如何在 user.save() 之后验证和 return 访问和刷新令牌
How to validate and return access and refresh tokens after user.save()
我正在验证用户 OTP 以更改密码,更改密码后我无法使用 JWT 创建访问和刷新令牌,
通常当用户登录时,我使用以下方法 MyTokenObtainPairView,其中 return 访问和刷新令牌以及所有其他内容到 UserSerializerWithToken。
class MyTokenObtainPairSerializer(TokenObtainPairSerializer):
def validate(self, attrs):
data = super().validate(attrs)
serializer = UserSerializerWithToken(self.user).data
for k, v in serializer.items():
data[k] = v
return data
class MyTokenObtainPairView(TokenObtainPairView):
serializer_class = MyTokenObtainPairSerializer
我在 set_password 和 user.save()
之后复制了与 return UserSerializerWithToken 类似的方法
UserSerializerWithToken 是
class UserSerializerWithToken(UserSerializer):
token = serializers.SerializerMethodField(read_only=True)
class Meta:
model = CustomUser
fields = ['id',
'isAdmin',
'token']
def get_token(self, obj):
token = RefreshToken.for_user(obj)
return str(token.access_token)
有问题的函数是
@api_view(['PUT'])
def reset_password(request):
data = request.data
email = data['email']
otp_to_verify = data['otp']
new_password = data['password']
user = CustomUser.objects.get(email=email)
serializer = UserSerializerWithToken(user, many=False)
if CustomUser.objects.filter(email=email).exists():
if otp_to_verify == user.otp:
if new_password != '':
user.set_password(new_password)
user.save() # here password gets changed
return Response(serializer.data) #
else:
message = {
'detail': 'Password cant be empty'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
else:
message = {
'detail': 'Something went wrong'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
我收到令牌但无法访问并刷新令牌以便下次使用它登录。我假设 user.save() 不会在此处创建刷新和访问令牌。任何人都可以确定为什么会发生这种情况以及如何解决这个问题
user.save() 不创建令牌
token = RefreshToken.for_user(obj)
return str(token.access_token)
这些行创建令牌。
在我看来,这里不需要序列化程序。
@api_view(['PUT'])
def reset_password(request):
data = request.data
email = data['email']
otp_to_verify = data['otp']
new_password = data['password']
user = CustomUser.objects.get(email=email)
if CustomUser.objects.filter(email=email).exists():
otp_to_verify == user.otp
if new_password != '':
user.set_password(new_password)
user.save() # here password gets changed
token = RefreshToken.for_user(user)
response = { "refresh_token": str(token),
"access_token": str(token.access_token)
}
return Response(response)
else:
message = {
'detail': 'Password cant be empty'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
else:
message = {
'detail': 'Something went wrong'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
我正在验证用户 OTP 以更改密码,更改密码后我无法使用 JWT 创建访问和刷新令牌,
通常当用户登录时,我使用以下方法 MyTokenObtainPairView,其中 return 访问和刷新令牌以及所有其他内容到 UserSerializerWithToken。
class MyTokenObtainPairSerializer(TokenObtainPairSerializer):
def validate(self, attrs):
data = super().validate(attrs)
serializer = UserSerializerWithToken(self.user).data
for k, v in serializer.items():
data[k] = v
return data
class MyTokenObtainPairView(TokenObtainPairView):
serializer_class = MyTokenObtainPairSerializer
我在 set_password 和 user.save()
之后复制了与 returnUserSerializerWithToken 类似的方法
UserSerializerWithToken 是
class UserSerializerWithToken(UserSerializer):
token = serializers.SerializerMethodField(read_only=True)
class Meta:
model = CustomUser
fields = ['id',
'isAdmin',
'token']
def get_token(self, obj):
token = RefreshToken.for_user(obj)
return str(token.access_token)
有问题的函数是
@api_view(['PUT'])
def reset_password(request):
data = request.data
email = data['email']
otp_to_verify = data['otp']
new_password = data['password']
user = CustomUser.objects.get(email=email)
serializer = UserSerializerWithToken(user, many=False)
if CustomUser.objects.filter(email=email).exists():
if otp_to_verify == user.otp:
if new_password != '':
user.set_password(new_password)
user.save() # here password gets changed
return Response(serializer.data) #
else:
message = {
'detail': 'Password cant be empty'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
else:
message = {
'detail': 'Something went wrong'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
我收到令牌但无法访问并刷新令牌以便下次使用它登录。我假设 user.save() 不会在此处创建刷新和访问令牌。任何人都可以确定为什么会发生这种情况以及如何解决这个问题
user.save() 不创建令牌
token = RefreshToken.for_user(obj)
return str(token.access_token)
这些行创建令牌。
在我看来,这里不需要序列化程序。
@api_view(['PUT'])
def reset_password(request):
data = request.data
email = data['email']
otp_to_verify = data['otp']
new_password = data['password']
user = CustomUser.objects.get(email=email)
if CustomUser.objects.filter(email=email).exists():
otp_to_verify == user.otp
if new_password != '':
user.set_password(new_password)
user.save() # here password gets changed
token = RefreshToken.for_user(user)
response = { "refresh_token": str(token),
"access_token": str(token.access_token)
}
return Response(response)
else:
message = {
'detail': 'Password cant be empty'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)
else:
message = {
'detail': 'Something went wrong'}
return Response(message, status=status.HTTP_400_BAD_REQUEST)