在我的 django 应用程序中,我使用 rest_framework 创建了一个自定义身份验证类:
from business.models import BusinessToken
from rest_framework.authtoken.models import Token
from rest_framework import authentication, exceptions
class AuthenticationMixin(authentication.BaseAuthentication):
def authenticate(self, request):
raw_token = request.META.get('HTTP_AUTHORIZATION')
if not raw_token:
return None
token_key = raw_token.replace("Token ", "")
user_token = Token.objects.filter(key=token_key).first()
if user_token is not None:
user = user_token.user
request.user = user
return user, None
business_token = BusinessToken.objects.filter(key=token_key).first()
if business_token is not None:
business = business_token.business
request.business = business
user = business.owner
request.user = user
return business, None
raise exceptions.AuthenticationFailed('No such user or business')
正如您所看到的,该类必须根据来自 http 请求的 token 传递来对用户或企业进行身份验证。
如果用户通过 api View 中的业务 token 对自己进行身份验证,我必须访问 request.user
作为 business.owner
和 request.business 作为业务,但是 request.user
设置为业务,它在某处被覆盖。
最佳答案
二元组的第一项是用户,Django 将使用它来设置用户。通过返回 business
,您可以将其设置为 request.user
。因此,您应该返回业务所有者,并设置(仅)request.business
:
class AuthenticationMixin(authentication.BaseAuthentication):
def authenticate(self, request):
raw_token = request.META.get('HTTP_AUTHORIZATION')
if not raw_token:
return None, None
token_key = raw_token.replace('Token ', '')
try:
user_token = Token.objects.select_related('user').get(key=token_key)
user = user_token.user
return user, None
except Token.DoesNotExist:
pass
try:
business_token = BusinessToken.objects.select_related(
'business__owner'
).get(key=token_key)
business = business_token.business
request.business = business
return <b>business.owner, None</b>
except BusinessToken.DoesNotExist:
raise exceptions.AuthenticationFailed('No such user or business')
关于Django Rest Framework 身份验证类覆盖 request.user,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/75644757/