创建自定义身份验证

2024-10-04 07:31:33 发布

您现在位置:Python中文网/ 问答频道 /正文
9096 3

我正在把一个数据库转移到一个新的项目中,更确切地说是用户。 不要问我为什么,但是旧数据库中的密码是用md5散列的,然后用sha256散列的。你知道吗

我正在使用django rest auth来管理登录。你知道吗

url(r'^api/rest-auth/', include('rest_auth.urls')),

我添加了一个自定义身份验证方法:

REST_FRAMEWORK = {
  'DEFAULT_AUTHENTICATION_CLASSES': (
     'users.auth.OldCustomAuthentication',
     'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
  )
}

这是我的身份验证文件:

class OldCustomAuthentication(BaseAuthentication):
    def authenticate(self, request):
        try:
            password = request.POST['password']
            email = request.POST['email']
        except MultiValueDictKeyError:
            return None

        if not password or not email:
            return None

        password = hashlib.md5(password.encode())
        password = hashlib.sha256(password.hexdigest().encode())

        try:
            user = User.objects.get(email=email, password=password.hexdigest())
        except User.DoesNotExist:
            return None

        # User is found every time
        print('FOUND USER', user)
        return user, None

但是当我请求http://apiUrl/rest-auth/login/时仍然会出错:

{
    "non_field_errors": [
        "Unable to log in with provided credentials."
    ]
}

你知道吗?或者我做得不对。你知道吗

先谢谢你。你知道吗

杰里米。你知道吗


Tags: noneauth身份验证rest数据库returnemailrequest
1条回答
网友
1楼 · 发布于 2024-10-04 07:31:33

遵照@MrName的建议,我设法解决了我的问题。你知道吗

因此,我删除了设置中的默认\u身份验证\u类,并添加了以下内容:

 REST_AUTH_SERIALIZERS = {
    'LOGIN_SERIALIZER': 'users.auth.LoginSerializer'
 }

然后,我复制粘贴了original serializer,并修改了函数“验证电子邮件”:

def _validate_email(self, email, password):
    user = None

    if email and password:
        user = self.authenticate(email=email, password=password)

        # TODO: REMOVE ONCE ALL USERS HAVE BEEN TRANSFERED TO THE NEW SYSTEM
        if user is None:
            password_hashed = hashlib.md5(password.encode())
            password_hashed = hashlib.sha256(password_hashed.hexdigest().encode())
            try:
                user = User.objects.get(email=email, password=password_hashed.hexdigest())
            except ObjectDoesNotExist:
                user = None
    else:
        msg = _('Must include "email" and "password".')
        raise exceptions.ValidationError(msg)

    return user

相关问题 更多 >

    编程相关推荐