http({auth request code here}).then(function(response){
  var token = response.headers().token
  $http.defaults.headers.common['Authorization'] = 'Token ' + token;
});

在您的 ViewSet 中，您可能需要

In your ViewSet you would likely want

authentication_classes = (TokenAuthentication,)

以及任何相关的permission_classes.

along with whatever permission_classes are relevant.

如果您在 Angular http 请求中包含令牌，那么我相信您可以使用 request.user 引用用户，例如

If you are including the Token in the Angular http request, then I believe you can reference the user with request.user, like perhaps

def list(self, request):
    queryset = SomeObject.objects.filter(owner=request.user)

或者，这里还有一个用途(用户模型是 django.contrib.auth.models.User):

Or, here is another use (User model is django.contrib.auth.models.User):

class UserView(RetrieveAPIView):
    model = User
    serializer_class = UserSerializer

    def retrieve(self, request, pk=None):
        """
        If provided 'pk' is "me" then return the current user.
        """
        if request.user and pk == 'me':
            return Response(UserSerializer(request.user).data)
        return super(UserView, self).retrieve(request, pk)

这篇关于从 Django Rest Framework 中的令牌获取经过身份验证的用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！