django之auth模块(用户认证)
一、auth模块简介
auth模块是django框架自带的功能模块,是对登录认证方法的一种封装,之前我们获取用户输入的用户名及密码后需要自己从user表里查询有没有用户名和密码符合的对象。而有了auth模块之后就可以很轻松的去验证用户的登录信息是否存在于auth_user表中(执行完迁移命令之后在数据库中自动生成的表)。除此之外,auth还对session做了一些封装,方便我们校验用户是否已登录。
二、相关的模块、对象、装饰器导入
<span>from</span> djan<a href="https://www.gaodaima.com/tag/go" title="查看更多关于go的文章" target="_blank">go</a>.contrib <span>import</span> auth <span>#</span><span> 导入auth模块</span> <span>from</span> django.contrib.auth.models <span>import</span> User <span>#</span><span> 导入auth_user表对象</span> <span>from</span> django.contrib.auth.decorators <span>import</span> login_required <span>#</span><span> 校验用户是否登陆的装饰器</span>
www#gaodaima.com来源gaodai#ma#com搞@代~码网搞代码
三、auth模块常用方法
1、创建用户
User.objects.create(username=username, password=password) <span>#</span><span> 创建普通用户,密码不加密(不推荐使用)</span> User.objects.create_user(username=username, password=password) <span>#</span><span> 创建普通用户,密码加密(推荐使用)</span> User.objects.create_superuser(username=username, password=password, email=<span>"</span><span>[email protected]</span><span>"</span>) <span>#</span><span> 创建超级用户,但是必须填写邮箱事项,要不报错</span>
2、校验用户名和密码是否正确
auth.authenticate(request, username=username, password=<span>password) </span><span>#</span><span> 用户名密码正确返回的是用户对象,错误返回None</span>
3、保存用户登陆状态
<span>auth.login(request, user_obj) </span><span>"""</span><span>只要执行了此代码,之后在任意可以获取到request对象的地方,都可以通过request.user获取到当前登录的用户对象</span><span>"""</span>
4、如何判断当前用户是否登陆以及如何获取当前登陆用户对象
request.user.is_authenticated() <span>#</span><span> 判断是否登陆</span> request.user <span>#</span><span> 登陆用户对象</span>
5、校验用户是否登陆,未登录情况下自动跳转到自定义的登录界面
# 局部配置
<span>from</span> django.contrib.auth.decorators <span>import</span> login_required <span>#</span><span> 导入校验用户是否登陆装饰器</span>
<span>#</span><span> 局部配置</span>@login_required(login_url="/login/") <span> # 局部配置时,需要指定用户验证未登录时跳转到哪个页面</span><span>def</span><span> login_after01(request):
</span><span>return</span> HttpResponse(<span>"</span><span>我是login_after01页面</span><span>"</span>)
# 全局配置
1)在settings.py中添加以下代码:
<span>#</span><span> 全局配置</span><span> LOGIN_URL </span>= <span>"</span><span>/login/</span><span>"</span>
2)views.py中这样写:
<span>from</span> django.contrib.auth.decorators <span>import</span><span> login_required
@login_required </span><span>#</span><span> 全局配置时,只需要在配置文件中加入全局代码,这里不需要指定跳转页面</span>
<span>def</span><span> login_after01(request):
</span><span>return</span> HttpResponse(<span>"</span><span>我是login_after01页面</span><span>"</span>)
PS:如果全局和局部都配置,则优先执行局部配置
6、检验密码、修改密码
<span>#</span><span> 先校验旧密码是否正确</span> request.user.check_password(old_password) <span>#</span><span> 返回的是布尔值</span><span> #</span><span> 修改密码</span> <span>request.user.set_password(new_password) request.user.save() </span><span>#</span><span> 一定要保存</span>
7、注销登陆
auth.logout(request)
四、根据auth常用方法写个栗子:使用auth模块写一个注册、登陆、修改密码、注销登陆功能
此例使用全局配置,未登录自动跳转到 “/login” 界面
<span>from</span> django.contrib <span>import</span> auth <span>#</span><span> 导入auth模块</span>
<span>from</span> django.contrib.auth.models <span>import</span> User <span>#</span><span> 导入auth_user表对象</span>
<span>from</span> django.contrib.auth.decorators <span>import</span> login_required <span>#</span><span> 校验用户是否登陆的装饰器</span>
<span>#</span><span> 注册功能</span>
<span>def</span><span> reg(request):
</span><span>if</span> request.method == <span>"</span><span>POST</span><span>"</span><span>:
username </span>= request.POST.get(<span>"</span><span>username</span><span>"</span><span>)
password </span>= request.POST.get(<span>"</span><span>password</span><span>"</span><span>)
</span><span>#</span><span> User.objects.create(username=username, password=password) # 创建普通用户,密码不加密(不推荐使用)</span>
User.objects.create_user(username=username, password=password) <span>#</span><span> 创建普通用户,密码加密(推荐使用)</span>
<span>#</span><span> User.objects.create_superuser(username=username, password=password, email="[email protected]") # 创建超级用户,但是必须填写邮箱事项,要不报错</span>
<span>return</span> HttpResponse(<span>"</span><span>Congratulation!注册成功!</span><span>"</span><span>)
</span><span>return</span> render(request, <span>"</span><span>reg.html</span><span>"</span><span>)
