Django框架中的用户认证的实现

jieforest · 发表于 2012-12-19 15:18

login_required() also takes an optional login_url parameter. Example:

from django.contrib.auth.decorators import login_required
@login_required(login_url='/accounts/login/')
def my_view(request):
...

复制代码

Note that if you don't specify the login_url parameter, you'll need to map the appropriate Django view to settings.LOGIN_URL. For example, using the defaults, add the following line to your URLconf:

(r'^accounts/login/Changed in Django 1.5: Please see the release notes
As of version 1.5 settings.LOGIN_URL now also accepts view function names and named URL patterns. This allows you to freely remap your login view within your URLconf without having to update the setting., 'django.contrib.auth.views.login'),

复制代码

Changed in Django 1.5: Please see the release notes

As of version 1.5 settings.LOGIN_URL now also accepts view function names and named URL patterns. This allows you to freely remap your login view within your URLconf without having to update the setting.

jieforest · 发表于 2012-12-19 15:21

views.login(request[, template_name, redirect_field_name, authentication_form])

URL name: login

See the URL documentation for details on using named URL patterns.

Here's what django.contrib.auth.views.login does:

If called via GET, it displays a login form that POSTs to the same URL. More on this in a bit.

If called via POST, it tries to log the user in. If login is successful, the view redirects to the URL specified in next. If nextisn't provided, it redirects to settings.LOGIN_REDIRECT_URL (which defaults to /accounts/profile/). If login isn't successful, it redisplays the login form.

It's your responsibility to provide the login form in a template called registration/login.html by default. This template gets passed four template context variables:

form: A Form object representing the login form. See the forms documentation for more on Form objects.

next: The URL to redirect to after successful login. This may contain a query string, too.

site: The current Site, according to the SITE_ID setting. If you don't have the site framework installed, this will be set to an instance of RequestSite, which derives the site name and domain from the current HttpRequest.

site_name: An alias for site.name. If you don't have the site framework installed, this will be set to the value ofrequest.META['SERVER_NAME']. For more on sites, see The "sites" framework.

If you'd prefer not to call the template registration/login.html, you can pass the template_name parameter via the extra arguments to the view in your URLconf. For example, this URLconf line would use myapp/login.html instead:

(r'^accounts/login/, 'django.contrib.auth.views.login', {'template_name': 'myapp/login.html'}),

复制代码

jieforest · 发表于 2012-12-20 21:08

本帖最后由 jieforest 于 2012-12-20 21:10 编辑

You can also specify the name of the GET field which contains the URL to redirect to after login by passing redirect_field_nameto the view. By default, the field is called next.

Here's a sample registration/login.html template you can use as a starting point. It assumes you have a base.html template that defines a content block:

{% extends "base.html" %}
{% block content %}
{% if form.errors %}
<p>Your username and password didn't match. Please try again.</p>
{% endif %}
<form method="post" action="{% url 'django.contrib.auth.views.login' %}">
{% csrf_token %}
<table>
<tr>
<td>{{ form.username.label_tag }}</td>
<td>{{ form.username }}</td>
</tr>
<tr>
<td>{{ form.password.label_tag }}</td>
<td>{{ form.password }}</td>
</tr>
</table>
<input type="submit" value="login" />
<input type="hidden" name="next" value="{{ next }}" />
</form>
{% endblock %}

复制代码

jieforest · 发表于 2012-12-20 21:11

If you are using alternate authentication (see Other authentication sources) you can pass a custom authentication form to the login view via the authentication_form parameter. This form must accept a request keyword argument in its __init__method, and provide a get_user method which returns the authenticated user object (this method is only ever called after successful form validation).

New in Django 1.4: Please see the release notes

The login() view and the Other built-in views now all return a TemplateResponse instance, which allows you to easily customize the response data before rendering. For more details, see the TemplateResponse documentation.

Other built-in views

In addition to the login() view, the authentication system includes a few other useful built-in views located in django.contrib.auth.views:

logout(request[, next_page, template_name, redirect_field_name])

Logs a user out.

URL name: logout

See the URL documentation for details on using named URL patterns.

Optional arguments:

next_page: The URL to redirect to after logout.

template_name: The full name of a template to display after logging the user out. Defaults to registration/logged_out.html if no argument is supplied.

redirect_field_name: The name of a GET field containing the URL to redirect to after log out. Overrides next_page if the givenGET parameter is passed.

Template context:

title: The string "Logged out", localized.

site: The current Site, according to the SITE_ID setting. If you don't have the site framework installed, this will be set to an instance of RequestSite, which derives the site name and domain from the current HttpRequest.

site_name: An alias for site.name. If you don't have the site framework installed, this will be set to the value ofrequest.META['SERVER_NAME']. For more on sites, see The "sites" framework.

jieforest · 发表于 2012-12-20 21:12

logout_then_login(request[, login_url])

Logs a user out, then redirects to the login page.

