django.contrib.auth 登錄註銷學習
備註: 內容基於django1.9版本html
auth模塊實現功能
經過入口url.py文件中定義的urlpatterns能夠看出,auth模塊共定義了8個url,分別用於:django
- 登陸
- 註銷
- 修改密碼
- 修改密碼完成
- 密碼重置
- 密碼重置完成
- 密碼重置驗證
- 密碼重置結束
from django.conf.urls import url
from django.contrib.auth import views
# urlpatterns直接是一個list便可
urlpatterns = [
url(r'^login/$', views.login, name='login'),
url(r'^logout/$', views.logout, name='logout'),
url(r'^password_change/$', views.password_change, name='password_change'),
url(r'^password_change/done/$', views.password_change_done, name='password_change_done'),
url(r'^password_reset/$', views.password_reset, name='password_reset'),
url(r'^password_reset/done/$', views.password_reset_done, name='password_reset_done'),
url(r'^reset/(?P<uidb64>[0-9A-Za-z_\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$',
views.password_reset_confirm, name='password_reset_confirm'),
url(r'^reset/done/$', views.password_reset_complete, name='password_reset_complete'),
]
如下僅對登錄, 註銷進行了學習.session
login 登陸
def login(request, template_name='registration/login.html',
redirect_field_name=REDIRECT_FIELD_NAME,
authentication_form=AuthenticationForm,
extra_context=None):
"""
Displays the login form and handles the login action.
"""
redirect_to = request.POST.get(redirect_field_name,
request.GET.get(redirect_field_name, ''))
if request.method == "POST":
form = authentication_form(request, data=request.POST)
if form.is_valid():
# Ensure the user-originating redirection url is safe.
if not is_safe_url(url=redirect_to, host=request.get_host()):
redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)
# Okay, security check complete. Log the user in.
auth_login(request, form.get_user())
return HttpResponseRedirect(redirect_to)
else:
form = authentication_form(request)
current_site = get_current_site(request)
context = {
'form': form,
redirect_field_name: redirect_to,
'site': current_site,
'site_name': current_site.name,
}
if extra_context is not None:
context.update(extra_context)
return TemplateResponse(request, template_name, context)
登陸處理視圖函數依據功能分爲:app
- 展現登陸頁面供用戶提供認證信息進行登陸操做(
request.method == "GET") - 對用戶提交的認證信息進行認證,並作出相應反映(
request.method == "POST")
request.method == "GET"
- 實例化一個
authentication_form實例(經過傳入request將request綁定到form實例上),供用戶輸入認證信息 - 獲取站點信息,供頁面顯示
- 生成
context,並使用關鍵詞參數extra_context進行拓展 - 返回頁面(
TemplateResponse)
此場景處理邏輯較簡單ide
request.method == "POST"
- 經過獲取到的用戶數據(request.POST)實例化authentication_form
- 判斷用戶輸入數據是否有效合理(檢查是否有輸入傳入;而且調用full_clean方法來進行驗證)。默認的AuthenticationForm中的clean方法中會調用
django.contrib.auth.authenticate方法對用戶提供的認證信息進行校驗。而authenticate方法會遍歷settings中定義的AUTHENTICATION_BACKENDS模塊,並調用模塊的authenticate方法進行認證,直到成功,不然出發user_login_failed singnal - 調用
django.contrib.auth.login方法使得用戶登陸成功,並返回HttpResponseRedirect響應,重定向到redirect_field_name指向地址。
step2 form.is_valid()調用過程
# django.forms.forms.py
class BaseForm(object):
....
@property
def errors(self):
"Returns an ErrorDict for the data provided for the form"
if self._errors is None:
self.full_clean()
return self._errors
def is_valid(self):
"""
Returns True if the form has no errors. Otherwise, False. If errors are
being ignored, returns False.
"""
return self.is_bound and not self.errors
def full_clean(self):
"""
Cleans all of self.data and populates self._errors and
self.cleaned_data.
"""
self._errors = ErrorDict()
if not self.is_bound: # Stop further processing.
return
self.cleaned_data = {}
# If the form is permitted to be empty, and none of the form data has
# changed from the initial data, short circuit any validation.
if self.empty_permitted and not self.has_changed():
return
self._clean_fields()
self._clean_form()
self._post_clean()
def _clean_fields(self):
for name, field in self.fields.items():
# value_from_datadict() gets the data from the data dictionaries.
# Each widget type knows how to retrieve its own data, because some
# widgets split data over several HTML fields.
if field.disabled:
value = self.initial.get(name, field.initial)
else:
value = field.widget.value_from_datadict(self.data, self.files, self.add_prefix(name))
try:
if isinstance(field, FileField):
initial = self.initial.get(name, field.initial)
value = field.clean(value, initial)
else:
value = field.clean(value)
self.cleaned_data[name] = value
## 若是有clean_filedname方法的話,調用之
if hasattr(self, 'clean_%s' % name):
value = getattr(self, 'clean_%s' % name)()
self.cleaned_data[name] = value
except ValidationError as e:
self.add_error(name, e)
def _clean_form(self):
try:
cleaned_data = self.clean()
except ValidationError as e:
self.add_error(None, e)
else:
if cleaned_data is not None:
self.cleaned_data = cleaned_data
def _post_clean(self):
"""
An internal hook for performing additional cleaning after form cleaning
is complete. Used for model validation in model forms.
