使用 django-rest-framework 的密码哈希?
Password hash using django-rest-framework?
我发现 django-auth 默认情况下在后台使用随机盐对密码进行哈希处理:https://docs.djangoproject.com/en/2.1/topics/auth/passwords/
不过,我还不是很清楚,django-auth和django-rest-auth有什么区别。
而且我找不到有关 django-rest-auth 是否也会自动对密码进行散列和加盐的信息。
有人可以解释一下 django-auth 和 django-rest-auth 之间到底有什么区别,什么时候选择哪个以及为什么有两个库来解决同一个问题?
作为一个初学者,这让我很困惑。
django-rest-auth 的文档 explains the purpose of the project 很好:
Since the introduction of django-rest-framework, Django apps have been able to serve up app-level REST API endpoints. As a result, we saw a lot of instances where developers implemented their own REST registration API endpoints here and there, snippets, and so on. We aim to solve this demand by providing django-rest-auth, a set of REST API endpoints to handle User Registration and Authentication tasks. By having these API endpoints, your client apps such as AngularJS, iOS, Android, and others can communicate to your Django backend site independently via REST APIs for User Management. Of course, we’ll add more API endpoints as we see the demand.
该项目的存在是为了提供一组用于身份验证的通用 API 端点。它本身不处理身份验证任务,因此不必担心密码散列等问题。
例如,它的PasswordChangeSerializer uses the SetPasswordForm from django.contrib.auth。它可以使用 Django 的内置身份验证框架提供的所有好东西。
我发现 django-auth 默认情况下在后台使用随机盐对密码进行哈希处理:https://docs.djangoproject.com/en/2.1/topics/auth/passwords/
不过,我还不是很清楚,django-auth和django-rest-auth有什么区别。
而且我找不到有关 django-rest-auth 是否也会自动对密码进行散列和加盐的信息。
有人可以解释一下 django-auth 和 django-rest-auth 之间到底有什么区别,什么时候选择哪个以及为什么有两个库来解决同一个问题?
作为一个初学者,这让我很困惑。
django-rest-auth 的文档 explains the purpose of the project 很好:
Since the introduction of django-rest-framework, Django apps have been able to serve up app-level REST API endpoints. As a result, we saw a lot of instances where developers implemented their own REST registration API endpoints here and there, snippets, and so on. We aim to solve this demand by providing django-rest-auth, a set of REST API endpoints to handle User Registration and Authentication tasks. By having these API endpoints, your client apps such as AngularJS, iOS, Android, and others can communicate to your Django backend site independently via REST APIs for User Management. Of course, we’ll add more API endpoints as we see the demand.
该项目的存在是为了提供一组用于身份验证的通用 API 端点。它本身不处理身份验证任务,因此不必担心密码散列等问题。
例如,它的PasswordChangeSerializer uses the SetPasswordForm from django.contrib.auth。它可以使用 Django 的内置身份验证框架提供的所有好东西。