如何在 user.save() 之后验证和 return 访问和刷新令牌

How to validate and return access and refresh tokens after user.save()

我正在验证用户 OTP 以更改密码,更改密码后我无法使用 JWT 创建访问和刷新令牌,

通常当用户登录时,我使用以下方法 MyTokenObtainPairView,其中 return 访问和刷新令牌以及所有其他内容到 UserSerializerWithToken

class MyTokenObtainPairSerializer(TokenObtainPairSerializer):
    def validate(self, attrs):
        data = super().validate(attrs)

        serializer = UserSerializerWithToken(self.user).data
        for k, v in serializer.items():
            data[k] = v

        return data


class MyTokenObtainPairView(TokenObtainPairView):
    serializer_class = MyTokenObtainPairSerializer

我在 set_password 和 user.save()

之后复制了与 return UserSerializerWithToken 类似的方法

UserSerializerWithToken 是

class UserSerializerWithToken(UserSerializer):
    token = serializers.SerializerMethodField(read_only=True)

    class Meta:
        model = CustomUser
        fields = ['id',
                  'isAdmin',
                  'token']

    def get_token(self, obj):
        token = RefreshToken.for_user(obj)
        return str(token.access_token)

有问题的函数是

@api_view(['PUT'])
def reset_password(request):
    data = request.data
    email = data['email']
    otp_to_verify = data['otp']
    new_password = data['password']
    user = CustomUser.objects.get(email=email)
    serializer = UserSerializerWithToken(user, many=False)
    if CustomUser.objects.filter(email=email).exists():
        if otp_to_verify == user.otp:
            if new_password != '':
                user.set_password(new_password)
                user.save() # here password gets changed 
                return Response(serializer.data) # 
            else:
                message = {
                'detail': 'Password cant be empty'}
                return Response(message, status=status.HTTP_400_BAD_REQUEST)
    else:
        message = {
            'detail': 'Something went wrong'}
        return Response(message, status=status.HTTP_400_BAD_REQUEST)

我收到令牌但无法访问并刷新令牌以便下次使用它登录。我假设 user.save() 不会在此处创建刷新和访问令牌。任何人都可以确定为什么会发生这种情况以及如何解决这个问题

user.save() 不创建令牌

token = RefreshToken.for_user(obj) return str(token.access_token)

这些行创建令牌。

在我看来,这里不需要序列化程序。

@api_view(['PUT'])
def reset_password(request):
    data = request.data
    email = data['email']
    otp_to_verify = data['otp']
    new_password = data['password']
    user = CustomUser.objects.get(email=email)
    if CustomUser.objects.filter(email=email).exists():
        otp_to_verify == user.otp
        if new_password != '':
            user.set_password(new_password)
            user.save() # here password gets changed 
            token = RefreshToken.for_user(user)
            response = { "refresh_token": str(token),
                         "access_token": str(token.access_token)
                       }
            return Response(response)
        else:
            message = {
                'detail': 'Password cant be empty'}
            return Response(message, status=status.HTTP_400_BAD_REQUEST)
    else:
        message = {
            'detail': 'Something went wrong'}
        return Response(message, status=status.HTTP_400_BAD_REQUEST)