"""
pass
step2 django.contrib.auth.authenticate方法
def load_backend(path):
return import_string(path)()
def _get_backends(return_tuples=False):
backends = []
for backend_path in settings.AUTHENTICATION_BACKENDS:
backend = load_backend(backend_path)
backends.append((backend, backend_path) if return_tuples else backend)
if not backends:
raise ImproperlyConfigured(
'No authentication backends have been defined. Does '
'AUTHENTICATION_BACKENDS contain anything?'
)
return backends
def authenticate(**credentials):
"""
If the given credentials are valid, return a User object.
"""
for backend, backend_path in _get_backends(return_tuples=True):
try:
inspect.getcallargs(backend.authenticate, **credentials)
except TypeError:
# This backend doesn't accept these credentials as arguments. Try the next one.
continue
try:
user = backend.authenticate(**credentials)
except PermissionDenied:
# This backend says to stop in our tracks - this user should not be allowed in at all.
return None
if user is None:
continue
# Annotate the user object with the path of the backend.
user.backend = backend_path
return user
# The credentials supplied are invalid to all backends, fire signal
user_login_failed.send(sender=__name__,
credentials=_clean_credentials(credentials))
step3 django.contrib.auth.login方法
1. request.user = user
2. 觸發user_logged_in singnal
def login(request, user):
"""
Persist a user id and a backend in the request. This way a user doesn't
have to reauthenticate on every request. Note that data set during
the anonymous session is retained when the user logs in.
"""
session_auth_hash = ''
if user is None:
user = request.user
if hasattr(user, 'get_session_auth_hash'):
session_auth_hash = user.get_session_auth_hash()
if SESSION_KEY in request.session:
if _get_user_session_key(request) != user.pk or (
session_auth_hash and
request.session.get(HASH_SESSION_KEY) != session_auth_hash):
# To avoid reusing another user's session, create a new, empty
# session if the existing session corresponds to a different
# authenticated user.
request.session.flush()
else:
request.session.cycle_key()
request.session[SESSION_KEY] = user._meta.pk.value_to_string(user)
request.session[BACKEND_SESSION_KEY] = user.backend
request.session[HASH_SESSION_KEY] = session_auth_hash
if hasattr(request, 'user'):
request.user = user
rotate_token(request)
user_logged_in.send(sender=user.__class__, request=request, user=user)
```
## logout 註銷
```
@deprecate_current_app
def logout(request, next_page=None,
template_name='registration/logged_out.html',
redirect_field_name=REDIRECT_FIELD_NAME,
extra_context=None):
"""
Logs out the user and displays 'You are logged out' message.
"""
auth_logout(request)
if next_page is not None:
next_page = resolve_url(next_page)
if (redirect_field_name in request.POST or
redirect_field_name in request.GET):
next_page = request.POST.get(redirect_field_name,
request.GET.get(redirect_field_name))
# Security check -- don't allow redirection to a different host.
if not is_safe_url(url=next_page, host=request.get_host()):
next_page = request.path
if next_page:
# Redirect to this page until the session has been cleared.
return HttpResponseRedirect(next_page)
current_site = get_current_site(request)
context = {
'site': current_site,
'site_name': current_site.name,
'title': _('Logged out')
}
if extra_context is not None:
context.update(extra_context)
return TemplateResponse(request, template_name, context)
實現了登出用戶,並跳轉到指定(next_page或者request.GET, request.POST中攜帶的redicted_field_name)頁面功能函數
登出用戶 django.contrib.auth.logout
1. 出發user_logged_out singnal
2. request.session.flush()
3. request.user = AnonymousUser() if hasattr(request, 'user')
def logout(request):
"""
Removes the authenticated user's ID from the request and flushes their
session data.
"""
# Dispatch the signal before the user is logged out so the receivers have a
# chance to find out *who* logged out.
user = getattr(request, 'user', None)
if hasattr(user, 'is_authenticated') and not user.is_authenticated():
user = None
user_logged_out.send(sender=user.__class__, request=request, user=user)
# remember language choice saved to session
language = request.session.get(LANGUAGE_SESSION_KEY)
request.session.flush()
if language is not None:
request.session[LANGUAGE_SESSION_KEY] = language
if hasattr(request, 'user'):
from django.contrib.auth.models import AnonymousUser
request.user = AnonymousUser()
相關文章
- 1. 註銷當前登錄
- 2. django18-登錄註冊
- 3. Linux開機、重啓、登錄、註銷
- 4. CAS的登錄和註銷原理
- 5. IOS 註銷到登錄頁面
- 6. spring security自定義登錄與註銷
- 7. Java註冊登錄學習筆記
- 8. 後臺學習五---登錄註冊
- 9. SpringBoot學習-用戶註冊登錄
- 10. django用戶登陸和註銷
- 更多相關文章...
- • 登錄MySQL數據庫 - MySQL教程
- • 您已經學習了 XML Schema,下一步學習什麼呢? - XML Schema 教程
- • Tomcat學習筆記(史上最全tomcat學習筆記)
- • 適用於PHP初學者的學習線路和建議
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. 註銷當前登錄
- 2. django18-登錄註冊
- 3. Linux開機、重啓、登錄、註銷
- 4. CAS的登錄和註銷原理
- 5. IOS 註銷到登錄頁面
- 6. spring security自定義登錄與註銷
- 7. Java註冊登錄學習筆記
- 8. 後臺學習五---登錄註冊
- 9. SpringBoot學習-用戶註冊登錄
- 10. django用戶登陸和註銷