身份验证和登录有什么区别？ [英] What's the difference between authenticate and login?

问题描述

文档： https：// docs .djangoproject.com / zh-CN / 1.7 / topics / auth / default /＃django.contrib.auth.login

何时您要手动登录用户，则必须先调用authenticate（），然后再调用login（）。 authenticate（）在User上设置一个属性，该属性指示哪个身份验证后端已成功对该用户进行身份验证（有关详细信息，请参阅后端文档），此信息在稍后的登录过程中需要。如果您尝试直接登录从数据库中检索到的用户对象，则会引发错误。

When you’re manually logging a user in, you must call authenticate() before you call login(). authenticate() sets an attribute on the User noting which authentication backend successfully authenticated that user (see the backends documentation for details), and this information is needed later during the login process. An error will be raised if you try to login a user object retrieved from the database directly.

那么为什么验证和登录 2个单独的功能？据我了解，身份验证只是验证登录信息。 登录将获取用户对象并设置cookie。我认为它们是分开的，唯一的原因是因为也许您可以放入不同的用户对象，比如说用户合并了两个帐户。也许您想先验证电子邮件地址。这就是为什么它们是独立的函数，为什么 login 不包装 authenticate 吗？

So why exactly is authenticate and login 2 separate functions? From what I understand, authenticate just verifies the login information. login will take the user object and set the cookies. The only reason I can think they are separate is because maybe you can put different user objects in, say the user had 2 accounts merged. Maybe you want to verify the email address first. Is that why they are separate functions and login doesn't wrap authenticate?

推荐答案

这是单一职责原则的问题：方法应该做一件合乎逻辑的事情。如您所知，这两个步骤在逻辑上是不同的：

This is a matter of the single responsibility principle: a method should do one logical thing. As you noted yourself, these two steps ate logically distinct:

验证仅验证登录信息。
登录将获取用户对象并设置cookie

authenticate just verifies the login information. login will take the user object and set the cookies

为了进一步说明，身份验证是一次性检查
，并不意味着登录会话。
登录会话意味着一段时间内用户可以自由执行各种受限活动而无需重复进行身份验证检查。

To further clarify, authentication is a one-time check, and doesn't imply a login session. A login session implies some period of time during which the user is free to perform various restricted activities without repeated authentication checks.

有时您可能需要对用户进行身份验证（验证他们是他们所说的人）而无需登录。
如果将这两个功能合并为一个，
您将无法做到这一点，即使您只是想要进行一次一次性检查，
，则必须登录它们，然后创建一个会话，
，这没有任何意义。
因为这些显然是不同的目的，所以
拥有两种方法是很有意义的。

Sometimes you may need to authenticate users (verify they are who they say they are) without logging them in. If these two functionalities were combined into one, you wouldn't be able to do that, even if you just wanted to do a one-time check, you would have to log them in, creating a session, which wouldn't make sense. Since these are clearly distinct purposes, it makes perfect sense to have two methods.

这种分离也使测试更加容易。如果您编写新的身份验证后端，则希望能够测试单独的身份验证步骤是否有效，而不必担心整个登录系统的工作方式，这不是您后端的责任。

The separation also makes testing easier. If you write an new authentication backend, you would want to be able to test if the authentication step alone is working or not, without having to worry about how the whole login system works, which is not the responsibility of your backend.

明智的做法是将方法分解为最小的逻辑独立元素，这有很多好处。

Decomposing methods into their smallest logically independent elements is the sensible thing to do, with many benefits.

这篇关于身份验证和登录有什么区别？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！