如何签到？ Django的TastyPie与ApiKeyAuthentication实际验证过程 [英] How to sign-in? Django TastyPie with ApiKeyAuthentication actual authentication Process

问题描述

我有一个Adobe AIR的移动应用，通过TastyPie Django的通信。要使用该应用的用户必须先注册。因此，他们必须提供自己的电子邮件和密码。随后，他们将可以登录。我认为这将是进入一个成功的用户名/密码组合后，该API密钥将被发送回手机应用程序在那里将被缓存最好的主意，所以用户登录。

I have an Adobe Air mobile application that communicates with Django via TastyPie. To use the app people have to register first. Therefore they have to supply their email and password. Afterwards they will be able to "login". I thought it would be the best idea that after entering a successful username/password combination, the api-key will be sent back to the mobile app where it will be cached, so the user is "logged in".

请告诉我，如果你认为这是对伐木的用户注册和更好的方式。

Please tell me if you think there is a better way for registering and "logging in" users.

里面的Django我有我通过POST发送数据时使用注册新用户UserRessource类：

Inside Django I have a UserRessource class that I use to register new users when sending data via POST:

class UserResource(ModelResource):
    class Meta:
        allowed_methods = ['get', 'post']
        queryset = User.objects.all()
        resource_name = 'auth'
        authentication = Authentication()
        authorization = Authorization()
        fields = ['username', 'email']

    def obj_create(self, bundle, request=None, **kwargs):
        username, email, password = bundle.data['username'], bundle.data['password'], bundle.data['password'], 
        try:
            bundle.obj = User.objects.create_user(username, email, password)
        except IntegrityError:
            raise BadRequest('That username already exists')
        return bundle

这工作得很好。

但现在我与实际登录过程中挣扎。在我看来，这将是最好通过GET（和https）发送用户名和密码本的ressource，如果这些都是有效的，返回用户的API密钥。但是那会是可能的吗？而且是干净？通常TastyPie会显示当前所有用户在数据库中，如果你发送一个GET请求到的ressource。但我不需要这些数据，这样我就可以覆盖莫名其妙。我已经检查<一href=\"http://django-tastypie.readthedocs.org/en/v0.9.9/resources.html\">http://django-tastypie.readthedocs.org/en/v0.9.9/resources.html但我不明白它的工作。它甚至有可能改写这一行为？

But now I'm struggling with the actual login process. In my opinion it would be best to send username and password via GET (and https) to this ressource and if those are valid, return the users api key. But would that be possible? And is it clean? Usually TastyPie would show all users currently in the DB if you send a GET request to that ressource. But I dont need that data, so I could overwrite that somehow. I already checked http://django-tastypie.readthedocs.org/en/v0.9.9/resources.html but I don't get it to work. Is it even possible to overwrite that behaviour?

所以实际的问题是的最新最好的方式来使用ApiKeyAuthentication登录用户？
和是我的方法正确，清洁或者你有更好的方法吗和你有这种情况的例子？

So the actual questions are Whats the best way to "sign in" a user using ApiKeyAuthentication? And Is my approach right and clean or do you have a better method? and Do you have any examples for this case?

非常感谢事先！

推荐答案

我使用的是基本验证，因此它可能会略有不同。但我的解决办法是basicaly需要身份验证的空资源。如果身份验证是成功的服务响应返回code 200和身份验证的用户，我重写obj_get_list类的东西了身份验证的用户那里。如果凭据是错误的服务返回响应code 401。

I'm using BasicAuth so it may be slightly different. But my solution is basicaly an empty resource that requires authentication. If the authentication is a success the service returns response code 200 and the authenticated user, I override obj_get_list and stuff the authenticated user in there. If the credentials are wrong the service returns response code 401.

 class LoginResource(ModelResource):
        class Meta:
            allowed_methods = ['get']
            resource_name = 'login'
            include_resource_uri = False
            object_class = User
            authentication = BasicAuthentication()
            authorization = DjangoAuthorization()

        def obj_get_list(self, bundle, **kwargs):
            return [bundle.request.user]

这篇关于如何签到？ Django的TastyPie与ApiKeyAuthentication实际验证过程的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！