创建自定义身份验证
Create a custom authentication
我正在将数据库转移到新项目,更准确地说是用户。
不要问我为什么,但是旧数据库中的密码是先用 md5 再用 sha256 散列的。
我正在使用 django-rest-auth 来管理登录。
url(r'^api/rest-auth/', include('rest_auth.urls')),
我添加了自定义身份验证方法:
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'users.auth.OldCustomAuthentication',
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
)
}
这是我的授权文件:
class OldCustomAuthentication(BaseAuthentication):
def authenticate(self, request):
try:
password = request.POST['password']
email = request.POST['email']
except MultiValueDictKeyError:
return None
if not password or not email:
return None
password = hashlib.md5(password.encode())
password = hashlib.sha256(password.hexdigest().encode())
try:
user = User.objects.get(email=email, password=password.hexdigest())
except User.DoesNotExist:
return None
# User is found every time
print('FOUND USER', user)
return user, None
但是我请求的时候还是报错http://apiUrl/rest-auth/login/:
{
"non_field_errors": [
"Unable to log in with provided credentials."
]
}
你有什么想法吗?或者我做错了。
提前致谢。
杰里米
按照 @MrName 的建议,我设法解决了我的问题。
所以我在我的设置中删除了DEFAULT_AUTHENTICATION_CLASSES并添加了这个:
REST_AUTH_SERIALIZERS = {
'LOGIN_SERIALIZER': 'users.auth.LoginSerializer'
}
然后我复制粘贴 original serializer 并修改函数 _validate_email 为:
def _validate_email(self, email, password):
user = None
if email and password:
user = self.authenticate(email=email, password=password)
# TODO: REMOVE ONCE ALL USERS HAVE BEEN TRANSFERED TO THE NEW SYSTEM
if user is None:
password_hashed = hashlib.md5(password.encode())
password_hashed = hashlib.sha256(password_hashed.hexdigest().encode())
try:
user = User.objects.get(email=email, password=password_hashed.hexdigest())
except ObjectDoesNotExist:
user = None
else:
msg = _('Must include "email" and "password".')
raise exceptions.ValidationError(msg)
return user
我正在将数据库转移到新项目,更准确地说是用户。 不要问我为什么,但是旧数据库中的密码是先用 md5 再用 sha256 散列的。
我正在使用 django-rest-auth 来管理登录。
url(r'^api/rest-auth/', include('rest_auth.urls')),
我添加了自定义身份验证方法:
REST_FRAMEWORK = {
'DEFAULT_AUTHENTICATION_CLASSES': (
'users.auth.OldCustomAuthentication',
'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
)
}
这是我的授权文件:
class OldCustomAuthentication(BaseAuthentication):
def authenticate(self, request):
try:
password = request.POST['password']
email = request.POST['email']
except MultiValueDictKeyError:
return None
if not password or not email:
return None
password = hashlib.md5(password.encode())
password = hashlib.sha256(password.hexdigest().encode())
try:
user = User.objects.get(email=email, password=password.hexdigest())
except User.DoesNotExist:
return None
# User is found every time
print('FOUND USER', user)
return user, None
但是我请求的时候还是报错http://apiUrl/rest-auth/login/:
{
"non_field_errors": [
"Unable to log in with provided credentials."
]
}
你有什么想法吗?或者我做错了。
提前致谢。
杰里米
按照 @MrName 的建议,我设法解决了我的问题。
所以我在我的设置中删除了DEFAULT_AUTHENTICATION_CLASSES并添加了这个:
REST_AUTH_SERIALIZERS = {
'LOGIN_SERIALIZER': 'users.auth.LoginSerializer'
}
然后我复制粘贴 original serializer 并修改函数 _validate_email 为:
def _validate_email(self, email, password):
user = None
if email and password:
user = self.authenticate(email=email, password=password)
# TODO: REMOVE ONCE ALL USERS HAVE BEEN TRANSFERED TO THE NEW SYSTEM
if user is None:
password_hashed = hashlib.md5(password.encode())
password_hashed = hashlib.sha256(password_hashed.hexdigest().encode())
try:
user = User.objects.get(email=email, password=password_hashed.hexdigest())
except ObjectDoesNotExist:
user = None
else:
msg = _('Must include "email" and "password".')
raise exceptions.ValidationError(msg)
return user