</span><span>#</span><span> 登录功能</span>
<span>def</span><span> login(request):
</span><span>if</span> request.method == <span>"</span><span>POST</span><span>"</span><span>:
username </span>= request.POST.get(<span>"</span><span>username</span><span>"</span><span>)
password </span>= request.POST.get(<span>"</span><span>password</span><span>"</span><span>)
</span><span>#</span><span> 数据库校验用户名和密码是否正确</span>
user_obj = auth.authenticate(request, username=username, password=<span>password)
</span><span>#</span><span> print(res) # 用户名密码正确返回的是用户对象,错误返回None</span>
<span>if</span><span> user_obj:
</span><span>#</span><span> 保存用户登录状态</span>
<span> auth.login(request, user_obj)
</span><span>"""</span><span>只要执行了此代码,之后再任意可以获取到request对象的地方,
都可以通过request.user获取到当前登录的用户对象</span><span>"""</span>
<span>return</span> HttpResponse(<span>"</span><span>登陆成功!</span><span>"</span><span>)
</span><span>return</span> render(request, <span>"</span><span>login.html</span><span>"</span><span>)
</span><span>#</span><span> 登陆之后可以查看的页面</span>
<span>@login_required
</span><span>def</span><span> get_user(request):
</span><span>print</span><span>(request.user)
</span><span>"""</span><span>用户登录成功之后,request.user拿到的就是用户对象,没有登录获取到的是匿名用户</span><span>"""</span>
<span>print</span><span>(request.user.is_authenticated)
</span><span>return</span> HttpResponse(<span>"</span><span>get_user页面</span><span>"</span><span>)
</span><span>#</span><span> 登陆之后可以查看的页面</span>
<span>@login_required
</span><span>def</span><span> login_after01(request):
</span><span>return</span> HttpResponse(<span>"</span><span>我是login_after01页面</span><span>"</span><span>)
</span><span>#</span><span> 登陆之后可以查看的页面</span>
<span>@login_required
</span><span>def</span><span> login_after02(request):
</span><span>return</span> HttpResponse(<span>"</span><span>我是login_after02页面</span><span>"</span><span>)
</span><span>#</span><span> 登陆之后可以查看的页面</span>
<span>@login_required
</span><span>def</span><span> login_after03(request):
</span><span>return</span> HttpResponse(<span>"</span><span>我是login_after03页面</span><span>"</span><span>)
</span><span>#</span><span> 修改密码功能</span>
<span>@login_required
</span><span>def</span><span> set_password(request):
</span><span>if</span> request.method == <span>"</span><span>POST</span><span>"</span><span>:
old_password </span>= request.POST.get(<span>"</span><span>old_password</span><span>"</span><span>)
new_password </span>= request.POST.get(<span>"</span><span>new_password</span><span>"</span><span>)
</span><span>#</span><span> 先校验旧密码是否正确</span>
is_right = request.user.check_password(old_password) <span>#</span><span> 返回的是布尔值</span>
<span>#</span><span> 再修改密码</span>
<span>if</span><span> is_right:
request.user.set_password(new_password)
request.user.save() </span><span>#</span><span> 一定要保存</span>
<span>return</span> render(request, <span>"</span><span>set_password.html</span><span>"</span><span>)
</span><span>#</span><span> 注销功能</span>
<span>@login_required
</span><span>def</span><span> logout(request):
auth.logout(request)
</span><span>return</span> HttpResponse(<span>"</span><span>注销成功</span><span>"</span>)
views.py
五、auth_user表扩展字段(在auth_user表的基础上)
方法:利用类的继承
1)在models.py中定义表名和扩展字段
<span>from</span> django.contrib.auth.models <span>import</span><span> User, AbstractUser <span># 导入类</span><br><br><br><span># 定义类,类名即为表名,自定义的表将替换auth_user内置表
</span></span><span>class</span><span> UserInfo(AbstractUser):
</span><span>#</span><span> 扩展的字段,尽量不要与原先表中的字段冲突</span>
phone =<span> models.BigIntegerField()
age </span>=<span> models.IntegerField()</span>
2)在settings.py中添加以下代码:
AUTH_USER_MODEL = <span>"</span><span>app01.UserInfo</span><span>"</span> <span>#</span><span> 应用.表名</span> <span>"""</span><span>django就会将userinfo表来替换auth_user表,并且之前auth模块所有的功能不变,参照的也是userinfo表</span><span>"""</span>
扩展之前的表名和字段:
扩展之后的表名和字段:
搞代码网(gaodaima.com)提供的所有资源部分来自互联网,如果有侵犯您的版权或其他权益,请说明详细缘由并提供版权或权益证明然后发送到邮箱[email protected],我们会在看到邮件的第一时间内为您处理,或直接联系QQ:872152909。本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:django之auth模块(用户认证)
转载请注明原文链接:django之auth模块(用户认证)