URL name: No default URL provided

Optional arguments:

login_url: The URL of the login page to redirect to. Defaults to settings.LOGIN_URL if not supplied.

password_change(request[, template_name, post_change_redirect, password_change_form])
Allows a user to change their password.

URL name: password_change

Optional arguments:

template_name: The full name of a template to use for displaying the password change form. Defaults to registration/password_change_form.html if not supplied.

post_change_redirect: The URL to redirect to after a successful password change.

password_change_form: A custom "change password" form which must accept a user keyword argument. The form is responsible for actually changing the user's password. Defaults to PasswordChangeForm.

Template context:

form: The password change form (see password_change_form above).

jieforest · 发表于 2012-12-20 21:13

password_change_done(request[, template_name])

The page shown after a user has changed their password.

URL name: password_change_done

Optional arguments:

template_name: The full name of a template to use. Defaults to registration/password_change_done.html if not supplied.

password_reset(request[, is_admin_site, template_name, email_template_name, password_reset_form,token_generator, post_reset_redirect, from_email])

Allows a user to reset their password by generating a one-time use link that can be used to reset the password, and sending that link to the user's registered email address.

Changed in Django 1.4: Users flagged with an unusable password (see set_unusable_password() will not be able to request a password reset to prevent misuse when using an external authentication source like LDAP.

URL name: password_reset

Optional arguments:

template_name: The full name of a template to use for displaying the password reset form. Defaults to registration/password_reset_form.html if not supplied.

email_template_name: The full name of a template to use for generating the email with the reset password link. Defaults to registration/password_reset_email.html if not supplied.

subject_template_name: The full name of a template to use for the subject of the email with the reset password link. Defaults to registration/password_reset_subject.txt if not supplied.

New in Django 1.4: Please see the release notes

password_reset_form: Form that will be used to get the email of the user to reset the password for. Defaults to PasswordResetForm.

jieforest · 发表于 2012-12-20 21:14

token_generator: Instance of the class to check the one time link. This will default to default_token_generator, it's an instance of django.contrib.auth.tokens.PasswordResetTokenGenerator.

post_reset_redirect: The URL to redirect to after a successful password reset request.

from_email: A valid email address. By default Django uses the DEFAULT_FROM_EMAIL.

Template context:

form: The form (see password_reset_form above) for resetting the user's password.

Email template context:

email: An alias for user.email

user: The current User, according to the email form field. Only active users are able to reset their passwords (User.is_active is True).
site_name: An alias for site.name. If you don't have the site framework installed, this will be set to the value of request.META['SERVER_NAME']. For more on sites, see The "sites" framework.

domain: An alias for site.domain. If you don't have the site framework installed, this will be set to the value ofrequest.get_host().

protocol: http or https

uid: The user's id encoded in base 36.

token: Token to check that the reset link is valid.

jieforest · 发表于 2012-12-21 22:29

Sample registration/password_reset_email.html (email body template):

Someone asked for password reset for email {{ email }}. Follow the link below:
{{ protocol}}://{{ domain }}{% url 'password_reset_confirm' uidb36=uid token=token %}

复制代码

The same template context is used for subject template. Subject must be single line plain text string.

password_reset_done(request[, template_name])

The page shown after a user has been emailed a link to reset their password. This view is called by default if thepassword_reset() view doesn't have an explicit post_reset_redirect URL set.

URL name: password_reset_done

Optional arguments:

template_name: The full name of a template to use. Defaults to registration/password_reset_done.html if not supplied.

jieforest · 发表于 2012-12-21 22:30

password_reset_confirm(request[, uidb36, token, template_name, token_generator, set_password_form,post_reset_redirect])
Presents a form for entering a new password.

URL name: password_reset_confirm

Optional arguments:

uidb36: The user's id encoded in base 36. Defaults to None.

token: Token to check that the password is valid. Defaults to None.

template_name: The full name of a template to display the confirm password view. Default value isregistration/password_reset_confirm.html.

token_generator: Instance of the class to check the password. This will default to default_token_generator, it's an instance of django.contrib.auth.tokens.PasswordResetTokenGenerator.

set_password_form: Form that will be used to set the password. Defaults to SetPasswordForm

post_reset_redirect: URL to redirect after the password reset done. Defaults to None.

Template context:

form: The form (see set_password_form above) for setting the new user's password.

validlink: Boolean, True if the link (combination of uidb36 and token) is valid or unused yet.

jieforest · 发表于 2012-12-21 22:30

password_reset_complete(request[, template_name])

Presents a view which informs the user that the password has been successfully changed.

URL name: password_reset_complete

Optional arguments:

template_name: The full name of a template to display the view. Defaults to registration/password_reset_complete.html.

Helper functions

redirect_to_login(next[, login_url, redirect_field_name])

Redirects to the login page, and then back to another URL after a successful login.

Required arguments:

next: The URL to redirect to after a successful login.

Optional arguments:

login_url: The URL of the login page to redirect to. Defaults to settings.LOGIN_URL if not supplied.

redirect_field_name: The name of a GET field containing the URL to redirect to after log out. Overrides next if the given GETparameter is passed.