我正在验证用户 OTP 来更改密码,更改密码后我无法使用 JWT 创建访问和刷新 token ,
通常,当用户登录时,我使用以下方法 MyTokenObtainPairView
,该方法将访问 token 和刷新 token 以及所有其他内容返回到 UserSerializerWithToken
。
class MyTokenObtainPairSerializer(TokenObtainPairSerializer):
def validate(self, attrs):
data = super().validate(attrs)
serializer = UserSerializerWithToken(self.user).data
for k, v in serializer.items():
data[k] = v
return data
class MyTokenObtainPairView(TokenObtainPairView):
serializer_class = MyTokenObtainPairSerializer
我复制了类似的方法,在 set_password 和 user.save() 之后返回 UserSerializerWithToken
UserSerializerWithToken 是
class UserSerializerWithToken(UserSerializer):
token = serializers.SerializerMethodField(read_only=True)
class Meta:
model = CustomUser
fields = ['id',
'isAdmin',
'token']
def get_token(self, obj):
token = RefreshToken.for_user(obj)
return str(token.access_token)
有问题的函数是
@api_view(['PUT'])
def reset_password(request):
data = request.data
email = data['email']
otp_to_verify = data['otp']
new_password = data['password']
user = CustomUser.objects.get(email=email)
serializer = UserSerializerWithToken(user, many=False)
if CustomUser.objects.filter(email=email).exists():
if otp_to_verify == user.otp:
if new_password != '':
user.set_password(new_password)
user.save() # here password gets changed
return Response(serializer.data) #
else:
message = {
'detail': 'Password cant be empty'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
else:
message = {
'detail': 'Something went wrong'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
我收到 token ,但无法访问并刷新 token 以使用它下次登录。我假设 user.save() 不会在此处创建刷新和访问 token 。任何人都可以确定为什么会发生这种情况以及如何解决这个问题
最佳答案
user.save()
不会创建 token
token = RefreshToken.for_user(obj)
返回str(token.access_token)
这些行创建 token 。
在我看来,这里不需要序列化器。
@api_view(['PUT'])
def reset_password(request):
data = request.data
email = data['email']
otp_to_verify = data['otp']
new_password = data['password']
user = CustomUser.objects.get(email=email)
if CustomUser.objects.filter(email=email).exists():
otp_to_verify == user.otp
if new_password != '':
user.set_password(new_password)
user.save() # here password gets changed
token = RefreshToken.for_user(user)
response = { "refresh_token": str(token),
"access_token": str(token.access_token)
}
return Response(response)
else:
message = {
'detail': 'Password cant be empty'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
else:
message = {
'detail': 'Something went wrong'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
关于django - 如何在 user.save() 之后验证并返回访问和刷新 token ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/71081414/