猿问

验证用户帐户是否在 Django Rest Framework 中处于活动状态

我正在尝试通过电子邮件链接实现帐户激活。我的User模型很简单,继承自django.contrib.auth.models.AbstractUser,所以is_active默认有字段。注册后,使用is_active=Falseparam创建新用户,我想处理案例,当用户尝试登录时,即使凭据很好,也不应该登录,因为帐户未激活。我正在使用 Knox 令牌身份验证。我的序列化器:


from django.contrib.auth import authenticate

from rest_framework import serializers, exceptions



class LoginUserSerializer(serializers.ModelSerializer):

    class Meta:

        model = UserModel

        fields = ('username', 'password')


    def validate(self, data):

        user = authenticate(**data)

        if user:

            if user.is_active:

                return user

            raise exceptions.AuthenticationFailed('Account is not activated')

        raise exceptions.AuthenticationFailed()

并查看:


from django.contrib.auth import login

from rest_framework.permissions import AllowAny

from rest_framework.authtoken.serializers import AuthTokenSerializer

from knox.views import LoginView

from .serializers import LoginUserSerializer



class LoginUserView(LoginView):

    serializer_class = LoginUserSerializer

    permission_classes = [AllowAny]


    def post(self, request, *args, **kwargs):

        serializer = AuthTokenSerializer(data=request.data)

        serializer.is_valid(raise_exception=True)

        user = serializer.validated_data['user']

        login(request, user)

        return super(LoginUserView, self).post(request)

使用该代码,我偶然发现了问题:当我尝试使用已激活的帐户登录时,一切看起来都很好,但是当我尝试未激活的帐户时Account is not activated,我得到:


{

    "non_field_errors": [

        "Unable to log in with provided credentials."

    ]

}

我认为,与其说是序列化程序,不如说是来自视图。


烙印99
浏览 206回答 1
1回答

一只名叫tom的猫

好的,多亏了 Shafikur Rahman 的建议,我才能让它发挥作用。在我尝试调试它pdb并在里面设置跟踪LoginUserSerializer但没有发生任何事情之后,我意识到在我的视图中我不是指向我编写的序列化程序,而是指向AuthTokenSerializer. 即使在那之后它仍然不起作用,因为我对 djangologin()和 DRF 的validate()工作原理缺乏了解。以下固定代码供参考:看法:class LoginUserView(LoginView):    serializer_class = LoginUserSerializer    permission_classes = [AllowAny]    def post(self, request, *args, **kwargs):        serializer = LoginUserSerializer(data=request.data)  # changed  to desired serializer        serializer.is_valid(raise_exception=True)        user = serializer.validated_data['user']        login(request, user)        return super(LoginUserView, self).post(request)和序列化器:class LoginUserSerializer(serializers.ModelSerializer):    username = serializers.CharField()  # added missing fields for serializer    password = serializers.CharField()    class Meta:        model = UserModel        fields = ('username', 'password')    def validate(self, data):        user = authenticate(**data)        if user:            if user.is_active:                data['user'] = user  # added user model to OrderedDict that serializer is validating                return data  # and in sunny day scenario, return this dict, as everything is fine            raise exceptions.AuthenticationFailed('Account is not activated')        raise exceptions.AuthenticationFailed()另外为了authenticate()不能激活用户,我不得不添加AUTHENTICATION_BACKENDS = [    'django.contrib.auth.backends.AllowAllUsersModelBackend']在项目设置中。
0
随时随地看视频慕课网APP

相关分类

Python
我要回答