Djoser for DRF with Knox令牌 [英] Djoser for DRF with Knox tokens

查看:95
本文介绍了Djoser for DRF with Knox令牌的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试将djoser与令牌身份验证一起使用,但使用django-rest-knox令牌.

I'm trying to use djoser with token authentication, but using django-rest-knox tokens.

我已将 TOKEN_MODEL 设置为 knox.models.AuthToken ,其余框架的 DEFAULT_AUTHENTICATION_CLASSES 设置为 knox.auth.TokenAuthentication.

I have set the TOKEN_MODEL to knox.models.AuthToken, and the rest framework's DEFAULT_AUTHENTICATION_CLASSES to knox.auth.TokenAuthentication.

我很天真地认为这足够了,但是似乎Djoser的内置序列化器(创建令牌和令牌)不能与knox令牌一起正常工作.我尝试使用自定义序列化程序覆盖它们,但是我什么也没得到(这并不是说不可能,只是因为我对此很不好).

I naïvely thought that this would be enough, but it seems that Djoser's inbuilt serializers (create token, and token), don't work properly with the knox tokens. I tried overriding them with custom serializers, but I didn't get anywhere (which is not to say it's not possible, just that I'm bad at this).

我想到也许我应该尝试使用Knox自己的登录视图...这可能吗,或者不能那样混合吗?(我主要是问,因为我不想让它工作",但发现我实际上在这样做时引入了安全漏洞.)

It occurred to me that perhaps I should try using Knox's own login views... Is that possible, or can they not be mixed like that? (I'm mainly asking because I don't want to get it to 'work', but find that I've actually introduced a security hole in doing so).

设置:

DJOSER = {
    "TOKEN_MODEL": "knox.models.AuthToken",
    "SERIALIZERS": {"token": "users.serializers.TokenSerializer"},
}

users.serializers.TokenSerializer在哪里:

Where users.serializers.TokenSerializer is:

class TokenSerializer(serializers.ModelSerializer):
    auth_token = serializers.CharField(source="token_key")

    class Meta:
        model = settings.TOKEN_MODEL
        fields = ("auth_token",)

仅对原始Djoser TokenSerializer进行了少许修改.抛出一个错误,即AuthToken对象没有 key 属性.Knox令牌似乎将其称为 token_key ,因此我替换了这一行: auth_token = serializers.CharField(source ="key") auth_token = serializers.CharField(source ="token_key")

This is only slightly modified from the original Djoser TokenSerializer. It was throwing an error that AuthToken objects did not have a key attribute. Knox tokens seem to call it token_key, so I replaced the line: auth_token = serializers.CharField(source="key") with auth_token = serializers.CharField(source="token_key")

现在,它不会引发错误,但是会返回一个空令牌.检查实际的数据库表明,它已使用正确的用户和创建时间保存了令牌,但摘要,salt和token_key的值为"null"

Now, it doesn't throw an error, but it returns an empty token. Inspecting the actual db shows that it has saved a token with the correct user and creation time, but with 'null' for digest, salt, and token_key

推荐答案

是的,可以混合使用 Djoser knox 的其他观点.为此,我们将在其中创建一个应用程序名称 auth ,以便在该处为所有与身份验证相关的端点提供服务.现在我们的项目结构就像

Yes, it is possible to mixin's Djoser's and knox's additional view point. For that we are going to create an app name auth from where we are going to serve all authenticational related end-points. Now our project structure is like

MainProject
   -auth
      --__init__.py
      --urls.py
    -mainapp
    ....

现在,在我们的 auth 应用程序的URL中,我们将提供我们进行身份验证所需的端点.为此,我们将从 Djoser 的url中获取帮助链接 Knox 的网址

Now in our auth app's urls we are going to serve our necessary end-points for authentication. For that we are going to take help from Djoser's urls link and Knox's urls link And our auth's urls.py will be like following

from django.conf.urls import url, include
from django.contrib.auth import get_user_model

from djoser import views as djsoer_views
from knox import views as knox_views

from rest_framework.routers import DefaultRouter

router = DefaultRouter()
router.register('users', djsoer_views.UserViewSet)

User = get_user_model()

djoser_urlpatterns = [
    url(
        r'^users/create/?$',
        djsoer_views.UserCreateView.as_view(),
        name='user-create'
    ),
    url(
        r'^users/delete/?$',
        djsoer_views.UserDeleteView.as_view(),
        name='user-delete'
    ),
    url(
        r'^users/activate/?$',
        djsoer_views.ActivationView.as_view(),
        name='user-activate'
    ),
    url(
        r'^{0}/?$'.format(User.USERNAME_FIELD),
        djsoer_views.SetUsernameView.as_view(),
        name='set_username'
    ),
    url(r'^password/?$', djsoer_views.SetPasswordView.as_view(), name='set_password'),
    url(
        r'^password/reset/?$',
        djsoer_views.PasswordResetView.as_view(),
        name='password_reset'
    ),
    url(
        r'^password/reset/confirm/?$',
        djsoer_views.PasswordResetConfirmView.as_view(),
        name='password_reset_confirm'
    ),
    url(r'^$', djsoer_views.RootView.as_view(), name='root'),
    url(r'^', include(router.urls)),   ### If you want to add user view set
]

knox_urlpatterns = [
    url(r'login/', knox_views.LoginView.as_view(), name='knox_login'),
    url(r'logout/', knox_views.LogoutView.as_view(), name='knox_logout'),
    url(r'logoutall/', knox_views.LogoutAllView.as_view(), name='knox_logoutall'),
]

urlpatterns = knox_urlpatterns + djoser_urlpatterns

现在,我们将这个URL添加到main_app的URL下

Now we are going to add this urls under our main_app's urls

from django.urls import path
from django.conf import settings
auth_urls = include('auth.urls')

urlpatterns = [
    path('api/auth/', auth_urls),
    ......

]

现在,我们将能够访问每个端点,例如以 api/auth/login/登录或以 api/auth/user/create/等.

Now we are going to able to access every end-point like login as api/auth/login/ or user-create as api/auth/user/create/ etc.

这篇关于Djoser for DRF with Knox令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